> My company is looking at a quick way of getting on the Internet
> without investing in a lot of hardware and engineering effort.
> One idea, which has management interested, is to work with a local
> ISP to get a dedicated line, either ISDN or 28.8, to tie a PC
> running MS-Windows or MS-Windows NT to the Internet.
> This PC would be an FTP server and WWW server. This PC would only
> be connected to our office network _after_ it had been disconnected
> from the ISP connection. Thus, no need for a fire wall. (So we
> can transfer files back and forth.)
You don't indicate whether the world would have any write privileges
on your server. To keep things simple, I would not.
If you have anonymous read and write, do be sure these are in
separate directories. The read directory would be read-only to
the world; the write directory would be write-only. If you don't do
this, it essentially is a given hackers will find it and use it
as a file exchange point.
Also, there is a theoretical possibiity that one could import a
trojan horse that might bring up external connections on its own.
> (We are expecting the number of hits on both server to be in the
> single digits each day at this time.)
> This same PC would be used for out-going access and would require
> the individual wanting to 'surf' to go to the PC.
> As a short term solution is this seems pretty good. The only problem
> is that we also want e-mail. Today we use UUCP every couple of hours,
> but there is a big push to have immediate access to incoming and
> immediate outbound email, but on the internal network.
Be cautious about mail that can contain executables.
Also, be sure that when the PC is accessile to the outside, it
does not have any remotely mounted disks.
> Is it possible to use MS-Windows or NT as an email-only gateway?
> I am assuming we would need a second lan card or a router?
> What security issues should I look out for? I assume that not
> allowing the PC to be a telnet server is a start and only exposing
> the internal email server to the PC is also a good idea.
> Thanks in advance for any help or other suggestions,
> Chris Curtin
> System Administrator
> Christopher M. Curtin Bradley Ward Systems, Inc.
> chris @
us 750 Hammond Drive, Building 10
> Atlanta, Ga 30328