General discussion

Locked

Small Network Setup & Security

By 3Dad ·
I have been mostly desktop support, but it has been determined that I should now take on more tasks on our small business network. I need to research and determine the best security configuration, and part if it I believe would be to disable unnecessary services. I figure Tech Republic would an ideal place to start. We recently purchased 2 new servers, 1 Small Business 2k3 & 1 MS Exchange. We also have 2 existing servers both running Win2k Server, 1 DHCP & one to run M2m enterprise software. The existing DHCP Server will brought offline to be used as a test machine, so we will have 1 Win 2k3 DHCP Server, 1 Exchange Server, and one Win2k Server for the M2m enterprise software. We also have 17 workstations, Win98, 2k Pro, & XP Pro, 12 used more heavily than the others. Any information or recommendations to lead me in the right direction is greatly appreciated.

Best Regards

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Small Network Setup & Sec ...

steps for hardening your os's can also be found at www.cert.org
1) physically secure the servers (locked room)
2) all boxes have anti-virus at mail server level, mail client level, system level, kept current and used according to mfg recommendations
3) keep os's patched with latest sp's and critical updates
3) security depends on what you have 'exposed'. simplest security policy: nothing is permitted into network from outside (internet, ftp, telnet, dial up, remote control). we don't let the internet see us at all except thru proxy server and firewall

Collapse -

by CG IT In reply to Small Network Setup & Sec ...

here's some of the ports we block specifically at the router. 135 RPC, 139 NetBIOS, 445 Directory Service, 1433 SQL, 1434 SQL resolution, 3389 Terminal Services, 5000 uPnP. We also block IGMP, PING at the router. We further have filters on the firewall for the standard crap hackers use like Sync flood, DoS, so on and so forth. We also have a time filter on at the router so that inbound/outbound is blocked after certain hours. Period. No exceptions.

Collapse -

by jimmy In reply to Small Network Setup & Sec ...

Ok lets be asolutely clear about where you are going with your network first of all and also what components you actually have before you try getting into the security of it.

You say in the fourth line of your post that you purchased "1 Small Business 2k3 & 1 MS Exchange"

I want to be absolutley sure it is Windows Small business server 2k as this would make a great deal of difference. I also take it you are saying that it comes with Service Pack3.

What i am not sure of however is the fact that you say "you purchased an MS Exchange server" is this a physical server you are talking about with MS Exchange on it or are you saying you have purchased MS Exchange server software?

The reason i ask is Microsoft Small business server comes on 3 CD Rom disks. On the 3 disks MS small Biz server is bundled With MS Exchange and some other software called ISA (Internet Security Accelerator) and SQL.
This is the reason Small Business Server costs more that Windows2k server.

(ISA is Microsofts Web proxy, firewall and packet filtering Software). This would be where you would first and foremost start looking at the securiing & locking down your server if the server will be able to access the Interent.
--All of these applications SHOULD only be installed on the Small biz server otherwise you would be breaching license agreements--.

If you are saying that you have purchased
an additinal physical server with Exchange server on it and you are not going to use MS Exchange that comes on the Small business server disks is this to lighten the load on the small business 2k server? Just Curious...

I am taking it what you have is as follows.

Network at present
------------------
1 Win2k server (PDC) acting as DHCP server
1 Win2k server running M2m Enterprisee Software
Both servers currently in use.

Is this a correct representation of what you have?

Proposed network
------------------
1 server running MS Small biz server2k acting as DHCP server
1 server

Collapse -

by romeroGT In reply to Small Network Setup & Sec ...

There is no "cookbook" for security, I recomend reading, and from sources who best knows the products. Microsoft has put a lot of platform specific guides, how-to's and articles in this theme.

Your job is to read and understand so you can apply the security you need (not allways top security is better...). If you are considering security an important issue, you must do something about Windows 9x workstations, upgrading to XP will allow you to use improved security policies that comes with wk3 server, please, read about Active Directory and Group Policies.

This is a list of MS Address where you will find what you might need.

Security landscape for Windows 2000
http://www.microsoft.com/technet/security/guidance/secmod133.mspx

Securing Wk3 Server:
http://www.microsoft.com/security/guidance/topics/ServerSecurity.mspx#XSLTfullModule123121120120

Desktop Security:
http://www.microsoft.com/security/guidance/topics/DesktopSecurity.mspx

Security How-to's from Microsoft:
http://www.microsoft.com/security/guidance/howto/default.mspx#XSLTfullModule124121120120

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums