Solved

Can someone hack in to a protected domain from public DMZ Wireless?

Posted on 2012-04-13
9
841 Views
Last Modified: 2012-04-13
We have a public wireless network in the DMZ and the a protected wireless network behind the firewall. I had someone tell me that he sat in our parking lot and could see the entire network that's behind the firewall from the Public wireless network.

Is that possible? are there a couple of things i can do to plug the hole?
0
Comment
Question by:ronfast
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844646
First thing would be to check your DMZ configuration.  See if you can see the internal network computers from a DMZ computer.
0
 

Author Comment

by:ronfast
ID: 37844671
So it's possible then?

Unfortunately since i'm new to wireless networks, DMZ, etc that i wouldn't know how to try to do that. So if i'm connected to the public network I would have to go through the firewall to the private network somehow?
0
 

Author Comment

by:ronfast
ID: 37844678
would it help if the IP range for the public wireless was radically different from the private wireless. Like 10.xxxxx rather than 192....?
0
 
LVL 6

Accepted Solution

by:
awaggoner earned 500 total points
ID: 37844705
Not really.  It sounds like you are a beginner with setting up not just wireless, but firewalls, DMZ, and any type of security.  Your question spans quite a few areas, some of which could get technical.

Since this is for a corporate network, and not just a home setup.  I would strongly recommend hiring a qualified outside consultant to set up your network securely.  You should be very involved with the configuration and ask lots of questions.

It is very important to get security right in a corporate environment.  I am sure you would not want to be responsible in case employee information got out.  This can include bank account information (direct deposit), Social Security Numbers, home addresses and phone numbers, plus any proprietary and accounting information relating to the business itself.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:ronfast
ID: 37844722
Got it. I understand the risks of someone hacking in. I'll take your advice under advisement. the reason that i was surprised that is a possibilty is that i've had two companys work on the network and neither have ever mentioned it.

thanks again, I'll get working on understanding all of the above.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844737
Unfortunately, a lot of consultants will only concentrate on what they were hired to do.  If you don't specifically tell them to check something, they won't.

This does not apply to everyone, and there a plenty of very good independant consultants out there.  It just is not practical to think someone will be able to walk in and know everything about your network.  They are paid to do a certain thing, but not to poke around looking for holes (unless that is what you are paying them for to begin with).
0
 

Author Comment

by:ronfast
ID: 37844759
Got it. THe one company originally designed and set up the entire network. so they were there from teh beginning. up until a few weeks ago they help me support the network on a monthly basis
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844863
Get a list of questions you have.  Make sure to include questions about how the firewall and DMZ are set up and what the traffic flows and restrictions are.  Then ask them to show it to you.  Confirm that it is working as advertised.

Take the time to get to know your network, inside and out.  Hopefully, your employer will invest in training courses for you.  I cannot recommend SANS training highly enough.  It is expensive, but worth it.

You might need to invest in more basic training first though.  The 'Teach Yourself TCP/IP in 24 hours' book is excellent.  Take it one step at a time and don't get discouraged with how much there is to learn.
0
 

Author Comment

by:ronfast
ID: 37844902
Good advice. my boss is allowing to invest in training videos. I love the stuff from TrainSignal.com. They are very well done and they even include sample certification testing. i'll get the book you recommended.

I do know networks as i'm the one that set up our domain controllers, including DHCP. I set up VMWare for almost all of my servers. the only thing i haven't done much on is our firewall programming and the Intricacies of wireless access, and installing Exchange.

thank you again
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now