Solved

The layout of the network.. Second part of question experts-exchange.com/Networking/Microsoft_Network/Q_20952943.html

Posted on 2004-04-14
7
237 Views
Last Modified: 2010-03-18

Comment from LucF
Date: 04/14/2004 03:22AM EDT
 Comment  


goodenough,

>>Come on... That is a bad answer...
That was one of the most serious answers I ever gave, but I'm glad you liked it. :)

Ok, if you're serious, wait a few months. Better security will be on wireless network adapters in the near future. Furthermore, use MAC filtering, only allowing some network adapters in the network. Only you know how confident your data is, and if it's worth the risk.

I still advice you to reconsider, but of course, your choice.

LucF
 
Comment from diggisaur
Date: 04/14/2004 08:06AM EDT
 Comment  


If you want to try and lock down your wireless a little....

1/. Don't broadcast your SSID from your access points (that way it is invisible - Microsoft don't like it but I never had a problems - wirelss setups for 3 years now)
2/. Change the default name of your access points (dont user factory standard ones)
3/. Change the default password on your access points too.
4/. Use encryption (personally WEP is kind of crap - I see a lot of drop outs with WEP - WPA is more secure. Especially when 802.11x comes out)


 
Comment from diggisaur
Date: 04/14/2004 08:07AM EDT
 Comment  


Also MAC filtering as LucF stated is good also.....you can also set up firewalls on the wireless computers as well for additional security to prevent access to files....or control access.  

Comment from goodenough
Date: 04/13/2004 05:42PM EDT

Out standing you two are making this membership woth the money.
OK so these are the specs on the wireless side.
1st - I was thinking that all secure information can be exchanged through terminal server sessions, or Citrix.  dependant on the log on the user would have access to a session and a submition process. VB interface to database or what ever. This would be a secure server.
2nd this is the layout of the network. Each office having internet connection? and wirless in the building out to the WWW through the DSL line.. But were is that connection to the secure server? though a public IP or can it be to one of the other DSL routers in the other building?? DSL is not a constant IP to the router  it is DHCP so i would need to get 1 IP address, for the one router in front of the Secure server.? correct.
 Hope you understand this. I will award points to the both of you infact the second part of this question i will open into another question so i can split the points accordingly.
0
Comment
Question by:goodenough
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 10824157
1/. You can further secure the Terminal Server/Citrix connection with a VPN (microsoft based, hardware VPN based) Just for added security.

2/. Yes you will need just one public IP for the router interface. Static IP is a must as dynamic can obviously chance frequently or infrequently depending on the ISP. You will then open the necessary ports and forward to a manually set private IP of the server.Ports vary based on whether you end up using Terminal Services, Citrix or go for a VPN as well.
0
 
LVL 32

Accepted Solution

by:
LucF earned 250 total points
ID: 10824912
Personally I don't like the terminal services idea, it's pretty hard to manage, and asks a lot from the servers.
I'd setup the internal network in every building with wires (I assume this has allready been done and all these connections exist allready) Each building on their own subnet. Then use routers with VPN to connect the different buildings.

LucF
0
 

Author Comment

by:goodenough
ID: 10824929
THanks any final notes to watch out for..... PLEASE.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 32

Expert Comment

by:LucF
ID: 10825019
1) About everyone with a good sense of security knows some hacking. If you know anyone you trust, hire him/her to check the network for safety.
2) Always log all failed login attempts, so you can react before anything bad happens.
3) Close all ports you don't need with a hardware firewall (make sure to check those logs on a regular base also)

If you do all that, you'll probably be fine ;-)

Good luck,

LucF
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10825171
Yea I agree with LucF...only open the ports you absolutely need to. Most hardware firewalls are pretty good in that they come fairly locked down out of the box. Also, you can get wireless fairly secure but its never as safe as a wired network in my opinion...or as good performance wise.
0
 

Author Comment

by:goodenough
ID: 10825451
Thaks again
0
 
LVL 32

Expert Comment

by:LucF
ID: 10825679
You're very welcome ;-)

LucF

p.s. for a hardware firewall, think PIX!!
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question