T1 connection security, remote access

budgey · July 12th, 2007

I have a small business that's about to get a T1 internet connection for phone and internet. The the ISP/phone company that we're using is installing an adtran 8T(?) to connect this at the Dmarc which will connect our phone and serve as a router four our network. I'll be connecting this to our 8 port hub for our small 3-4 XP computer workgroup. I've asked for only 1 IP address for now.

My concern here is security. The Adtran will provide some security but is it enough? I was thinking I could just use an old Gateway pc (500mhz) add another NIC and install Smoothwall www.smoothwall.org as additional security.

Our plans are to remotely access business info and have real time access to our surveilance cameras'.

Am I overlooking a lot here? Is a server necessary? Any 3rd party suggestions as far as how to access?
I just realized if we use remote desktop we have to be using XP Pro from the remote PC.
Is this possible with Smoothwall? (for anyone who may know about this)
Web based access would be better for some of our users.

Thanks in advance for anything you have to offer.
Budgey

**Tarun** · July 12th, 2007

Have you considering simply buying a hardware firewall to place between the Internet connection and the router?

**LeeJend** · July 13th, 2007

A 500 Mhz gateway will choke the throughput of your connection, especially if you want video over it. Your router will provide a HW firewall because of the NAT. Just make sure DMZ is turned off, the port forwarding is limited and a secure password (8-10 digits letters, cap's, numbers and punctuation) is installed on the router and all the computers.

You should also have a software firewall on each PC (a real one not windows firewall, it is outbound only and essentially useless) as well as an antivirus and adware protection suite. You will run into problems running some applications remotely or through a firewall with the protection up.

What you really need is VPN for your remote access.

**Steevo** · July 13th, 2007

Or get a sonicwall. VPN and monitorable hardware firewall hat you can ban ranges of IP's as well as many other advanced options.

**Tarun** · July 13th, 2007

A routers integrated firewall may be nice, but it should not be relied upon to be a full fledged firewall. A separate firewall between the Internet and the router will be the most beneficial.

**Steevo** · July 13th, 2007

Packet sniffer on some traffic and you would have the internal IP, and be able to build packets that were for fake connections, thus getting into the internal network. After that it is only time until you can find some weakness to exploit.

**LordOfLA** · July 13th, 2007

for a dedicated internet line like a T1 I'd put a full on OpenBSD/FreeBSD server with Pf packet filter to screen traffic.

July 12th, 2007	Top \| #1
budgey OSNN Junior Addict Joined: July 2007 Posts: 4 Reputation: 0 Power: 0	T1 connection security, remote access I have a small business that's about to get a T1 internet connection for phone and internet. The the ISP/phone company that we're using is installing an adtran 8T(?) to connect this at the Dmarc which will connect our phone and serve as a router four our network. I'll be connecting this to our 8 port hub for our small 3-4 XP computer workgroup. I've asked for only 1 IP address for now. My concern here is security. The Adtran will provide some security but is it enough? I was thinking I could just use an old Gateway pc (500mhz) add another NIC and install Smoothwall www.smoothwall.org as additional security. Our plans are to remotely access business info and have real time access to our surveilance cameras'. Am I overlooking a lot here? Is a server necessary? Any 3rd party suggestions as far as how to access? I just realized if we use remote desktop we have to be using XP Pro from the remote PC. Is this possible with Smoothwall? (for anyone who may know about this) Web based access would be better for some of our users. Thanks in advance for anything you have to offer. Budgey

July 12th, 2007	Top \| #2
Tarun www.lunarsoft.net Joined: July 2007 Posts: 90 Reputation: 80 Power: 60	Re: T1 connection security, remote access Have you considering simply buying a hardware firewall to place between the Internet connection and the router? Anti-Malware Toolkit - http://www.lunarsoft.net - http://forums.lunarsoft.net

July 13th, 2007	Top \| #3
LeeJend OSNN Veteran Addict Joined: January 2003 Location: Fort Worth, TX Posts: 5,261 Reputation: 3386 Power: 199	Re: T1 connection security, remote access A 500 Mhz gateway will choke the throughput of your connection, especially if you want video over it. Your router will provide a HW firewall because of the NAT. Just make sure DMZ is turned off, the port forwarding is limited and a secure password (8-10 digits letters, cap's, numbers and punctuation) is installed on the router and all the computers. You should also have a software firewall on each PC (a real one not windows firewall, it is outbound only and essentially useless) as well as an antivirus and adware protection suite. You will run into problems running some applications remotely or through a firewall with the protection up. What you really need is VPN for your remote access. Thought for the new millenium: In a world without walls and fences, who needs Windows and Gates? - Open Office - Firefox - Thunderbird - Gimp -Ubuntu - Red Hat -

July 13th, 2007	Top \| #4
Steevo Spammer representing. Joined: September 2004 Posts: 2,566 Blog Entries: 2 Reputation: 1630 Power: 136	Re: T1 connection security, remote access Or get a sonicwall. VPN and monitorable hardware firewall hat you can ban ranges of IP's as well as many other advanced options. Meow. Equal oppertunity hater.

July 13th, 2007	Top \| #5
Tarun www.lunarsoft.net Joined: July 2007 Posts: 90 Reputation: 80 Power: 60	Re: T1 connection security, remote access A routers integrated firewall may be nice, but it should not be relied upon to be a full fledged firewall. A separate firewall between the Internet and the router will be the most beneficial. Anti-Malware Toolkit - http://www.lunarsoft.net - http://forums.lunarsoft.net

Latest News Posts

Latest Forum Posts

Latest Member Blogs

July 13th, 2007	Top \| #6
Steevo Spammer representing. Joined: September 2004 Posts: 2,566 Blog Entries: 2 Reputation: 1630 Power: 136	Re: T1 connection security, remote access Packet sniffer on some traffic and you would have the internal IP, and be able to build packets that were for fake connections, thus getting into the internal network. After that it is only time until you can find some weakness to exploit. Meow. Equal oppertunity hater.

July 13th, 2007	Top \| #7
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: T1 connection security, remote access for a dedicated internet line like a T1 I'd put a full on OpenBSD/FreeBSD server with Pf packet filter to screen traffic. If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
VPN Remote-ACcess	Eagle710	Windows Desktop Systems	0	December 4th, 2007 9:16pm
Remote Access Connection Manager Errors	madmatt	Windows Server Systems	4	October 1st, 2007 2:34pm
Remote Access Connection Manager	Guybrush	Windows Desktop Systems	14	December 31st, 2002 7:08pm
Remote Access Connection Manager (ICF & ICS) Problems! Please help!	m00stang	Windows Desktop Systems	2	October 22nd, 2002 3:07pm
Remote Access?	RagnaroK	Windows Desktop Systems	2	September 2nd, 2002 2:41am