Dual network cards

I have a Windows 2003 Server with dual network cards, one card goes straight
out to the Internet using a public IP address and the other is behind the
firewall connected to the LAN. I need to secure the server so that no one can
browse the local network via the network card the goes straight out to the
Internet.

You can uncheck File and Printer Sharing for the Local Area Connection for
the Internet card; and you can enable the Firewall on the Internet card. If
you have enabled RRAS NAT on this machine, then the Firewall settings must
be made in RRAS on the NAT Basic Firewall - this is enabled by default when
you configure NAT.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"John" <(E-Mail Removed)> wrote in message
news:0A7CFD5D-8F80-4885-9C18-(E-Mail Removed)...
> I have a Windows 2003 Server with dual network cards, one card goes
straight
> out to the Internet using a public IP address and the other is behind the
> firewall connected to the LAN. I need to secure the server so that no one
can
> browse the local network via the network card the goes straight out to the
> Internet.

Turn off the stuff Doug said,...but they couldn't simply "browse" the
network like that anyway,...the internal RFC Private Address are not
compatible with the Internet and caon be used as "destinations" from the
person on the outside.

So you you should still take care of the stuff mentioned but the risk isn't
as "simple" as browsing your LAN from the internet.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



"John" <(E-Mail Removed)> wrote in message
news:0A7CFD5D-8F80-4885-9C18-(E-Mail Removed)...
> I have a Windows 2003 Server with dual network cards, one card goes
straight
> out to the Internet using a public IP address and the other is behind the
> firewall connected to the LAN. I need to secure the server so that no one
can
> browse the local network via the network card the goes straight out to the
> Internet.

Hi Phillip

What sort of risks could I still face?

"Phillip Windell" wrote:

> Turn off the stuff Doug said,...but they couldn't simply "browse" the
> network like that anyway,...the internal RFC Private Address are not
> compatible with the Internet and caon be used as "destinations" from the
> person on the outside.
>
> So you you should still take care of the stuff mentioned but the risk isn't
> as "simple" as browsing your LAN from the internet.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
> "John" <(E-Mail Removed)> wrote in message
> news:0A7CFD5D-8F80-4885-9C18-(E-Mail Removed)...
> > I have a Windows 2003 Server with dual network cards, one card goes
> straight
> > out to the Internet using a public IP address and the other is behind the
> > firewall connected to the LAN. I need to secure the server so that no one
> can
> > browse the local network via the network card the goes straight out to the
> > Internet.
>
>
>

There is no "pat answer" for that. Tht is like going to the doctor and
asking,.."what to you think I will die of 40 years from now?"

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------


"John" <(E-Mail Removed)> wrote in message
news:E11C00F9-A939-4441-ACA5-(E-Mail Removed)...
> Hi Phillip
>
> What sort of risks could I still face?

On 8/24/2005 10:56, John wrote:
> I have a Windows 2003 Server with dual network cards, one card goes straight
> out to the Internet using a public IP address and the other is behind the
> firewall connected to the LAN. I need to secure the server so that no one can
> browse the local network via the network card the goes straight out to the
> Internet.

Perhaps remove all microsoft related clients from that network connection,
leaving just the TCP/IP protocol. I would also highly suggest you have
your windows box behind a hardware firewall that filters all NetBIOS ports
(135, 137, 139, 445 TCP and UDP for starters).

A good way to find what ports to filter out is by running netstat -an on
the server and write down all the port numbers with "listening" for the
TCP section and all numbers listed in the UDP section except for those
that appear only for the loopback address.

~Jason

--