RE: Protecting Multiple Public IP Workstations

["Mike" <mike () superiorholidayadventures ca>]

> Hey Everyone :)

Hey Matt!

> We've got a client who (for various reasons) has a network (that's
> currently p2p), and all the workstations (6) have public IP addresses.
> It's a windows network (mixed 98 and 2000), and we're putting in a new
> server (win2k) Just wondering how to best protect this network?

First get these off the network and look for backdoors.  Do you
currently have any sort of fw installed on these?  As well as a
anti-virus program?  How current are the patches for these computers?

> My two thoughts are:
>
> 1) To use firewalls at the client level (don't like this idea)

It's a good start, but not recommended.

> 2) To use RRAS on the server, and have the server route all the public
> IP's through it first, and then run some sort of firewall on the
server.

I wouldn't recommend that either.  I very much dislike the idea of
attaching a server (especially, since it holds corporate data) directly
to the internet.  Get one of those cheap internet sharing routers, or
turn an older workstation into a firewall (w/linux or a bsd).  If you
choose the latter, you can even do traffic shaping.

Mike Fetherston

---------------------------------------------------------------------------
----------------------------------------------------------------------------