Beginner needs security advice for Win 2008 and Dual Nic options (Diagrams available)
Hi all. Whilst I am very technical, I have only recently got around to configuring my home network with Windows 2008 Server at the heart and I am not sure quite how to secure it most effectively. The server is the heart of a development lab as I intend to make good use of the fantastic Hyper-V and my MAPS subscription for software. This will enable me to set up lab scenarios and access them from customer sites when selling.The server is not yet a domain controller, although I plan to deploy AD. It acts as DHCP and WINS server for my network which is split into a home and office environment. Clients in each network need to see each other's resources so I've selected a single IP address range for inside the network. 192.168.1.xI have also configured Terminal Services Gateway to enable me to remote desktop and remote web app on to the server from a corporate LAN (over https). I have got this working, although I am not sure that it is as secure as it could be. NMap reports only a few open ports, but I'm not sure how secure those open ports actually are. They are 80, 443, 445, 523.Eventually, I'd like to host Exchange and other sites on the current IIS installation, but not until I'm certain that it's as secure as it can be.My router has a single IP address and I have disabled its firewall as all incoming ports are NAT'd to the Windows 2008 Server which is acting as a firewall. Ideally, I want it to also function as a NAT router, but I've not got that far in the config stage yet. This is so that I can remotely connect to my media collection that is stored on my NAS.Now, my main question is how can I make use of my server's spare 2nd NIC? I've never configured a dual nic system before so I am not sure of the best practices to follow. Can anyone offer some advice and guidance please?In summary, my set up is as shownas a visio diagram here.Very many thanks in advance for any advice that you can offer.Kind regardsPete
July 3rd, 2008 11:36pm

Hello, Please allow me to confirm that my understandings are correct. As I understand it, the issue is: You want to make use of the second NIC on the Windows Server 2008 and configure Windows Server 2008 as the NAT router for internal networks (both home and office environment). You want to get the best practice of implementing. If I have misunderstood your concerns please feel free to let me know. Suggestion : ============== This scenarios is just like the Window Small Business Server network connectivity surroundings. Please refer to: Figure To act the Window Server 2008 as the NAT router, you have to place it between the XDSL router and the internal network. One NIC is connected to the your private network and another connected to the router. As you disable the firewall on the router and NAT all ports to the Windows Server 2008, the server is places in the DMZ and expose itself on the Internet. You may need to configure services such as DNS and DHCP bindings to ensure security. For your reference: Configure NAT/Basic Firewall http://technet2.microsoft.com/windowsserver/en/library/8e151780-02db-455e-8c2c-2d515dd04fad1033.mspx Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2008 2:54pm

Hi,Yes. I want to use the Server to be the firewall to my network and to forward ports for specific applications to individual addresses.eg. Port 3389 / 443 to Terminal Services (running locally on the server). Port 9001 to my NAS which is running my media server. Port 80 to IIS, also running on the server that will host my domain name's web site.I am looking for the best practices for configuring the network to achieve this, but also to ensure maximum protection for directed attacks aginst my server.What I mean by that is: I want to ensure that when I configure the firewall in 2008, I can apply the rules in as secure a way as possible, and if that means having seperate NICs and IP ranges, then so be it, but I need help on understanding how this separation would look. Would I be creating a DMZ?Hopefully my diagram link above helps.Thanks for your helpPete.
July 8th, 2008 9:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics