The layout of the network.. Second part of question

Comment from LucF
Date: 04/14/2004 03:22AM EDT


>>Come on... That is a bad answer...
That was one of the most serious answers I ever gave, but I'm glad you liked it. :)

Ok, if you're serious, wait a few months. Better security will be on wireless network adapters in the near future. Furthermore, use MAC filtering, only allowing some network adapters in the network. Only you know how confident your data is, and if it's worth the risk.

I still advice you to reconsider, but of course, your choice.

Comment from diggisaur
Date: 04/14/2004 08:06AM EDT

If you want to try and lock down your wireless a little....

1/. Don't broadcast your SSID from your access points (that way it is invisible - Microsoft don't like it but I never had a problems - wirelss setups for 3 years now)
2/. Change the default name of your access points (dont user factory standard ones)
3/. Change the default password on your access points too.
4/. Use encryption (personally WEP is kind of crap - I see a lot of drop outs with WEP - WPA is more secure. Especially when 802.11x comes out)

Comment from diggisaur
Date: 04/14/2004 08:07AM EDT

Also MAC filtering as LucF stated is good can also set up firewalls on the wireless computers as well for additional security to prevent access to files....or control access.  

Comment from goodenough
Date: 04/13/2004 05:42PM EDT

Out standing you two are making this membership woth the money.
OK so these are the specs on the wireless side.
1st - I was thinking that all secure information can be exchanged through terminal server sessions, or Citrix.  dependant on the log on the user would have access to a session and a submition process. VB interface to database or what ever. This would be a secure server.
2nd this is the layout of the network. Each office having internet connection? and wirless in the building out to the WWW through the DSL line.. But were is that connection to the secure server? though a public IP or can it be to one of the other DSL routers in the other building?? DSL is not a constant IP to the router  it is DHCP so i would need to get 1 IP address, for the one router in front of the Secure server.? correct.
 Hope you understand this. I will award points to the both of you infact the second part of this question i will open into another question so i can split the points accordingly.
Who is Participating?
LucFConnect With a Mentor EMEA Server EngineerCommented:
Personally I don't like the terminal services idea, it's pretty hard to manage, and asks a lot from the servers.
I'd setup the internal network in every building with wires (I assume this has allready been done and all these connections exist allready) Each building on their own subnet. Then use routers with VPN to connect the different buildings.

Gareth GudgerConnect With a Mentor Commented:
1/. You can further secure the Terminal Server/Citrix connection with a VPN (microsoft based, hardware VPN based) Just for added security.

2/. Yes you will need just one public IP for the router interface. Static IP is a must as dynamic can obviously chance frequently or infrequently depending on the ISP. You will then open the necessary ports and forward to a manually set private IP of the server.Ports vary based on whether you end up using Terminal Services, Citrix or go for a VPN as well.
goodenoughAuthor Commented:
THanks any final notes to watch out for..... PLEASE.
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

LucFEMEA Server EngineerCommented:
1) About everyone with a good sense of security knows some hacking. If you know anyone you trust, hire him/her to check the network for safety.
2) Always log all failed login attempts, so you can react before anything bad happens.
3) Close all ports you don't need with a hardware firewall (make sure to check those logs on a regular base also)

If you do all that, you'll probably be fine ;-)

Good luck,

Gareth GudgerCommented:
Yea I agree with LucF...only open the ports you absolutely need to. Most hardware firewalls are pretty good in that they come fairly locked down out of the box. Also, you can get wireless fairly secure but its never as safe as a wired network in my opinion...or as good performance wise.
goodenoughAuthor Commented:
Thaks again
LucFEMEA Server EngineerCommented:
You're very welcome ;-)


p.s. for a hardware firewall, think PIX!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.