We have a network with 10 PCs, one of them being a server running Win2K Server. All other PCs are running Win2K Professional. The PCs are on an ethernet network with a hub in star topology. The PCs connected to the Internet have Panda Antivirus and ZoneAlarm Pro installed on them. Do I need an intrusion-detection system for the protection of the network in addition to ZoneAlarmPro? If so, please suggest a good host-based IDS that we may install on our systems.
We are about to configure our Win2k Server as a VPN server to connect to our branch office. We will also have a back-up for this Windows VPN through a D-Link ISDN Router. In this scenario, what are the security requirements that we should consider? We are using LanGuard Network Scanner to identify vulnerabilities and are implementing the suggestions given by LanGuard.
These are the kind of questions you should be hiring a security consultant to answer, but I'll go ahead and answer.
First, while ZoneAlarm Pro is an excellent product, I would suggest that you really need a hardware-based firewall between your Internet connection and the hub. Being able to set your firewall policy in one place rather than just on every machine makes management much easier. I would keep ZoneAlarm, too.
An intrusion-detection system does not protect you, in that it does nothing to stop attacks. All it can do is detect and alert. That is a noble function, but probably not what you are looking for. If you are, again it would be much better to have it in a single location rather than having to manage it on every host. If you want to have a host-based intrusion-prevention system (note prevention rather than just detection), I recommend the StormWatch product from Okena. Apparently Cisco must like the product as well, as they just purchased Okena within the last month.
For your Windows 2K Server, I would configure it according to the guidelines published by the National Security Agency (NSA). See http://nsa2.www.conxion.com/win2k/download.htm for more information.
As for security requirements, that all depends on what kind of data you are protecting, who you need to protect it from and lots of other things. You really need a professional to spend some time with you to develop your security policies first and then the security requirements. I am not familiar with the LanGuard scanner, so I can't comment on that. I have used both Nessus and SARA. Both are very good, though the reports from SARA are much more readable and they also provide guidance on how to fix any problems found.
For more information on this topic, visit these other SearchSecurity.com resources:
This was first published in February 2003