Determining Windows 2000 Network Security Strategies |
When you are establishing a connection between your intranet and the Internet or other public network, carefully consider where you will make the connection. Typically this will be in the central part of your organization's network, so that the effective distance between your servers and the Internet is minimized. It will also usually be at a location where networking specialists can easily access it for maintenance.
Ideally, you want to have only one connection to the Internet for your entire company. This simplifies management of the connections and reduces the potential for security weaknesses due to inconsistently applied policies and procedures.
After you have decided where to place the connection to the Internet, you must determine what server hardware you need to support your network security technologies. The characteristics of these servers will depend on the technologies you plan to implement and the anticipated workload, but at a minimum, they need to be capable of running Windows 2000 Server. Although it is possible to run software for applications other than network security on the same servers as your network security applications, it is not recommended. Running other applications reduces the capacity of the servers to respond to network security needs and might cause the servers to fail. Also, if the applications have security weaknesses, they might compromise network security.