I'm managing a very small LAN based on a Windows 2003 server standard,
sporting a MS SQL Server 2000 + Exchange Server 2003, on a P4@1800 + 1GB
RAM. (7 users on the LAN: Win2k, XP users)

Since years the server (being previuosly a Winnt 3,4,2000) was never
protected by any sort of Firewall nor Antivirus, without any problem.

Nevertheless, while enforcing hardware security on redundancy side (RAID 5),
with worms/trojans/xWare bloating everywhere, I'm starting to think
seriously to protect the dude on the software side also.

Would like to install a product, given a performance/price/usability
priority, still allowing users to access network shares to backup, print,
use network services. Easily!

Whilst a server side antivirus may be easy to spot, it looks to me difficult
at the moment to focus on a firewall that once installed will not clog any
available port neither leak everywhere.

Can anyone suggest a few products on the antivirus/firewall side?

Is your server facing the internet? Behind a NAT router?
You could use Windows 2003 buit in firewall.

"Atlas" <atlaspeak@my-deja.com> wrote in message
news:12h2th0h1l73770@news.supernews.com...

For a firewall (assuming you mean protecting your LAN from outside
intrusion) I recommend a dedicated appliance. You can use either ISA 2004 (I
think 2006 is soon to be released) on a Windows Server platform or you can
buy a physical appliance (like a Cisco PIX or Watchguard Firebox). You can
get these in the sub $800 range, I believe. I've used both and prefer the
Watchguard for simplicity and graphic info on network traffic. But if you
are handy with Cisco IOS then PIX may be better.

In any case, the firewall can block incoming intrusions and attachments, etc
as well as outgoing traffic, if you choose to set it up that way. They may
seem intimidating at first but once you understand how the manufacturer has
set up the rules configuration they're quite easy to manage and you'll be
amazed what a good firewall will allow you to do.

If you're looking to protect your workstations, then ZoneAlarm is a worthy
investment (I think they're now owned by Computer Associates but not sure.)
The client firewalls are a pain in the butt to get your users use to but
once they do they recognize how to "teach" the firewall what they want to
come in and out of their workstations.

AV on a server based LAN is best done with centralized management system
(e.g. Symantec AntiVirus Corporate.) You can set rules for scanning and
automatically deploy the client either with the Symantec utility
(interestingly burried in the menues) or push it through group policy (it's
an MSI file if memory serves me correctly.) The push is a brainless
operation and keeps any computer connected to your system in line. You also
manage the updates from Symantec to the server as well as from the server to
the workstation. And you can set up alerts when a workstation's defs are out
of date.

"David Sanders" <news@nospam.sandersweb.net> wrote in message
news:Oigk7$N3GHA.1588@TK2MSFTNGP02.phx.gbl...
I would if I was sure that it wouldn't block users from accessing network
shares and server services (SQL and Exchange server)....

"bill artemik" <bill@insoftdev.com> wrote in message
news:u0kqGhO3GHA.1608@TK2MSFTNGP04.phx.gbl...
The server is hidden behind a router/NAT (Draytek 2800)


You can use either ISA 2004 (I
I'm really thinking about protection from in-LAN threats.

Once the basic duty is done, protecting the LAN from external attacks (and
this is done), the main risks are from users accessing network shares (Write
access), using server services (SQL and Exchange), potentially spreading
worms/malware.


There's only one WS with ZA installed and it gave a lot of headaches;
unfortunatelly it is well suited for home users, not for LAN users...aprt
from trining it in the beginning, some network services stopped working
(print) and to spot out ZA it's been hard.
Other clients are using Windows firewall (Not so good, some users caugth
trojans somewehere)

I don't like much Symantec products; once (at Norton utilites time) they
were speedy and skillful products, now bloatware. I need "thin"
products.....