WHS 2012 Securing WAN Side


Recommended Posts

you have a router or firewall in place?  then you won't have any problems with anyone accessing files from "the WAN side". 

Yes behind a router, any settings I should check in the OS just to make sure?

Link to comment
Share on other sites

No, there really isn't much else to check other than making sure upnp is disabled in the router.  by default the router will block any incoming requests without you doing anything else other than powering it up and connecting its "WAN" or "Internet" port to the cable or dsl modem and plugging the other ports to your lan.  The "WAN" or "Internet" port is considered a unsecure or hostile port by the router, all other ports are secure or friendly.  The router or firewall is already doing its job by saying no one on the outside can come in on the inside, but anyone on the inside can go out to the outside. 

Link to comment
Share on other sites

I would check the router to be sure, as mentioned UPnP if enabled could allow the software to open up ports on the router without your knowing.

 

As sc302 also points out a nat router/firewall by default would block all unsolicited inbound traffic -- unless you have forwarded traffic on purpose, or put an IP into a dmz on your router then no unsolicited should be able to get to it. 

Link to comment
Share on other sites

Hello,

If you want to make sure the WHS2011 server cannot make outbound connections, perhaps changing the network settings or installing a firewall on it? Depends really on what you're trying to block/what you consider the risks are.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

Where did he say anything about preventing the whs box from accessing the internet?  He stated he didn't want people from the internet to talk to the server..  While not giving it a gateway would prevent that.

 

It would also prevent the box from getting updates, etc.

 

Hmmm I don't want my wife to drive me new car, lets take the steering wheel off ;)

Link to comment
Share on other sites

I never said it was a great solution, but it would do as he was asking, as for updates he can always add a gateway on the 2nd tuesday of every month to get them, then remove it again.

 

Also seeing as he is behind a router as long as he doesnt forward any ports or have upnp enabled, then nothing should see it as being there

Link to comment
Share on other sites

Why when by default his firewall/router does not allow access to the box?  And most likely the host firewall on the thing does not allow access from anything other than local networks anyway.

 

Hey honey did you see the steering wheel, I need to go to work..

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.