I'm planning on co-locating 2 Windows machines sometime in the next couple months. One will be a SQL server and the other will be running IIS & Cold Fusion. What’s my best way to efficiently and cost effectively provide Firewall support for these two machines?
1.) Install a software firewall on both Windows machines
2.) Use a separate box and install Linux with IPChains or FreeBSD or something else?
3.) Find a colo facility that provides these services for a nominal charge
I would guess that ideally I would want a separate machine dedicated to security and firewalling. This situation would have a 100 Mbs connection from the Internet to the firewall, a 100 Mbs connection from the firewall to a switch, and then be connected to the co-located machines directly from the switch, right? But that means an extra colo box and a switch that I will need at this point in time... (as well as additional u's of space)
So back to my main question: Whats the best -and- most cost effective way of doing this? Will software firewalls work just as well as having a separate machine dedicated to firewalling and security?
Thanks for the replies. A question about getting in if you have firewalls..
As of right now I'm using Terminal Services to access my development box. Will installing a firewall hinder my ability to further use Terminal Services? Or will leaving the correct ports open actually create a security hazard?
Or is it best to look into a VPN for remote administration.
Thanks for the help.. Trying to learn so much has gotten me a bit confused.
Regarding Terminal Services - you could open up port 3389 (I *think* that's the correct port) and TS will work fine.
The other way to go about this is getting a firewall that supports VPN connections, and then VPN into your colo'd network and use terminal services over the VPN connection.
Obviously, the second method is more secure.
Jay Sudowski // Handy Networks LLC // Co-Founder & CTO AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network. Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center. Current specials here. Check them out.