I'm looking to get a professional guy in to assess our security. The router and ISA server has not been touched since the system was put in place. I would like to make it more secure because I don't beleive we have any DMZ in place.
I figured the router could have a 192. ip to the ISA and then everything the otherside of the ISA would use the 10. range. Is this correct?
As it is, the router is a 10.x.x.1 but im not sure if we are allowed to touch it? It was all configured by EMBC at the time.
We have no backup if the router goes down. I've started a CCNA course and understand most of it, but do not feel confident touching live equipment.
Would EMBC/synetix be responsible or is that how most schools are setup?
Please advice me on what direction I should take?
EMBC/Synetrix maintain your router and no you can't change its IP or it'll probably explode. - They will replace the router should it fail etc and part of the deal is that the end user (you and I) won't touch the router and credentials aren't provided for it.
As for your internal assignment, we (as an embc school) stuck with their original /22 and will re-address when the time comes that we need more IPs.
Which LA are you in? If Northants, there's plenty of us around if you want a chat about it.
If you just want to talk security, feel free to drop me a line - I promise not to try and sell you a SmoothWall ;) - seriuosly, happy to just throw some ideas around if you want.
It's always pleasing to see suppliers offering their expertise without forcing a product down your throat.
Good man Tom.
If you have a look in the EMBC technical library you will find the Standard Network Build. It has instructions in there about using ISA boxes.
Kim is right, the router is configured to EMBC requirement and cannot be touched by school staff. This is to prevent the EMBC wide address space being b0rked by someone fiddling ... heck, under the previous contract Kingston were given three different ranges to set up for my connection, each of them a supposed temporary one for testing ... each of them in active use a 'permanent' ... that has been ironed out now (actually sorted before the new contract) and we *really* don't want to get to that point again.