Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is external firewall required for a small business?

Status
Not open for further replies.
edmund1978

edmund1978

Programmer
Jan 25, 2001
58
0
0
GB
Using small business server, I am able to use ISA and IIS on my network. For a small business is this sufficient security. Is there any need to buy an external hardware firewall?
 
Sort by date Sort by votes
Personally, I'm not big on using ISA as the only firewall on the network. It has some decent rules you can set up for packet filtering, but I'm not that impressed (This is just my opinion though).

I don't think its good practice to run your firewall on the same machine as all your data. Especially if said machine is running IIS.

My advice? Get a seperate firewall (hardware or software) to run in front of your server. You can look into Cisco PIX or Cyberguard ( for some nice hardware solutions.
 
Upvote 0 Downvote
Don't use ISA with IIS unless you absolutely have to. Microsoft themselves recommend that ISA and IIS not be installed together as your single firewall. ISA works best as a security solution by installing in Firewall mode only. Then, make ISA a member of it's own workgroup/domain. Workgroup preferred because a Win2k domain will now require DNS and more services to run that will create more vectors of attack....

ISA in it's own workgroup as a standalone. No need for IIS unless you want SMTP services on ISA to allow SMTP filtering to Exchange server, otherwise, keep your firewall clean. Unfortunately for you, I don't think small business server will allow you to run it once it detects another domain. You may have to stick with a hardware solution as a firewall solution.

Many solutions out there, Symantec, Nokia, Smoothwall, IPCOP, Watchguard, Firewall-1 and many more. Best to select an industry standard that simply has room for growth and can cover your future plans. Make sure that you will understand their technology otherwise it'll be a money pit.

Good luck

EC
 
Upvote 0 Downvote
Hey,

Just thought I'd let anyone who is still reading this thread some info about Small Business Server. EVERYING has to be installed on the same machine. Win2k, SQL server, ISA, IIS, Exchange!!! Obviously Bill Gates assume that small business can afford some sort of super 2x2.6Ghz beasts with TB's of space to run it, not to mention the security problems. Ahhhh, Microsoft...... Steve Hewitt
Systems Manager
 
Upvote 0 Downvote
Gotta love it! I can't stand SBS, I think its total garbage. You might be better off getting some hardware firewall (There is no way I would put a machine like that directly on the internet. Personally, I think its just asking for trouble.

Just my opinion though.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
136
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
136
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
116
XLNTech1
XLNTech1
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
97
hairlessupportmonkey
hairlessupportmonkey
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
51
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top