Solved

The layout of the network.. Second part of question experts-exchange.com/Networking/Microsoft_Network/Q_20952943.html

Posted on 2004-04-14
7
231 Views
Last Modified: 2010-03-18

Comment from LucF
Date: 04/14/2004 03:22AM EDT
 Comment  


goodenough,

>>Come on... That is a bad answer...
That was one of the most serious answers I ever gave, but I'm glad you liked it. :)

Ok, if you're serious, wait a few months. Better security will be on wireless network adapters in the near future. Furthermore, use MAC filtering, only allowing some network adapters in the network. Only you know how confident your data is, and if it's worth the risk.

I still advice you to reconsider, but of course, your choice.

LucF
 
Comment from diggisaur
Date: 04/14/2004 08:06AM EDT
 Comment  


If you want to try and lock down your wireless a little....

1/. Don't broadcast your SSID from your access points (that way it is invisible - Microsoft don't like it but I never had a problems - wirelss setups for 3 years now)
2/. Change the default name of your access points (dont user factory standard ones)
3/. Change the default password on your access points too.
4/. Use encryption (personally WEP is kind of crap - I see a lot of drop outs with WEP - WPA is more secure. Especially when 802.11x comes out)


 
Comment from diggisaur
Date: 04/14/2004 08:07AM EDT
 Comment  


Also MAC filtering as LucF stated is good also.....you can also set up firewalls on the wireless computers as well for additional security to prevent access to files....or control access.  

Comment from goodenough
Date: 04/13/2004 05:42PM EDT

Out standing you two are making this membership woth the money.
OK so these are the specs on the wireless side.
1st - I was thinking that all secure information can be exchanged through terminal server sessions, or Citrix.  dependant on the log on the user would have access to a session and a submition process. VB interface to database or what ever. This would be a secure server.
2nd this is the layout of the network. Each office having internet connection? and wirless in the building out to the WWW through the DSL line.. But were is that connection to the secure server? though a public IP or can it be to one of the other DSL routers in the other building?? DSL is not a constant IP to the router  it is DHCP so i would need to get 1 IP address, for the one router in front of the Secure server.? correct.
 Hope you understand this. I will award points to the both of you infact the second part of this question i will open into another question so i can split the points accordingly.
0
Comment
Question by:goodenough
  • 3
  • 2
  • 2
7 Comments
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
Comment Utility
1/. You can further secure the Terminal Server/Citrix connection with a VPN (microsoft based, hardware VPN based) Just for added security.

2/. Yes you will need just one public IP for the router interface. Static IP is a must as dynamic can obviously chance frequently or infrequently depending on the ISP. You will then open the necessary ports and forward to a manually set private IP of the server.Ports vary based on whether you end up using Terminal Services, Citrix or go for a VPN as well.
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 250 total points
Comment Utility
Personally I don't like the terminal services idea, it's pretty hard to manage, and asks a lot from the servers.
I'd setup the internal network in every building with wires (I assume this has allready been done and all these connections exist allready) Each building on their own subnet. Then use routers with VPN to connect the different buildings.

LucF
0
 

Author Comment

by:goodenough
Comment Utility
THanks any final notes to watch out for..... PLEASE.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
1) About everyone with a good sense of security knows some hacking. If you know anyone you trust, hire him/her to check the network for safety.
2) Always log all failed login attempts, so you can react before anything bad happens.
3) Close all ports you don't need with a hardware firewall (make sure to check those logs on a regular base also)

If you do all that, you'll probably be fine ;-)

Good luck,

LucF
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Yea I agree with LucF...only open the ports you absolutely need to. Most hardware firewalls are pretty good in that they come fairly locked down out of the box. Also, you can get wireless fairly secure but its never as safe as a wired network in my opinion...or as good performance wise.
0
 

Author Comment

by:goodenough
Comment Utility
Thaks again
0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
You're very welcome ;-)

LucF

p.s. for a hardware firewall, think PIX!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now