Solved

What Security is required with Router

Posted on 2006-07-02
22
717 Views
Last Modified: 2013-11-16
I am currently trying out a server on Windows Server 2003 and a client using XP. I have these networked via a router with my main intention being to try out a variety of applications such as Access, SQL Server etc on SharePoint from an accounting point of view i.e. generating and distributing reports to the end user.

My main system is XP and is located on a different partition on the server computer. I use the Internet and email from my main system only as I have Norton Internet security on that computer alone. I can access the Internet from all the systems via the router but I don't as I don't have any security on them.

My question is bearing in mind that this is a learning exercise only how can I secure my connection to the Internet for both client and server for the Internet (no emails) as cheaply as possible.
0
Comment
Question by:Marina2006
  • 10
  • 8
  • 3
22 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 100 total points
ID: 17026488
http://techrepublic.com.com/5100-1035_11-5596832.html

Also can dowload no 1 software to monitor network
www.gfi.com

Also can download
nmap software
http://www.insecure.org/nmap/

Reps
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 400 total points
ID: 17026577
Marina2006, please clarify your setup:

You got a hardware router, connected to it a computer with windows XP AND Windows 2003
You got several other computers connected to that router and exchange information between your windows 2003 server and these windows XP clients.
You access the internet only from your own windows XP client (on the same computer where windows 2003 is installed, for security reasons?)
Can you tell us something about your IP setup, i.e. do you use a private adress space in your "home/company" network, or have you assigned each computer an IP, that is accessiable from the internet?

Keep in mind that a router "itself" has no security features, it doesn't have to. That task is done by a firewall (better in hardware than in software implemented)

To rise security within your network, you need a router as intrastructure component AND a firewall to keep all intrussion attempts outside. This can be done with a private adress space so none of your computers is "visible" from outside but just certain services are setup/allowed to be reached from outside, like a webserver or ftp server.

If I'm on the right path, don't hessitate to give further details, don't want to run in the wrong direction with my suggestion.

Tolomir
 
0
 

Author Comment

by:Marina2006
ID: 17027084
I have two computers.

Computer 1:  Partition (1) my personal computer running Windows XP and Norton
                    Partition (2) Server 2003 no security

Computer 2: The client computer for Server 2003 no security

I am having difficulty connecting my client to the domain on the server at the moment and have removed the IP addresses I had previously allocated. The numbers I was using were 192.168.0.2 and 192.168.03 (the router is 192.168.0.1).

Given that this is still a work in progress I would appreciate any advice/ info for both and which is preferable.


0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17027121
So the router is some standalone hardware box?

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17027128
these IP adresses are ok, as it seems.

try to ping your router to find out if you are really connected to it by the IP protocol.

 Press the windows key + r: type cmd    (windows key should be between CNTR and ALT key)

now a textshell should open, type ping 192.168.0.1 from each of your computers.

you should get some results. If that is finished we can go on.
0
 
LVL 30

Expert Comment

by:ded9
ID: 17027140
check your prefered dns server

Try 127.0.0.1
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 400 total points
ID: 17027142
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\root>ipconfig                              <--- "ipconfig" nice to see is the "defaults" are properly set

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : localdomain
        IP Address. . . . . . . . . . . . : 192.168.0.130
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

C:\Documents and Settings\root>ping 192.168.0.1            <----- pinging the gateway

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=2ms TTL=128
Reply from 192.168.0.1: bytes=32 time=3ms TTL=128
Reply from 192.168.0.1: bytes=32 time=2ms TTL=128
Reply from 192.168.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 486ms, Average = 276ms

C:\Documents and Settings\root>
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17027148
Please do an ipconfig and ping 192.168.0.1 (the router) from each computer and post the results

0
 

Author Comment

by:Marina2006
ID: 17059432
I haven't been able to respond until now I hope we can resume where we left off.

Previously both the Windows XP and Server where 192.168.02 and I changed them to the following I don't know whether this is correct, immaterial or wrong.

Server: Windows XP address: 192.168.0.2
            Windows Server address: 192.168.0.3

Client: Windows XP address: 192.168.0.4

TEST RESULTS:
Client Computer:
Ethernet Adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=4ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.0.1
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 2ms

Server:
Ethernet Adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=5ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.0.1
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 5ms, Average = 2ms
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17060069
no problem, I'm here.

Tolomir
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 27

Expert Comment

by:Tolomir
ID: 17060131
Alright, seems ok, but can you ping

192.168.0.2 from 192.168.0.4

and / or

192.168.0.3 from 192.168.0.4

and vice versa?



0
 

Author Comment

by:Marina2006
ID: 17065135
I have tried something new which I think has made things a little worse. I have reinstalled Windows Server 2003 as per Microsoft NechNet Step by Step Guide only I have changed their recommended range of 10.0.0.0 range of numbers.

My Router:
1) Is external stand alone - Netgears Wireless Router DG834PN.
2) IP address: 192.168.0.1
3) LAN setting is use router as DHCP server, starting address 192.168.0.2 and ending address 192.168.0.254

Server:
       1)  IP Address. . . . . . . . . . . . : 192.168.0.3
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.0.1

       2) Prefered DNS Server: 127.0.0.1

       3) I have installed the DHCP Server in Windows using the wizard and I entered the following.
           DHCP scope name: Contoso HQ
           Start address: 192.168.0.10 end IP: 192.168.0.254
           Default Gateway screen of New Scope Wizard for default gateway I entered 192.168.0.1
           For Parent Domain: contoso.com IP:192.168.0.3

        4) I installed the DNS and Active directory with the following:
            Full DNS Name: contoso.com




   
 
0
 

Author Comment

by:Marina2006
ID: 17065207
I need Windows Server 2003 to run the following:
                1) SQL Server 2005
                2) SharePoint Server
                3) Balanced Scorecard.
Can I run the above programs on Windows 2003 WITHOUT configuring a DHCP Server and DNS through Windows 2003?



0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 400 total points
ID: 17065514
You can only have one DHCP server for a given subnet. This should be your hardware-router.

For 3 computers using an internal DNS server is not that useful. I suggest you use your router as DNS (relay) to handle outgoing DNS requests, so configure your computers to use 192.168.0.1 as DNS server.

If you want name resolution take a look at c:\windows\system32\drivers\etc\hosts

add these entries (take care of the file suffix, this is no hosts.txt file, but a hosts.<nothing>)
192.168.0.1  myrouter.contoso.com
192.168.0.2  windowsxp1.contoso.com
192.168.0.3  windows2k3.contoso.com
192.168.0.4  windowsxp2.contoso.com

after you entered these lines, save the file and copy it to all computers replacing the default hosts file.

So of cause you don't need a windows server configured to handle dns and DHCP.

Tolomir
0
 

Author Comment

by:Marina2006
ID: 17067625
Great !!!! thank you.

In terms of my security:  
192.168.0.1  myrouter             Router is Firewalled & I use WPA for my wireless encryption
192.168.0.2  windowsxp1         Norton - Using this OS for Internet and emails        
192.168.0.3  windows2k3         No security  - Currently using for internal network only
192.168.0.4  windowsxp2         No Security -  Currently using for internal network only

I would like to use windows2k3 for Internet online tutorials and hosted trials (no email) what would I require to do this safely ?            
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17067669
How about this:

http://www.amazon.com/gp/product/0782141307/sr=8-2/qid=1152449696/ref=pd_bbs_2/104-3823621-6300727?ie=UTF8

Mastering Windows Server 2003 (Hardcover) $37.79

Windows 2k3 is a far more complex than xp, you should really start some learning.

Tolomir
0
 
LVL 30

Expert Comment

by:ded9
ID: 17067706
check these out

www.visualwin.com
www.wown.com
www.testking.com
www.informit.com   ----> an awesome site with the best resources

Reps
0
 

Author Comment

by:Marina2006
ID: 17067709
Point well taken I actually had the analytical tools of SQL and a variety of other applications in mind, my back round is accounting so I'll spend my "learning" time on that for now and rely on you guys to get me up and running with windows.

Thank you none the less I'll keep the name of the book on hand .

How about that security?
0
 

Author Comment

by:Marina2006
ID: 17067720
I think my question was worded badly I don't need online tutorial links I was simply explaining why I needed internet connectivety from my Windows Server installation I need internet security.
0
 

Author Comment

by:Marina2006
ID: 17068542
Is the Routers Firewall adequate on it's own if I only use trusted sites when online?????????????
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 400 total points
ID: 17069152
Well, you cannot even trust "trusted sites" by 100% because "Cross Site Scripting" is a real danger.

There are 3 security measures:

1. Offer no service outside your network, that is unused by you: e.g. uPnP, Remote Desktop, SMB shares...
These can be kept within you private network, with the routers default settings.

2. Protect your computers within your network. Use an up to date antivirus solution, e.g. nod32 on each computer, firefox is still more secure than IE 6, because it offers no active-x support. To be on the safe side, use ewido antispyware tool.

3. Never ever, surf the internet with administrator rights, because with a restricted  account, some malware has to slip through a buffer overflow of a system service, while with admin rights, some malware can use a flaw in your webbrowser to install itself as autostart service.

Tolomir
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now