?
Solved

What Security is required with Router

Posted on 2006-07-02
22
Medium Priority
?
724 Views
Last Modified: 2013-11-16
I am currently trying out a server on Windows Server 2003 and a client using XP. I have these networked via a router with my main intention being to try out a variety of applications such as Access, SQL Server etc on SharePoint from an accounting point of view i.e. generating and distributing reports to the end user.

My main system is XP and is located on a different partition on the server computer. I use the Internet and email from my main system only as I have Norton Internet security on that computer alone. I can access the Internet from all the systems via the router but I don't as I don't have any security on them.

My question is bearing in mind that this is a learning exercise only how can I secure my connection to the Internet for both client and server for the Internet (no emails) as cheaply as possible.
0
Comment
Question by:Marina2006
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
  • 3
22 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 400 total points
ID: 17026488
http://techrepublic.com.com/5100-1035_11-5596832.html

Also can dowload no 1 software to monitor network
www.gfi.com

Also can download
nmap software
http://www.insecure.org/nmap/

Reps
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 1600 total points
ID: 17026577
Marina2006, please clarify your setup:

You got a hardware router, connected to it a computer with windows XP AND Windows 2003
You got several other computers connected to that router and exchange information between your windows 2003 server and these windows XP clients.
You access the internet only from your own windows XP client (on the same computer where windows 2003 is installed, for security reasons?)
Can you tell us something about your IP setup, i.e. do you use a private adress space in your "home/company" network, or have you assigned each computer an IP, that is accessiable from the internet?

Keep in mind that a router "itself" has no security features, it doesn't have to. That task is done by a firewall (better in hardware than in software implemented)

To rise security within your network, you need a router as intrastructure component AND a firewall to keep all intrussion attempts outside. This can be done with a private adress space so none of your computers is "visible" from outside but just certain services are setup/allowed to be reached from outside, like a webserver or ftp server.

If I'm on the right path, don't hessitate to give further details, don't want to run in the wrong direction with my suggestion.

Tolomir
 
0
 

Author Comment

by:Marina2006
ID: 17027084
I have two computers.

Computer 1:  Partition (1) my personal computer running Windows XP and Norton
                    Partition (2) Server 2003 no security

Computer 2: The client computer for Server 2003 no security

I am having difficulty connecting my client to the domain on the server at the moment and have removed the IP addresses I had previously allocated. The numbers I was using were 192.168.0.2 and 192.168.03 (the router is 192.168.0.1).

Given that this is still a work in progress I would appreciate any advice/ info for both and which is preferable.


0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 27

Expert Comment

by:Tolomir
ID: 17027121
So the router is some standalone hardware box?

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17027128
these IP adresses are ok, as it seems.

try to ping your router to find out if you are really connected to it by the IP protocol.

 Press the windows key + r: type cmd    (windows key should be between CNTR and ALT key)

now a textshell should open, type ping 192.168.0.1 from each of your computers.

you should get some results. If that is finished we can go on.
0
 
LVL 30

Expert Comment

by:ded9
ID: 17027140
check your prefered dns server

Try 127.0.0.1
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 1600 total points
ID: 17027142
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\root>ipconfig                              <--- "ipconfig" nice to see is the "defaults" are properly set

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : localdomain
        IP Address. . . . . . . . . . . . : 192.168.0.130
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1

C:\Documents and Settings\root>ping 192.168.0.1            <----- pinging the gateway

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=2ms TTL=128
Reply from 192.168.0.1: bytes=32 time=3ms TTL=128
Reply from 192.168.0.1: bytes=32 time=2ms TTL=128
Reply from 192.168.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 486ms, Average = 276ms

C:\Documents and Settings\root>
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17027148
Please do an ipconfig and ping 192.168.0.1 (the router) from each computer and post the results

0
 

Author Comment

by:Marina2006
ID: 17059432
I haven't been able to respond until now I hope we can resume where we left off.

Previously both the Windows XP and Server where 192.168.02 and I changed them to the following I don't know whether this is correct, immaterial or wrong.

Server: Windows XP address: 192.168.0.2
            Windows Server address: 192.168.0.3

Client: Windows XP address: 192.168.0.4

TEST RESULTS:
Client Computer:
Ethernet Adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=4ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.0.1
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 2ms

Server:
Ethernet Adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=5ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.0.1
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 5ms, Average = 2ms
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17060069
no problem, I'm here.

Tolomir
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17060131
Alright, seems ok, but can you ping

192.168.0.2 from 192.168.0.4

and / or

192.168.0.3 from 192.168.0.4

and vice versa?



0
 

Author Comment

by:Marina2006
ID: 17065135
I have tried something new which I think has made things a little worse. I have reinstalled Windows Server 2003 as per Microsoft NechNet Step by Step Guide only I have changed their recommended range of 10.0.0.0 range of numbers.

My Router:
1) Is external stand alone - Netgears Wireless Router DG834PN.
2) IP address: 192.168.0.1
3) LAN setting is use router as DHCP server, starting address 192.168.0.2 and ending address 192.168.0.254

Server:
       1)  IP Address. . . . . . . . . . . . : 192.168.0.3
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.0.1

       2) Prefered DNS Server: 127.0.0.1

       3) I have installed the DHCP Server in Windows using the wizard and I entered the following.
           DHCP scope name: Contoso HQ
           Start address: 192.168.0.10 end IP: 192.168.0.254
           Default Gateway screen of New Scope Wizard for default gateway I entered 192.168.0.1
           For Parent Domain: contoso.com IP:192.168.0.3

        4) I installed the DNS and Active directory with the following:
            Full DNS Name: contoso.com




   
 
0
 

Author Comment

by:Marina2006
ID: 17065207
I need Windows Server 2003 to run the following:
                1) SQL Server 2005
                2) SharePoint Server
                3) Balanced Scorecard.
Can I run the above programs on Windows 2003 WITHOUT configuring a DHCP Server and DNS through Windows 2003?



0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 1600 total points
ID: 17065514
You can only have one DHCP server for a given subnet. This should be your hardware-router.

For 3 computers using an internal DNS server is not that useful. I suggest you use your router as DNS (relay) to handle outgoing DNS requests, so configure your computers to use 192.168.0.1 as DNS server.

If you want name resolution take a look at c:\windows\system32\drivers\etc\hosts

add these entries (take care of the file suffix, this is no hosts.txt file, but a hosts.<nothing>)
192.168.0.1  myrouter.contoso.com
192.168.0.2  windowsxp1.contoso.com
192.168.0.3  windows2k3.contoso.com
192.168.0.4  windowsxp2.contoso.com

after you entered these lines, save the file and copy it to all computers replacing the default hosts file.

So of cause you don't need a windows server configured to handle dns and DHCP.

Tolomir
0
 

Author Comment

by:Marina2006
ID: 17067625
Great !!!! thank you.

In terms of my security:  
192.168.0.1  myrouter             Router is Firewalled & I use WPA for my wireless encryption
192.168.0.2  windowsxp1         Norton - Using this OS for Internet and emails        
192.168.0.3  windows2k3         No security  - Currently using for internal network only
192.168.0.4  windowsxp2         No Security -  Currently using for internal network only

I would like to use windows2k3 for Internet online tutorials and hosted trials (no email) what would I require to do this safely ?            
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17067669
How about this:

http://www.amazon.com/gp/product/0782141307/sr=8-2/qid=1152449696/ref=pd_bbs_2/104-3823621-6300727?ie=UTF8

Mastering Windows Server 2003 (Hardcover) $37.79

Windows 2k3 is a far more complex than xp, you should really start some learning.

Tolomir
0
 
LVL 30

Expert Comment

by:ded9
ID: 17067706
check these out

www.visualwin.com
www.wown.com
www.testking.com
www.informit.com   ----> an awesome site with the best resources

Reps
0
 

Author Comment

by:Marina2006
ID: 17067709
Point well taken I actually had the analytical tools of SQL and a variety of other applications in mind, my back round is accounting so I'll spend my "learning" time on that for now and rely on you guys to get me up and running with windows.

Thank you none the less I'll keep the name of the book on hand .

How about that security?
0
 

Author Comment

by:Marina2006
ID: 17067720
I think my question was worded badly I don't need online tutorial links I was simply explaining why I needed internet connectivety from my Windows Server installation I need internet security.
0
 

Author Comment

by:Marina2006
ID: 17068542
Is the Routers Firewall adequate on it's own if I only use trusted sites when online?????????????
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 1600 total points
ID: 17069152
Well, you cannot even trust "trusted sites" by 100% because "Cross Site Scripting" is a real danger.

There are 3 security measures:

1. Offer no service outside your network, that is unused by you: e.g. uPnP, Remote Desktop, SMB shares...
These can be kept within you private network, with the routers default settings.

2. Protect your computers within your network. Use an up to date antivirus solution, e.g. nod32 on each computer, firefox is still more secure than IE 6, because it offers no active-x support. To be on the safe side, use ewido antispyware tool.

3. Never ever, surf the internet with administrator rights, because with a restricted  account, some malware has to slip through a buffer overflow of a system service, while with admin rights, some malware can use a flaw in your webbrowser to install itself as autostart service.

Tolomir
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Make the most of your online learning experience.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question