Another Server Question By Me  | | | 
September 6th, 2004, 02:12 PM
|
#1 (permalink)
| | Senior Member
Join Date: Aug 2004 Location: ThisLand Was My Land
Posts: 512
|  Another Server Question By Me
I know, I have a lot of Server threads out there, wells heres on more, and probably not my last.
I have 2 other computers hooked up to a Netgear Wireless G Router. When I get my server up and running and I plug my ethernet cable into the router, am I putting the other computers at risk, because am I letting people through to access my server (Will be Running SME Server 6), can they just access the other computers...
...and if they can, is it possible to use 3 routers to keep the other computers safe...
...like this. Btw the other two routers will probably be Gateway routers
xxxxxRouter
xxxxx// \\
xxxRouter Router
xxx| | |xxxxxxx\\
xxPCPCPC Server
IF can understand above...
THANKS GUYS
__________________
Gaming: AMD64 3K+, X1800GTO 256, 120gb7200
Personal/Living Room Gaming: (laptop)AMD64 3K+, 9700pro, 60gb5400
Last edited by micfau1091 : September 6th, 2004 at 02:23 PM.
| 
|  | |
September 6th, 2004, 02:17 PM
|
#2 (permalink)
| | Senior Member
Join Date: Aug 2004 Location: ThisLand Was My Land
Posts: 512
|
Here is a better pic if it helps | |
| | |
September 6th, 2004, 02:45 PM
|
#3 (permalink)
| | Did you try Google yet?
Join Date: Feb 2003 Location: Buckhannon, WV
Posts: 3,468
|
Here is the risk:
IF someone compromises your server, they could have access to your other computers, because it is behind the router with them.
Personally, I would not worry about it much. The headaches you will have from a setup like you describe will not be worth it.
The actual chance of someone doing this are somewhere less than 0. 99% of hacks are defacements or looking for a place to run an IRC bot or similar.
__________________
My computer is bigger than yours!
| |
| | |
September 6th, 2004, 02:50 PM
|
#4 (permalink)
| | Senior Member
Join Date: Aug 2004 Location: ThisLand Was My Land
Posts: 512
|
Yea, but there are very important docs on the other computers....private docs (nothing illegal), like pictures of family and software keys I dont want to lose...so if the setup above (2.png) is not too hard to setup...like just pluging in some cables, then it might be worth it (for me)...since the gateway routers are $5 each. Thanks for your reply though, but if you can tell me how hard the 3 router setup is...then THANK YOU.
*EDIT*
Btw, if a hacker gets in...he will only be able to view the Shared Docs, right? (BTW...Windows XP Home is on the other pcs) | |
| | |
September 6th, 2004, 02:53 PM
|
#5 (permalink)
| | Did you try Google yet?
Join Date: Feb 2003 Location: Buckhannon, WV
Posts: 3,468
|
You are at just if not more as much risk using one of those computers to surf and do e-mail.
It really isn't worth the trouble. People I know who have a setup like this, eventually undo it because it is basically unusable.
edit:
How much risk the other computers are at is dependent on how up to date and secure they are. If they are completely unpached, then they would be easy pickings. | |
| | |
September 6th, 2004, 02:56 PM
|
#6 (permalink)
| | Senior Member
Join Date: Aug 2004 Location: ThisLand Was My Land
Posts: 512
|
OK Thanks...but most of my important docs are in the shared folders, so the other pcs can access it...mostly, I am just worried about the files being changed or something like that. | |
| | |
September 6th, 2004, 03:10 PM
|
#7 (permalink)
| | the *Voice* in your Head
Join Date: Dec 2001 Location: NY
Posts: 4,520
| Quote: |
Originally Posted by Siliconjunkie Here is the risk:
IF someone compromises your server, they could have access to your other computers, because it is behind the router with them. | i think Silicon's post inspires some needless and misdirected speculation.
the blue router is your border router. if someone is able to hack the server which sits behind the border router and the additional router (#2) behind it, of course the other computers on your internal network are at risk because the border router has already been breached.
if router #2 and firewall running on the server are configured correctly, the server is probably the the least of your worries...it would be the most secure box on the network.
the real question is how much access are you allowing between the server and the rest of your hosts on the internal side? this is where your potential exposure is and what you should plan for.
what is unclear from your post is how much access will the outside world have to the server. if there is not access, you're fine (assuming the above is correct). if there is access, then the internal side is possibly at risk...again, depending on what rules you have on router #2 and the firewall.
Last edited by PresterJohn : September 6th, 2004 at 03:21 PM.
| |
| | |
September 6th, 2004, 07:41 PM
|
#8 (permalink)
| | Free Thinker
Join Date: Oct 2001 Location: Charleston, Illinois
Posts: 4,522
|
You could lease a second IP address from your provider. They're usually pretty cheap. Then hang a switch off your DSL modem and hang your two routers off the switch. Assign one external IP to the SME server router and the other to the second router. On the SME server router, forward whatever ports you need to that server. Keep the other router's ports closed and hang all your PCs off it. That way your SME server is on a separate network entirely. If your PCs need internal access to the SME server, install a second NIC in the SME server and assign it an IP in the range of the PC router and run a cable there. As long as the two NICs aren't bridged, folks gaining access to the SME server won't even know the other network exists.
__________________
You can't fix stupidity.
| |
| | |
September 6th, 2004, 08:07 PM
|
#9 (permalink)
| | Senior Member
Join Date: Aug 2004 Location: ThisLand Was My Land
Posts: 512
| Quote: |
Originally Posted by M_Six You could lease a second IP address from your provider. They're usually pretty cheap. Then hang a switch off your DSL modem and hang your two routers off the switch. Assign one external IP to the SME server router and the other to the second router. On the SME server router, forward whatever ports you need to that server. Keep the other router's ports closed and hang all your PCs off it. That way your SME server is on a separate network entirely. If your PCs need internal access to the SME server, install a second NIC in the SME server and assign it an IP in the range of the PC router and run a cable there. As long as the two NICs aren't bridged, folks gaining access to the SME server won't even know the other network exists. | Like in server-gateway mode? Thats what I was thinking about doing...thanks | |
| | |
September 6th, 2004, 08:28 PM
|
#10 (permalink)
| | Did you try Google yet?
Join Date: Feb 2003 Location: Buckhannon, WV
Posts: 3,468
| Quote: |
If your PCs need internal access to the SME server, install a second NIC in the SME server and assign it an IP in the range of the PC router and run a cable there. As long as the two NICs aren't bridged, folks gaining access to the SME server won't even know the other network exists.
| That is a VERY dangerous assumption. Security by obscurity. It would take someone about 2.3 seconds to find out it has 2 NICs, what network both are on and POOF, firewalls no longer matter. Ideally, you would put a firewall above AND below the server, going up past the server to get out. This would actually be pretty safe.
internet<----->router 1<-------insert server here----->router 2<----->other PCs.
Just don't forward any ports on router 2 and you are safe, with full access to the server. Actually a pretty safe and livable arrangement if you don't want to forward anything to the PCs. Oh, and they will have to be 2 different subnets. | |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
