Help.....................with hardening a Win 2000 gateway server

Dooooood... thanx a kazillion. Excellent stuff!

bitstream wrote in news: snipped-for-privacy@4ax.com:

There you go.

1) If you're like the rest, then you cannot implement it all. 2) Don't use a PFW solution on a NT based O/S with the machine as a getway. 3) Take note about the NAT router part. 4) Use a $20 NAT router as the gatway for the LAN and WAN to protect the O/S and services on the machines and avoid doing a direct connect to the Internet.

Duane :)

Actually, I have a Netgear router as my border device and I have a

3COM 3900 switch attached to the router. I'd like to put the Win2K server in between the router and the 3COM switch for network traffic monitoring. I'll install Sygate on the Win2K server for IP blocking.

There are some really good articles on Microsofts site about hardening a Windows 2000 server for a machine that has a public IP, but, you're not going to be able to use it for any other purpose (other than a hardened box as a firewall running a quality firewall solution).

What you really should be doing, provided that your network can handle port forwarding/NAT, is install a border device on the public IP and put your machines behind the border device.

So, you would have something like this:

PUBLIC INTERNET || BORDER DEVICE || Server Device, NIC 1 || Server running firewall/proxy/etc || Server Device, NIC 2 || LAN DEVICE (Switch) || All your computers

You could also bypass the server as the firewall and do the following:

PUBLIC INTERNET || BORDER DEVICE (NAT device or Firewall Appliance) || LAN DEVICE (Switch) || All your computers

bitstream wrote in news: snipped-for-privacy@4ax.com:

Well do it right and dump Sygate.

One doen't use a PFW solution trying to secure a server.

Duane :)

Oh, if you have the right Netgear router, then you could use this.

Duane :)