John,
Thank you very much for a detailed and helpful reply.
>Dmitry,
>
>I am far from expert on establishing a secure server! However:
>
>>>Where in my IIS would I enter the fixed IP address assigned to me by ISP?
>
>You don't need to. DNS will direct domain traffic to your IP address. If it is browser traffic your firewall/router will be configured to send it to your IIS server. In IIS you provide a "default" website but you can also specify more than one domain sharing the same IP.
>
>>>What is hardware firewall? Would a router be considered a good firewall?
>
>Depends on the router. Apart from the obvious protection from the routing, most routers have additional firewall features these days.
>
>>>What is NAT?
>
>Best to look up "router NAT" on google for a full story. There is heaps of good stuff about DNS, NAT etc. Essentially NAT gives you "in-house" IP addresses behind the firewall that are inaccessible to the outside world unless you configure your router/firewall to allow it. For example, you could force all http:// traffic (coming in on port 80) to go to a specific server even if a hacker tries to access that port on your workstation.
>
>>>How do you block incoming ports? And how do I know which ports are needed?
>
>These days most hardware firewall/routers make it easy. Some come with common ports entered so you can simply enable/disable them. Some are obvious- for example, you'll want port 80 for http:// browsing and maybe 443 for https:// access. Those will need to go to your IIS server obviously. If you host your e-mail server in-house you'll need port 25 for SNTP with the router sending that to the right server. In that case you need to make sure you configure your e-mail server to prevent open relay (you MUST look that up in your e-mail server's system!) or spammers will use your e-mail to send their junk and you'll find yourself added to the "banned" lists.
>
>Take a look at the linksys and d-link sites for good cheap firewall routers. Also browse around in google, there is lots of experience out there and people taking about their hardware and how to configure it.
>
>Regards
>
>j.R
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham