Help me secure a small business network...

[pelle]

I need help securing a small business network.

There are 6 systems (3 pcs & 3 mac), a snapserver and a unix server. At this time each has a static IP address.

The unix server is SCO Unix running an app via telnet that manages the company inventory and accounting. Both users in the company and out side the company access it.

The snapserver is serving a dual function. The webserver portion holds a small static html extranet page (company directory). And the fileserver portion is used for data storage and filesharing between mac & pcs.

I want to add a firewall. Normally, I would just make the pcs and macs use NAT & dynamic IPs and set the Unix box on the DMZ, but the snapserver creates a wrinkle to this plan.... and I have one more wrinkle.

The macs are serviced by a guy in another state. He connects to them via Timbuktu... I don't know if the dynamic IPs and NAT will interfere with the Timbuktu or what. Or if there's a way to set this up and still remain secure.

The firewall is the SonicWall Pro VX...

Can you give me any info or feedback on what I need to do or what to watch for?

Thanks.

 

[Goosemaster]

WEll first off, good luck with Sonicwall...I have always heard great things.....

ANother option might be using a pc as the firewall, letting you achieve personalizeed security.

I recommend SuSe Firewall on a CD or Smoothwall.org's Enterprise Flavor...


AS for telnet, I would suggest you move to SSH. SSH is very secure(generations aboce telnet) and still allows you do preform many tasks.

Good Luck

 

[Vegito]

I went to netscreen instead of sonic wall.. given that you need to buy support.. but I setup the netscreen in about 25 min and fine tunning the policies took another half to 1 hour.. I'm moving towards a bigger unit soon but I think netscreen is a little bit better than sonic walls..

 

[pelle]

Thanks for the replies...

Regardless of which firewall I use, what I need to know is how I should set this up.

Do I use private IPs for the pcs & macs?

Do I use static or dynamic addressing?

Say that we have a block of IPs in the 12.12.12.x range... is it possible to set up the systems behind the firewall with the 12.12.12.x IPs or do I have to use the private IPs like 10.1.1.x ?

 

[Vegito]

sorry I didn't go into detail..

router -> firewall -> internal network

the firewall can do NAT mode which is 12.12.12 into the private as you mentioned..
or route mode.. without NAT... which is what you wanted..

you can actually do like 1-64 for static and 65+ dynamic.. thats what I did..

 

[N11]

Regardless of which firewall I use, what I need to know is how I should set this up.

Do I use private IPs for the pcs & macs?

Do I use static or dynamic addressing?

Say that we have a block of IPs in the 12.12.12.x range... is it possible to set up the systems behind the firewall with the 12.12.12.x IPs or do I have to use the private IPs like 10.1.1.x ?


Private IPs for local workstations. You can route any subnet you'd like for private usage. Route the public addresses or route the private addresses it is really your choice.

Choice between static or dynamic. I'm always a fan of dynamically assigning ips in a local lan regardless of the size.

 

[PlatinumGold]

<< Regardless of which firewall I use, what I need to know is how I should set this up.

Do I use private IPs for the pcs & macs?

Do I use static or dynamic addressing?

Say that we have a block of IPs in the 12.12.12.x range... is it possible to set up the systems behind the firewall with the 12.12.12.x IPs or do I have to use the private IPs like 10.1.1.x ?
>>



i don't think i'm disagreeing w/ any one above, but if it were me, with 6 machines i'd go static internal ip's.

 

[pelle]

<< route mode.. without NAT... which is what you wanted >>



Can someone explain this to me... or point me to a site or FAQ?

Thx