Network Security - IP Addresses

I support a small network made up of 2 servers, 2 NAS Devices, 1 ADSL router, and 3 printers, plus 17 Desktops/Laptops on the network.

I would like to nail down security so that only a few ip addresses can access the servers, nas devices  and access the internet if plugged in.

The network is not using DHCP, but there is nothing preventing rogue visitors just plugged in and guessing an IP range and stealing some internet if you know what I am sayin.

The network is wired as opposed to wireless and the need to lock-down things is due to an ffice next door using the hubs in the public area even though told not to do so, still happens from time to time..

Any help much appreciated. The only way I know to start is using IP filters in Windows, but what about the NAS devices and the Router, the gateway to the internet.

Who is Participating?
Since "the office next door" has been told not to use the "hubs in the public area" then disconnect these hubs from your network.

If you are responsible for this network then you are fully entitled to do so - regardless of their protests!
What kind of switch are you using? You can use port security and lock down the ports on the switch to a specific mac address.
You could also setup an Internet proxy so they wouldn't get access to the Internet without knowing the proxy config.  You could use a free proxy or pay for one.
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

ActiveInfoSysAuthor Commented:
JohnDemergian -

I really like your idea of a Proxy Server. Very much indeed. Perfect really. But can't get client to pay for ISA server 2007.  Any other ideas along these lines, a free proxy? wow...please send links....might could pay up to £30.00, $60.00, but no more.

Free would be worth trying right away.

Would the proxy server have to be local or could it be internet based?
i don't have a specific one to recommend although i've used wingate in the past with good luck , it is not free. here is a google link
you can also try because they have reviews of the free and shareware software...
Does the client really have a requirement for their staff to use the public area hubs?

No network access device should be available to anyone else other than your own staff !
I agree a proxy may be of use, but, this is still only blocking internet access - but they'll  already be on your network !

If anything is required outside the general office then maybe a wireless solution would better than hubs, at least you can protect against unauthorised access - but the client should understnd that some money needs to spent in order to protect their network. Unless their willing to spend then they shouldnt have this access in these "public" areas.

What model router are you using?  Have you checked it's capabilities to block/allow access based on MAC or IP?  Are users in the public area supposed to be able to access your network resources and internet?  Are you using a Windows domain with Active Directory?  Can you implement different VLANs on your network? Blocking Internet access in only part of implementing security on your network.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.