How To Securing My Server

[13Gigatons]

So far:
Use different Local IP address then Gateway. (10.x.x.x vs 192.168.x.x)
Use different subnet.
Use switch with VLAN separated. (First 4 ports for Local only)
No Gateway IP address.
No DNS server IP address.
Firewall.


Any other suggestions?


---

 

[EXCellR8]

VLANs are good. Might just recommend reverse proxy and/or packet sniffer.

Any wireless devices connecting to this?

 

[13Gigatons]

VLANs are good. Might just recommend reverse proxy and/or packet sniffer.

Any wireless devices connecting to this?

I have a wireless laptop. It connects directly to the Gateway. It grabs a 192.168.x.x IP address when necessary. I have the LAN disabled or just unplug the cable to be certain.

 

[sdifox]

Securing from what exactly?

 

[13Gigatons]

Securing from what exactly?

It doesn't need internet access so locking it down seemed a good idea. Only want it to be a local server.

 

[sdifox]

It doesn't need internet access so locking it down seemed a good idea. Only want it to be a local server.

What are you using as firewall?
VLAN should be good enough. ACL helps. Is your laptop the server? Not understanding the wifi part.

I guess it is just a file server?

 

[13Gigatons]

What are you using as firewall?
VLAN should be good enough. ACL helps. Is your laptop the server? Not understanding the wifi part.

I guess it is just a file server?

Server has LAN only which is connected to a gig switch. Sometimes I connect the laptop to the local network (via LAN) when transfering large files or running a backup.

 

[sdifox]

Server has LAN only which is connected to a gig switch. Sometimes I connect the laptop to the local network (via LAN) when transfering large files or running a backup.

Yeah what you are doing is good enough.