T1 connection security, remote access

budgey

OSNN Newbie
Joined
1 Jul 2007
Messages
4
I have a small business that's about to get a T1 internet connection for phone and internet. The the ISP/phone company that we're using is installing an adtran 8T(?) to connect this at the Dmarc which will connect our phone and serve as a router four our network. I'll be connecting this to our 8 port hub for our small 3-4 XP computer workgroup. I've asked for only 1 IP address for now.

My concern here is security. The Adtran will provide some security but is it enough? I was thinking I could just use an old Gateway pc (500mhz) add another NIC and install Smoothwall www.smoothwall.org as additional security.

Our plans are to remotely access business info and have real time access to our surveilance cameras'.

Am I overlooking a lot here? Is a server necessary? Any 3rd party suggestions as far as how to access?
I just realized if we use remote desktop we have to be using XP Pro from the remote PC.
Is this possible with Smoothwall? (for anyone who may know about this)
Web based access would be better for some of our users.

Thanks in advance for anything you have to offer.
Budgey
 

Tarun

https://www.lunarsoft.net
Joined
10 Jul 2007
Messages
91
Have you considering simply buying a hardware firewall to place between the Internet connection and the router?
 

LeeJend

OSNN Veteran Addict
Joined
25 Jan 2003
Messages
5,291
A 500 Mhz gateway will choke the throughput of your connection, especially if you want video over it. Your router will provide a HW firewall because of the NAT. Just make sure DMZ is turned off, the port forwarding is limited and a secure password (8-10 digits letters, cap's, numbers and punctuation) is installed on the router and all the computers.

You should also have a software firewall on each PC (a real one not windows firewall, it is outbound only and essentially useless) as well as an antivirus and adware protection suite. You will run into problems running some applications remotely or through a firewall with the protection up.

What you really need is VPN for your remote access.
 

Steevo

Spammer representing.
Political Access
Joined
1 Sep 2004
Messages
2,566
Or get a sonicwall. VPN and monitorable hardware firewall hat you can ban ranges of IP's as well as many other advanced options.
 

Tarun

https://www.lunarsoft.net
Joined
10 Jul 2007
Messages
91
A routers integrated firewall may be nice, but it should not be relied upon to be a full fledged firewall. A separate firewall between the Internet and the router will be the most beneficial.
 

Steevo

Spammer representing.
Political Access
Joined
1 Sep 2004
Messages
2,566
Packet sniffer on some traffic and you would have the internal IP, and be able to build packets that were for fake connections, thus getting into the internal network. After that it is only time until you can find some weakness to exploit.
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
for a dedicated internet line like a T1 I'd put a full on OpenBSD/FreeBSD server with Pf packet filter to screen traffic.
 

Members online

No members online now.

Latest profile posts

hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!

Forum statistics

Threads
61,999
Messages
673,425
Members
5,593
Latest member
moussa021