Wired & Wireless Securing

[Samson]

Howdy.

I had a server which was connected to both our Curriculum and Admin networks to supply services such as internal mail etc to machines on both networks.

When the LEA IT Depo found this out they went ape, and I was told to disconnect it from one of the networks due to security risks.

Can anyone reccomend any firewall software which (preferably free too) contains the ability to selectively allow only certain ports per connection, so I can allow 80 for http (webmail) access and windows file sharing.

The server is running Win2k as we currently have no spare XP licences, but will be upgraded to XP wthin the next 6 months.

[Ric_]

Usual suspects should do the job - Smoothwall, IPCop, Endian...

[sLiDeR]

Sophos is good!...Not free though!

[Geoff]

I dislike software firewalls on principle.

[DMcCoy]

I dislike software firewalls on principle.

You will hate mine

Its Shorewall

On a VM

On a VLAN

[User3204]

Your LEA are mad people ! Next time, don't tell them anything.

Install Zonealarm from www.zonealarm.com, and tell them there is a firewall.

Do you get your internet connection through them ?
'Cause if you do, and it is one connection, then they've just introduced the same security risk that they're complaining about.


... no, I still don't understand what they think is wrong with this ... but it means I'm not going to tell my LEA about any of my joint servers ...

[GrumbleDook]

Part of the problem is not that there are two networks going through one connection to the LA connection ... it is that some LAs and RBCs have the admin network go through a seperate VPN that is controlled at the edge router and within the core circuit. By putting the two networks together just using dual NICs it can cause a variety of issues. The other part is that the RBC may have a standard network build and things that fall outside of that and then go wrong will often not be fixed ... or they are fixed at extra cost (you get what you pay for with your connections nowadays .. often because the RBC or LA gets services with another supplier then they have to agree to certain things. Things that fall outside of these areas cost the LA / RBC more and someone has to pay.)

The best thing you can do is tell them what you want to do and get them to explain, in detail, why it is an issue. If they try and blag you off with something you can always tell them that it is because you are discussing it on here.

If you do have two separate networks you can always get traffic routed between the two networks at the router. It all depends on the kit used as a router.