T1 connection security, remote access

Discussion in 'Windows Desktop Systems' started by budgey, Jul 12, 2007.

  1. budgey

    budgey OSNN One Post Wonder

    Messages:
    4
    I have a small business that's about to get a T1 internet connection for phone and internet. The the ISP/phone company that we're using is installing an adtran 8T(?) to connect this at the Dmarc which will connect our phone and serve as a router four our network. I'll be connecting this to our 8 port hub for our small 3-4 XP computer workgroup. I've asked for only 1 IP address for now.

    My concern here is security. The Adtran will provide some security but is it enough? I was thinking I could just use an old Gateway pc (500mhz) add another NIC and install Smoothwall www.smoothwall.org as additional security.

    Our plans are to remotely access business info and have real time access to our surveilance cameras'.

    Am I overlooking a lot here? Is a server necessary? Any 3rd party suggestions as far as how to access?
    I just realized if we use remote desktop we have to be using XP Pro from the remote PC.
    Is this possible with Smoothwall? (for anyone who may know about this)
    Web based access would be better for some of our users.

    Thanks in advance for anything you have to offer.
    Budgey
     
  2. Tarun

    Tarun www.lunarsoft.net

    Messages:
    90
    Have you considering simply buying a hardware firewall to place between the Internet connection and the router?
     
  3. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    A 500 Mhz gateway will choke the throughput of your connection, especially if you want video over it. Your router will provide a HW firewall because of the NAT. Just make sure DMZ is turned off, the port forwarding is limited and a secure password (8-10 digits letters, cap's, numbers and punctuation) is installed on the router and all the computers.

    You should also have a software firewall on each PC (a real one not windows firewall, it is outbound only and essentially useless) as well as an antivirus and adware protection suite. You will run into problems running some applications remotely or through a firewall with the protection up.

    What you really need is VPN for your remote access.
     
  4. Steevo

    Steevo Spammer representing. Political User Folding Team

    Messages:
    2,566
    Or get a sonicwall. VPN and monitorable hardware firewall hat you can ban ranges of IP's as well as many other advanced options.
     
  5. Tarun

    Tarun www.lunarsoft.net

    Messages:
    90
    A routers integrated firewall may be nice, but it should not be relied upon to be a full fledged firewall. A separate firewall between the Internet and the router will be the most beneficial.
     
  6. Steevo

    Steevo Spammer representing. Political User Folding Team

    Messages:
    2,566
    Packet sniffer on some traffic and you would have the internal IP, and be able to build packets that were for fake connections, thus getting into the internal network. After that it is only time until you can find some weakness to exploit.
     
  7. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    for a dedicated internet line like a T1 I'd put a full on OpenBSD/FreeBSD server with Pf packet filter to screen traffic.