No announcement yet.

Secure SBS 2003. 2 NICS?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure SBS 2003. 2 NICS?

    I currently have a SBS2003 Standard server that came with 2 NICs, and I am only use one at the moment. My network topology looks like this: DSL Modem > Linksys 4 Port SPI Firewall/Router (all ports are closed and no forwarding is going on, as I want no unsolicited, inbound Internet traffic coming in) > Server and 3 XP Pro workstations. I want to increase overall network security for my server and 2 workstations, while isolating the third workstation from the 'corporate network'.

    The third workstation needs to be able to get to the web, as customers uses it for web surfing and nothing more. The third workstation should not be able to access or see the server and other 2 workstations on the corporate network. I may add another public computer in the future.

    Should I enable the second NIC and configure it with CEICW. I believe this would essentially create 2 network segments. When configuring CEICW, I would tell it not to allow any Internet services, such as email, ftp, VPN, Terminal Services, etc. I would also select Do not allow access to the Web site form the Internet. I believe this ultimately would add an extra layer of security that secures the corporate network from the Internet and the second segment.

    I would keep the Linksys router as my first layer of network security for both segments, as I believe this would protect both networks from most Internet threats. With this in mind, my network topology would then look like this DSL Modem > Linksys Router > SBS Server > Switch > 2 workstations. The third workstation would connect directly to the Linksys firewall/router only. Again, the firewall/router has no open ports and does block WAN requests, so the third workstation should be reasonably protected from Internet threats. It would also have Norton AntiVirus installed and Windows XP SP2 w/firewall enabled. I may also lockdown the UI with Local Policies.

    My questions are these: Does this make a more secure environment than I currently have? Does configuring the second NIC truly add another layer of security that I hear so much about?


  • #2
    Re: Secure SBS 2003. 2 NICS?

    The short answer is Yes! The RRAS adds a poor mans firewall which gives you another layer of security. To really add more security you could upgrade to the Premium edition and add ISA2004. There is no penalty cosy for this as the upgrade costs exactly the same as the difference between the Std and Prem editions.

    Steven Teiger [SBS-MVP(2003-2009)]
    Im honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We dont stop playing because we grow old, we grow old because we stop playing.


    • #3
      Re: Secure SBS 2003. 2 NICS?

      I think it would be better if u upgrade to the Premium version which
      inlcudes ISA Server.
      The standard has a basic firewall and is not so
      If ur organisation can afford it then upgrade soon?


      • #4
        Re: Secure SBS 2003. 2 NICS?

        For your info - and I don't know if this is availbale internationally - but after much digging around with Microsoft in the UK, I disciovered there is a product called 'Product Upgrade' available to take SBS2003 standard to premium. Reason for mentioning this is that in the UK - ISA costs nearly as much as SBS2003 Premium with 5 cals!