Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Winroute on FileServer is it safe?
  •  
kaptain1

Messages: 31
Karma: 0
Send a private message to this user
Hi all,

We're considering purchasing the Winroute firewall for our office so it's used as a Gateway/Firewall/VPN. However, we only have 1 server and it's a WIN2003 File Server that we use for Backups/File Sharing (somewhat confidential information there).

Few questions:

Is it safe to install WinRoute on that FileServer?

Will it be easier to hack into our File Server if WinRoute is installed on it and active as a Gateway/VPN?

Will our LAN 2Gigabit connection to our FileServer go down to 50mbps (max of WinRoute's throughput)?

Please help with decision.

Thanks in advance!
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
If you use your file server for running KWF, you're effectively placing your file server directly onto the Internet. Of course, protected by KWF (which you would need to configure just right!), but nothing is 100% secure so I wouldn't bet my career on it and using it as border gateway.
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
Use other computer to handle gateway/firewall if you're so concern about security.

Computer with KWF installed downgrade the file transfer speed... I don't know if this has been corrected, but I guess it's still the prob. So my suggestion... see 1st paragraph.
  •  
kaptain1

Messages: 31
Karma: 0
Send a private message to this user
Confused
Hmm, that sucks. Now i have to think of something. I work for a non-profit and they're kinda tight on the budget, especially when it comes to buying network equipment.

Is there a way i can use Linksys router to act as a gateway/firewall, and have KWF to be a DHCP server and VPN server?

thanks!
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
If you just need a router/vpn solution (and none of the advanced filtering), why not buy some cheap consumer router that can do all that? You could be done for just a fraction of what KWF itself costs.
  •  
kaptain1

Messages: 31
Karma: 0
Send a private message to this user
What we need is a VPN solution, but we can definitely use additional features that come with the KWF such as anti-virus, DHCP, monitoring/restriction of traffic and logs. Mainly, i'm looking into KWF because it's easy to use, and i've heard they may offer discount licensing for non-profit organizations. I tried using cheap Netgear firewall/ vpn router, but that was a nightmare for me. :/

However, i'm somewhat hesitant to install KWF on a fileserver b/c i'm worried that some smart-ass will hack into it. :/ And it doesn't make sense to put so much services onto one machine, even though it's a pretty reliable system.

I'll still look into routing VPN through the linksys router though. lol

Any other ideas?

Thanks for input all!
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
Well, it's still depend on your traffic policy. If you do it right, then there's a slim chance you'll be hacked or something. Make sure that you, as admin, has the only access to server. Usually, hacker could gain access if admin/user is stupid enough to do mistakes.

Installing KWF to your file server will be just fine. I haven't encountered or heard complains that they've been hacked because of KWF's poor security. For 5 years of KWF product subscriber, this program is doing fine.

Software router is flexible and complex compare to low cost, standard router...
  •  
kaptain1

Messages: 31
Karma: 0
Send a private message to this user
Thanks a lot guys. I've installed demo on file server and it seems to be fine. It may be better than before when i had no firewall on it except the Linksys router :/
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
kaptain1 wrote on Sun, 29 June 2008 12:00

It may be better than before when i had no firewall on it except the Linksys router :/

Actually no.

With the Linksys router your file server was not publicly reachable, but now your file server is publicly reachable. So from a security standpoint I'd say you're a step backwards. A simple NATing router is just fine as a firewall (unless you start mapping ports of course).

Not to say it's wrong what you're doing; if you're satisfied, then all is fine of course! Smile
  •  
kaptain1

Messages: 31
Karma: 0
Send a private message to this user
Umm Yes i kinda know that it's not super good idea to do what i did... but i don't really have another good option. :/

Could you guys help me to test my server for security and make sure that i make it as secure as possible with current configuration?

I tried pinging it, scanned for open ports - none of these returned any results...

Any other ideas/methods to test it? Ways to protect it?

Thanks a million!
  •  
an2ny79

Messages: 109
Karma: 2
Send a private message to this user
if you close all the ports then I don't see how would someone breach your wall.

As what you've said, your company is on tight budget, then you don't have any choice but to use your only one server to act as file server, firewall and router.

If you want a simple firewall and routing, go back to original setup... use Linksys and cloak your fileservers and workstations. But you won't enjoy what you could do using KWF Twisted Evil

Anyway, since you're not hosting services, then close all incoming ports. With this, your fileserver won't be reached. Lastly, make sure that fileserver platform is updated and clean from any trojan or worm viruses.

Regards,
Anthony
  •  
luv2fly3

Messages: 1
Karma: 0
Send a private message to this user
I also am the IT person for a non-profit, and budget is most certainly an issue!! Go on eBay and purchase a refurbished Dell Optiplex GX270 or GX280 for anywhere between $75-$200. They're Pentium 2-3GHz or Celeron 2-3.0GHz machines, and will run Winroute great. All you'd need to do is purchase an additional Network Card for the PC, but you can get those for $10-$20 at a local office supply or electronic store.

We have a LAN with about 25 PC's on it. We also have a Windows Server 2003 machine running the Small Business Server software. I didn't want it to be accessible to the internet, other than for the http protocol to make Outlook web access possible. I have Winroute on an older Optiplex 110 Pentium III 800MHz computer running Windows XP Pro. It runs it great.

I'd strongly suggest a separate computer for Winroute that will put a definite barrier between your file server and the web, like a hardware router does. With port mapping in Winroute, you can then open up the specific ports (if any) you may want open for access to your server behind the Winroute machine. With the ability to get pretty inexpensive powerful PC's on eBay...it makes the most sense!! I've purchased 5 over the past 3 weeks and each of them have been great deals and great computers for our office.

[Updated on: Sat, 05 July 2008 16:02]

Previous Topic: VPN trouble?
Next Topic: please help!! VPN
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 03:49:44 CET 2017

Total time taken to generate the page: 0.00542 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.