TGIF! Harry Brelsord, author of Windows Small Business Server 2003 Best Practices here and just posting up for free a few pages of my book each day for your pleasure. I hope to have the darn thing completely posted up by the time SBS 2008 SHIPS!
Today we continue chapter five on security and go with RRAS unplugged....yee-haw!~
harrybbbbb, a Microsoft Small Business Specialist (SBSC)
Harry Brelsford, ceo at smb nation, www.smbnation.com
###
RRAS Unplugged
So now that you’re all patched and updated, let’s do some meat and potatoes. That is, let’s delve into the firewall component of SBS 2003 standard edition: RRAS’s NAT/Basic Firewall. I’ll essentially repeat Lab 7 from the afternoon of the USA SBS 2003 hands on lab tour that I both wrote and delivered in fall 2003. The intent of the lab was this: After a long day together of SBSing, some folks had unanswered questions about security and exactly what voodoo do you do when you complete a native SBS Wizard. Oops - I went Ragin’ Cajun on you for a moment there. What I meant to say was SBSers sometimes wonder what real settings they affect when the complete a pretty wizard.
It’s important, before proceeding, to remember that you completed both the EICW and the Remote Access Wizard in the prior chapter in order to maintain the sanctity of our SPRINGERS methodology. So, in effect, you’ve already implemented the security related to firewall protection in SBS 2003 standard edition.
The key pages in the EICW that relate specifically to the security we’ll discuss in this chapter (and future chapters) are EICW page 7 (the Firewall screen where you enable the firewall), EICW page 8 which relates to services that will be accessible across the Internet (see Services Configuration in Figure 5-9), EICW page 9 (Web Services Configuration that I really discuss more in Chapters 8 and 10) and EICW page 10 (Web Server Certificate) that I discuss more in the next section.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 5-9
Revisiting the Services Configuration page.
BEST PRACTICE: You’ll increasingly learn and be comfortable with your own situation best. Remember that the SPRINGERS methodology is a pass across SBS 2003 using a story line that works. On the Services Configuration page as part of SPRINGERS, we made some selections in the last chapter.
But what if your real-world needs are slightly different? Perhaps you’ll need to allow some other services, read port openings, be accessible via the Internet. How would you do that in Figure 5-9? Just click the Add button and type in the service name and port information.
In the next procedure, you’ll not only see where your Service Configuration settings are implemented, but you’ll get a peek at the additional services you could select from. Please be advised that the following procedure, which is
basically a look and see, is here so you can appreciate where some of the security settings you select in the EICW are truly “set.”
1 Log on to SPRINGERS1 as Administrator with password Husky9999!.
2 Click Start, Server Management, Advanced Management, Computer Management, and Services and Applications.
3 Select Routing and Remote Access, IP Routing followed by NAT/ Basic Firewall.
4 Right click on Network Connection and select Properties from the secondary menu, (and then see my figures).
5 Observe the NAT/Basic Firewall tab sheet (Figure 5-10) that depicts the selections for NAT and Basic Firewall. These were selected when you enabled the firewall on page 7 of the EICW. I’ll discuss the concept of NAT and Basic Firewall in just a second.
6 Click the Services and Ports tab. Observe the services that you can select.
Figure 5-10
This is where the NAT and Basic Firewall selections are made.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 5-11
This is where the Internet-accessible services were selected.
7. Click OK.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment