Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Is there a template by which one can go to have a pretty safe network (hardware wise)

I'm wondering if anyone can give me an idea of what i might need to purchase to get as secure a network as I need and then i can go from there.

For instance,
Do i need a firewall?  If I do, where should this firewall be placed?
Secondly do i need a managed router or can i get away with only a 100$ router?

Stats :

One server
10 - 15 computers depending on laptops

cable modem
Router/Switch/vpn
Switch
0
candg
Asked:
candg
1 Solution
 
jer2eydevil88Commented:
Security on a network and management on the network are two different things.

If all you want is to keep your network free of snooping from the outside world a $100 router will get you by.  If you have to worry about internal problems and you have high level / computer sophisticated users on the network then you need to consider managed equipment to control what access they have to resources on your network.

As for your network server what role does it play in your organization and what is your current network setup?  Are you connecting to the internet using consumer class connections (cable,dsl, or satellite)?
0
 
candgAuthor Commented:
I'm using Cable, the server is the DNS, application server, and IIS for my intranet.  As well as TS server.  I want to be assured that if people who know just enough to download crap don't screw up the network.  I have antivirus, but what else is a good idea to have.  
0
 
jer2eydevil88Commented:
Well the best solution to those user problems is a good network admin, if you don't have one in your organization you might look to hiring a consultant to stop on by monthly to do a checkup.

As for hardware that might help, you can always save some money and throw in Linux based firewall like IPCOP @ http://www.ipcop.org which with minimal effort can let you log your internal and external traffic.  Another option is to spring for managed switches that do the same thing at a more sophisticated level allowing you to manage and monitor all network level traffic and connectivity.  If you are afraid of your employee's accidentally spreading the next Windows bubonic plague then managed switching would be a good choice.  If all you want to do is block them from accessing certain types of sites and peer to peer services you can do that inside a IPCOP box.

Other excellent free Linux firewalls (you still need a PC to throw Linux on) you might consider.
http://www.smoothwall.org – Very similar to IPCOP but with less expandability
http://www.pfsense.org/ - Much more advanced and difficult to configure

Dell offers some fairly well priced managed switches you can find @ http://tinyurl.com/or6fu 
Cisco though is the defacto solution for much of corporate America and many vendors will cut you a deal on pricing if you tell them you are interested in going with an alternative.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
EnigmaticFractalCommented:
Also, what operating system are your computers running on? Windows 98, 2000, and XP and everything in between have very different security concerns which in turn lead to very different methods of securing a network and everything on it. In addition, good computer practice would have you backing up the main components of your network (i.e your server, and all critical data). After we know the OS, we can go from there to take steps to help secure the network (although there is no such thing as a totally secure network).

~enig

 


 
0
 
SunBowCommented:
Yes, get a firewall that can stop packets going in each direction by enabling only approved ports. If you do not trust users you could give them each a personal firewall to stop the others, but with so few users, they better be able to trust each other well enough to no need that.

You are also a little small to suggest need for proxy servers and DMZ. You can give your users regular internet addresses, and give the intranet server a local IP (unroutable/unreachable from internet side)

> I have antivirus, but what else is a good idea to have.  

Correct, just remember that A/V is for detection after infection, not a protection. Firewall is not a migic end all, but it is rather opposite that, preventing access and abuse before the fact, stopping some malwares in their track.

Some may recommend similar detection products, get some for adware, get some for spyware, get some for remote controllers, and both the spam and its address collection method. But there's only so much any can handle at a time, and when there is no known problem. Keep that training up and you may end up with no problems,

> I want to be assured that if people who know just enough to download

Best answer is to train them well, tolerate little, and enforce against any major abuse. Any unlicenced SW they download can cost big money when found, possibly leading to discharge of all staff. Major D/L that is constant streaming is to be stopped as well since it eats up all the bandwidth.

Do not neglect getting regular upgrades for every update, since so many are relevant to stopping another malware type.
0
 
candgAuthor Commented:
Right,  Sun Bow those are all good ideas, some of which i've done.   All workstations are running winxp sp2.  And Server is windows 2003.

Please help me secure network.
0
 
JexPamCommented:
Microsoft has some excelent guides that address the questions you have presented here. I recomend checking them out.

http://www.microsoft.com/technet/itsolutions/midsizebusiness/25to50/default.mspx
0
 
Rich RumbleSecurity SamuraiCommented:
I start with policies: http://www.sans.org/resources/policies/
Your users "can do little more than download", but that is more than enough!  This is the most crutial part, BEST PRACTICES, please read this: http://xinn.org/win_bestpractices.html  and do not forget this: http://www.xinn.org/annoyance_spy-ware.html

AV, and regular scheduled AV dat updates, and nightly scans, along with automating M$ Updates are standard fare best practices also. If your users do not NEED to make system changes, like installing or uninstalling software, changing network settings, installing printers... then by all means remove the ADMIN rights that M$ gives them by default. A power user can still some of these things, and this may be necessary for LT users to have, but not always, your milage may vary...

Firewall good, fire bad.
-rich
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now