Can someone hack in to a protected domain from public DMZ Wireless?

We have a public wireless network in the DMZ and the a protected wireless network behind the firewall. I had someone tell me that he sat in our parking lot and could see the entire network that's behind the firewall from the Public wireless network.

Is that possible? are there a couple of things i can do to plug the hole?
ronfastI.T. DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

First thing would be to check your DMZ configuration.  See if you can see the internal network computers from a DMZ computer.
ronfastI.T. DirectorAuthor Commented:
So it's possible then?

Unfortunately since i'm new to wireless networks, DMZ, etc that i wouldn't know how to try to do that. So if i'm connected to the public network I would have to go through the firewall to the private network somehow?
ronfastI.T. DirectorAuthor Commented:
would it help if the IP range for the public wireless was radically different from the private wireless. Like 10.xxxxx rather than 192....?
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Not really.  It sounds like you are a beginner with setting up not just wireless, but firewalls, DMZ, and any type of security.  Your question spans quite a few areas, some of which could get technical.

Since this is for a corporate network, and not just a home setup.  I would strongly recommend hiring a qualified outside consultant to set up your network securely.  You should be very involved with the configuration and ask lots of questions.

It is very important to get security right in a corporate environment.  I am sure you would not want to be responsible in case employee information got out.  This can include bank account information (direct deposit), Social Security Numbers, home addresses and phone numbers, plus any proprietary and accounting information relating to the business itself.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ronfastI.T. DirectorAuthor Commented:
Got it. I understand the risks of someone hacking in. I'll take your advice under advisement. the reason that i was surprised that is a possibilty is that i've had two companys work on the network and neither have ever mentioned it.

thanks again, I'll get working on understanding all of the above.
Unfortunately, a lot of consultants will only concentrate on what they were hired to do.  If you don't specifically tell them to check something, they won't.

This does not apply to everyone, and there a plenty of very good independant consultants out there.  It just is not practical to think someone will be able to walk in and know everything about your network.  They are paid to do a certain thing, but not to poke around looking for holes (unless that is what you are paying them for to begin with).
ronfastI.T. DirectorAuthor Commented:
Got it. THe one company originally designed and set up the entire network. so they were there from teh beginning. up until a few weeks ago they help me support the network on a monthly basis
Get a list of questions you have.  Make sure to include questions about how the firewall and DMZ are set up and what the traffic flows and restrictions are.  Then ask them to show it to you.  Confirm that it is working as advertised.

Take the time to get to know your network, inside and out.  Hopefully, your employer will invest in training courses for you.  I cannot recommend SANS training highly enough.  It is expensive, but worth it.

You might need to invest in more basic training first though.  The 'Teach Yourself TCP/IP in 24 hours' book is excellent.  Take it one step at a time and don't get discouraged with how much there is to learn.
ronfastI.T. DirectorAuthor Commented:
Good advice. my boss is allowing to invest in training videos. I love the stuff from They are very well done and they even include sample certification testing. i'll get the book you recommended.

I do know networks as i'm the one that set up our domain controllers, including DHCP. I set up VMWare for almost all of my servers. the only thing i haven't done much on is our firewall programming and the Intricacies of wireless access, and installing Exchange.

thank you again
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.