[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Require More Info :)

Posted on 2005-05-04
14
Medium Priority
?
194 Views
Last Modified: 2010-04-10
I asked this question here :

http://www.experts-exchange.com/Networking/Q_21411452.html

And I would like to know more info about the last reply with regards to these things :

3.) if wireless, consider changing he SSID and disabling SSID broadcasting
4.) if wireless, consider limiting access to certain MAC address
5.) if wireless, consider using WEP or WPA.
6.) make sure "manage remotely" is NOT turned on.
7.) use something besides the default network of 192.168.1.0/24 network.  Anything 192.168 or 172.16 is fine.
8.) check for new firmware upgrades
9.) consider other firmware if you need more - such as available at http://www.linksysinfo.org
10.) change the SNMP string, and turn it off if you don't need SNMP (depends on hardware and firmware).

If you could please ellaborate on the above things and how to go about doing them , even if you just post URL's that give me a rough idea on how to go abouts doing each of the above. I am also going to post another question just so you are aware :)
0
Comment
Question by:gecko_au2003
  • 7
  • 5
  • 2
14 Comments
 
LVL 3

Expert Comment

by:justintx
ID: 13927060
http://www.linksys.com/edu/page10.asp  This is Linksys' own page on how to secure a wireless network.  They have TONS of info on their support site.

justin
0
 
LVL 23

Author Comment

by:gecko_au2003
ID: 13927386
I only offered linksys as one example with regards to routers and networking , with regards to it being wireless I think it would require that the network uses cat 5 or cat 6 cabling just because I prefer it to be cabling then wireless because I dont like my connections dropping out etc :)

So I was trying to find out more specific info with regards to securing a network in a public place with regards to a library or net cafe.
0
 
LVL 3

Accepted Solution

by:
justintx earned 1000 total points
ID: 13927472
OK, I understand now.  If you're trying to secure a wired network, there are several things you can do.  Are you going to provide your own systems or have users bring in their own to connect?

If you're providing the systems, you can do the following:

- set up port security on a switch (differs for each vendor, but limits devices connecting based on MAC, so no one can come in and plug in their own system to your network)
- use static IP addresses instead of DHCP
- set user permissions on computers to "User" rights instead of "Admin" rights
- disable or limit use of floppy/CD/USB drives


There are many other ways to secure a network as well.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
LVL 23

Author Comment

by:gecko_au2003
ID: 13927558
Please take a look at my other question :

http://www.experts-exchange.com/Networking/Q_21412407.html

I am new to all of this networking stuff and I would really like as much info as possible with regards to how it is setup. I mean have you got a good website I can go to so that I can look up what a switch is, what it does, how I would go abouts configuring a switch to do that with regards to limiting devices connecting to my network based on MAC address's. Also if I wanted the option to allow ppl to connect to my network with there laptops or w/e how would I do that so that I can add there mac address to my network config to allow them access to it ?

I am basically trying to find out as much info as possible and I dont want to keep posting questions :) So I basically am looking for specific info with regards to setting up a secure network which so far looks like I will need a switch , router, hardware firewall and a server and then it filters down to the other computers.

So if you could please show me how they would be connected ie in what order ??

Internet Connection --> Hardware Firewall --> Router --> Server --> Other computers ( aprox 20 or so computers ) ???
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13927840
First, we have to know what kind of gear you're talking about - professional gear like Cisco, Nortel, Managed 3Comm, HP Procurve, Dell (cough), etc?  Or unmanaged gear - like Linksys, DLink, etc.  In other words, are you going to do it well, or do it cheap?
0
 
LVL 23

Author Comment

by:gecko_au2003
ID: 13928044
Personally I want to do it correctly ( Professionally ) but that would depend on my budget , which I am going to be finding out soon.

From the makes you have mentioned, I would have to say either Cisco, 3Comm , Linksys or DLink.

Maybe you could give me 2 examples ie one for professional setup ie 3Comm or Cisco and one for unmanaged ie Linksys. If that is ok ?

0
 
LVL 27

Assisted Solution

by:pseudocyber
pseudocyber earned 1000 total points
ID: 13928114
Well, hmm.  I would put a layer 3 Cisco switch in which can route and switch on the same box.  Then you could plug in your uplink to the Internet (assuming a broadband router) and use Access Control Lists to control what IP's can do what.

I'd make a management VLAN, and restrict telnet, web, ssh, ftp, and tftp access to the network gear to a certain IP address which is not on your network and in a controlled location (like the network closet).  Then, as an admin/engineer, you could plug in there and access the equipment.

You'd off course want to change telnet/ssh passwords and usernames.  You'd want to change the console username.  You'd want to turn of all unnecessary services, such as finger, ntp, message of day, all that kind of stuff.  

Cisco has a a really good page for this:  http://www.cisco.com/warp/public/707/21.html.  Additionally, google: how to secure cisco router.

Found this too:  http://www.secwiz.com/index.php?module=documents&JAS_DocumentManager_op=viewDocument&JAS_Document_id=27
0
 
LVL 23

Author Comment

by:gecko_au2003
ID: 13928203
All of that except for those 2 websites went over my head, any chance you can ellaborate on that last suggestion to explain what all of that means and why you would restrict access to telnet, web, ssh, fto, tftp etc.

Sorry, just I am totally new to all of this ! Obviously there is a lot to learn with regards to networking and it will take me some time and I am sure I will get there surely but slowly ! :)
0
 
LVL 23

Author Comment

by:gecko_au2003
ID: 13928209
As you probably noticed, I increased the points to 500 :)
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13928230
>>restrict access to telnet, web, ssh, fto, tftp etc.  

With Cisco, for instance, you can set up Access Control Lists (ACLs) where you specify what IP is allowed to use what port to connect to what - or not.  So, you would want to restrict who could telnet to your router or switch for security - if they can't get to it, they can't try to hack it.

However, lower end SOHO (Small Office/Home Office) gear like Linksys doesn't have this ability.
0
 
LVL 23

Author Comment

by:gecko_au2003
ID: 13928260
ok so for instance if I went the linksys route, I could have 4 computes including the server connected to the router via cat 5 or cat 6 cables and then the rest of them using wireless cards ?

I mean if I went that route, surely that would be the cheap and stupid way of setting it up ?

So considering this would be for a public place surely it would be better to go the professional way ie using a cisco switch along with what other hardware ??

If you could go to my other question which irmoore has helped me with, maybe you could correlate it to his suggestions with regards to the hardware that he has suggested as that looks like it would be easier to follow :)
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13928413
>>ok so for instance if I went the linksys route, I could have 4 computes including the server connected to the router via cat 5 or cat 6 cables and then the rest of them using wireless cards ?

Yes.

>>I mean if I went that route, surely that would be the cheap

Yes.

>>and stupid way of setting it up ?

Yes.

>>So considering this would be for a public place surely it would be better to go the professional way ie using a cisco switch along with what other hardware ??

In my opinion, yes, as long as you can afford the hardware and support - library's don't usually have a lot of money, but I don't know how their infrastructure is usually set up either.

I didn't see lrmoore's comment in the other question.  You could probably post there and ask him to come here.

0
 
LVL 23

Author Comment

by:gecko_au2003
ID: 14083747
I really appologize for taking soooo  long with this question. I split points between the both of you however just so you know all the suggestions made were very useful !!!

I really appreicate your patience and effort !!
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 14084704
You're welcome! :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question