Solved

Can someone hack in to a protected domain from public DMZ Wireless?

Posted on 2012-04-13
9
866 Views
Last Modified: 2012-04-13
We have a public wireless network in the DMZ and the a protected wireless network behind the firewall. I had someone tell me that he sat in our parking lot and could see the entire network that's behind the firewall from the Public wireless network.

Is that possible? are there a couple of things i can do to plug the hole?
0
Comment
Question by:ronfast
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844646
First thing would be to check your DMZ configuration.  See if you can see the internal network computers from a DMZ computer.
0
 

Author Comment

by:ronfast
ID: 37844671
So it's possible then?

Unfortunately since i'm new to wireless networks, DMZ, etc that i wouldn't know how to try to do that. So if i'm connected to the public network I would have to go through the firewall to the private network somehow?
0
 

Author Comment

by:ronfast
ID: 37844678
would it help if the IP range for the public wireless was radically different from the private wireless. Like 10.xxxxx rather than 192....?
0
 
LVL 6

Accepted Solution

by:
awaggoner earned 500 total points
ID: 37844705
Not really.  It sounds like you are a beginner with setting up not just wireless, but firewalls, DMZ, and any type of security.  Your question spans quite a few areas, some of which could get technical.

Since this is for a corporate network, and not just a home setup.  I would strongly recommend hiring a qualified outside consultant to set up your network securely.  You should be very involved with the configuration and ask lots of questions.

It is very important to get security right in a corporate environment.  I am sure you would not want to be responsible in case employee information got out.  This can include bank account information (direct deposit), Social Security Numbers, home addresses and phone numbers, plus any proprietary and accounting information relating to the business itself.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:ronfast
ID: 37844722
Got it. I understand the risks of someone hacking in. I'll take your advice under advisement. the reason that i was surprised that is a possibilty is that i've had two companys work on the network and neither have ever mentioned it.

thanks again, I'll get working on understanding all of the above.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844737
Unfortunately, a lot of consultants will only concentrate on what they were hired to do.  If you don't specifically tell them to check something, they won't.

This does not apply to everyone, and there a plenty of very good independant consultants out there.  It just is not practical to think someone will be able to walk in and know everything about your network.  They are paid to do a certain thing, but not to poke around looking for holes (unless that is what you are paying them for to begin with).
0
 

Author Comment

by:ronfast
ID: 37844759
Got it. THe one company originally designed and set up the entire network. so they were there from teh beginning. up until a few weeks ago they help me support the network on a monthly basis
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844863
Get a list of questions you have.  Make sure to include questions about how the firewall and DMZ are set up and what the traffic flows and restrictions are.  Then ask them to show it to you.  Confirm that it is working as advertised.

Take the time to get to know your network, inside and out.  Hopefully, your employer will invest in training courses for you.  I cannot recommend SANS training highly enough.  It is expensive, but worth it.

You might need to invest in more basic training first though.  The 'Teach Yourself TCP/IP in 24 hours' book is excellent.  Take it one step at a time and don't get discouraged with how much there is to learn.
0
 

Author Comment

by:ronfast
ID: 37844902
Good advice. my boss is allowing to invest in training videos. I love the stuff from TrainSignal.com. They are very well done and they even include sample certification testing. i'll get the book you recommended.

I do know networks as i'm the one that set up our domain controllers, including DHCP. I set up VMWare for almost all of my servers. the only thing i haven't done much on is our firewall programming and the Intricacies of wireless access, and installing Exchange.

thank you again
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now