TGIF! Harry Brelsord, author of Windows Small Business Server
2003 Best Practices here and just posting up for free a few pages
of my book each day for your pleasure. I hope to have the darn
thing completely posted up by the time SBS 2008 SHIPS!
Today we continue chapter five on security and go with RRAS
unplugged....yee-haw!~
harrybbbbb, a Microsoft Small Business Specialist (SBSC)
Harry Brelsford, ceo at smb nation, www.smbnation.com
###
RRAS Unplugged
So
now that you’re all patched and updated, let’s do
some meat and potatoes. That is, let’s delve into the
firewall component of SBS 2003 standard edition: RRAS’s
NAT/Basic Firewall. I’ll essentially repeat Lab 7 from the
afternoon of the USA SBS 2003 hands on lab tour that I both wrote
and delivered in fall 2003. The intent of the lab was this: After
a long day together of SBSing, some folks had unanswered
questions about security and exactly what voodoo do you do when
you complete a native SBS Wizard. Oops - I went Ragin’
Cajun on you for a moment there. What I meant to say was SBSers
sometimes wonder what real settings they affect when the complete
a pretty wizard.
It’s important, before proceeding, to remember
that you completed both the EICW and the Remote Access Wizard in
the prior chapter in order to maintain the sanctity of our
SPRINGERS methodology. So, in effect, you’ve already
implemented the security related to firewall protection in SBS
2003 standard edition.
The
key pages in the EICW that relate specifically to the security
we’ll discuss in this chapter (and future chapters) are
EICW page 7 (the Firewall screen where you enable the firewall),
EICW page 8 which relates to services that will be accessible
across the Internet (see Services Configuration in Figure 5-9),
EICW page 9 (Web Services Configuration that I really discuss
more in Chapters 8 and 10) and EICW page 10 (Web Server
Certificate) that I discuss more in the next section.
Visit www.microsoft.com/technet for the
latest updates for any Microsoft product.
Figure 5-9
Revisiting the
Services Configuration page.
BEST PRACTICE: You’ll increasingly learn and be
comfortable with your own situation best. Remember that the
SPRINGERS methodology is a pass across SBS 2003 using a story
line that works. On the Services Configuration page as part of
SPRINGERS, we made some selections in the last chapter.
But what if your real-world needs are slightly
different? Perhaps you’ll need to allow some other
services, read port openings, be accessible via the Internet. How
would you do that in Figure 5-9? Just click the Add button and
type in the service name and port information.
In the next
procedure, you’ll not only see where your Service
Configuration settings are implemented, but you’ll get a
peek at the additional services you could select from. Please be
advised that the following procedure, which is
basically a look and see, is here so you can appreciate
where some of the security settings you select in the EICW are
truly “set.”
1 &nbs
p; Log on
to SPRINGERS1 as Administrator with password Husky9999!.
2 &nbs
p; Click
Start, Server Management, Advanced Management, Computer
Management, and Services and Applications.
3 &nbs
p; Select
Routing and Remote Access, IP Routing followed by NAT/ Basic
Firewall.
4 &nbs
p; Right
click on Network Connection and select Properties from the
secondary menu, (and then see my figures).
5 &nbs
p; Observe
the NAT/Basic Firewall tab sheet (Figure 5-10) that depicts the
selections for NAT and Basic Firewall. These were selected when
you enabled the firewall on page 7 of the EICW. I’ll
discuss the concept of NAT and Basic Firewall in just a
second.
6 &nbs
p; Click
the Services and Ports tab. Observe the services that you can
select.
Figure 5-10
This is
where the NAT and Basic Firewall selections are made.
Visit www.microsoft.com/technet for the
latest updates for any Microsoft product.
Figure 5-11
This is where
the Internet-accessible services were selected.
7.
Click OK.
