Hi All, I need some advise/help in securing a public web server. Right now I have a bell dedicated dsl connection. The ISP router is connected to a switch. My web server and the router for my internal private network is also connected to the switch. I've been hearing comments regarding isolating the internal network and the server, does the above configuration satisfy that requirement? Also, what should I do to secure the web server? Can someone advise what my next steps should be? Thanks in advance.

The general configuration you would use for your situation is a firewall with DMZ capability. That would break you into three zones. The outside zone which is the internet via the ISPs router. The DMZ which is quasi-firewall protected (fancy way to say not fully protected), where you Web Server should be placed, And the rest of your network would be in the internal zone taking advantage of full protection from your firewall. All this is broken out by the firewall. Physically you would connect it as follows: (you should be able to eliminate the need for the switch, any firewall should have ports enough to handle the connection, and actually your internal router as well). 1) connect the ISP router to the firewall. 2) one port on the firewall will connect to the switch and that will be considered the DMZ. 3) the other port can connect to a switch or whatever else you use internally. The firewall will then be configured differently to allow greater access to your web server, and greatly limited access to your internal network. D