Sign in with
Sign up | Sign in
Your question

Disable Internet Access from server!

Last response: in Networking
Share
August 27, 2010 5:21:02 PM

I got a friend who has small network system at his business, one server and three workstations.

He "WAS" paying a company to do backup's and maintenance on this system
as well as AV and spyware protection.

He has had 4 "(That's FOUR)" virii nightmares and complete data loss (luckily the backup portion was intact) he has decided to terminate this computer company's service contract and load/run his own data backup software.

How can I/He disable the server from internet access (up/down orin/out) while allowing the workstations to continue to have access.

He does not want to allow the computer company or anyone else from getting into private data(bank accounts! business accounts, employee data etc)

The server software is Windows 2003 server and the computer firm was using PcAnywhere for remote access. Will just uninstalling PcAnywhere prevent remote access or is there something more that I can do using Windows 2003 server options to insure no outside access?

Also any recommendations for Backup software?

The entire system is Windows XP based. No Vista or Win 7 OS's on any of the machines!

Thanks Chris
August 27, 2010 6:53:23 PM

Workgroup based or domain based?

Uninstall PCAnywhere.
Change all the passwords - Windows Remote Desktop will still give access if they have a username and password. You can disable this by blocking port 3389.

If the server should not have any internet access and is not being used with Internet Connection Sharing (ICS) you can remove the Gateway from the static IP address. That will remove internet access from the server out-going. Incoming is another story.

You won't be able to easily block incoming internet access with SOHO type equipment. This generally will go into more expensive equipment to create ACLs.

If you are only worried about the company not accessing the server I would change the passwords on the server, block port 3389 in the Windows Firewall, and/or on the router set 3389 TCP/UDP port forwarding to a non-existant IP address.

Backup software depends - what is being backed up and how much data is there?
m
0
l
!