Solved

Can someone hack in to a protected domain from public DMZ Wireless?

Posted on 2012-04-13
9
918 Views
Last Modified: 2012-04-13
We have a public wireless network in the DMZ and the a protected wireless network behind the firewall. I had someone tell me that he sat in our parking lot and could see the entire network that's behind the firewall from the Public wireless network.

Is that possible? are there a couple of things i can do to plug the hole?
0
Comment
Question by:ronfast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844646
First thing would be to check your DMZ configuration.  See if you can see the internal network computers from a DMZ computer.
0
 

Author Comment

by:ronfast
ID: 37844671
So it's possible then?

Unfortunately since i'm new to wireless networks, DMZ, etc that i wouldn't know how to try to do that. So if i'm connected to the public network I would have to go through the firewall to the private network somehow?
0
 

Author Comment

by:ronfast
ID: 37844678
would it help if the IP range for the public wireless was radically different from the private wireless. Like 10.xxxxx rather than 192....?
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 6

Accepted Solution

by:
awaggoner earned 500 total points
ID: 37844705
Not really.  It sounds like you are a beginner with setting up not just wireless, but firewalls, DMZ, and any type of security.  Your question spans quite a few areas, some of which could get technical.

Since this is for a corporate network, and not just a home setup.  I would strongly recommend hiring a qualified outside consultant to set up your network securely.  You should be very involved with the configuration and ask lots of questions.

It is very important to get security right in a corporate environment.  I am sure you would not want to be responsible in case employee information got out.  This can include bank account information (direct deposit), Social Security Numbers, home addresses and phone numbers, plus any proprietary and accounting information relating to the business itself.
0
 

Author Comment

by:ronfast
ID: 37844722
Got it. I understand the risks of someone hacking in. I'll take your advice under advisement. the reason that i was surprised that is a possibilty is that i've had two companys work on the network and neither have ever mentioned it.

thanks again, I'll get working on understanding all of the above.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844737
Unfortunately, a lot of consultants will only concentrate on what they were hired to do.  If you don't specifically tell them to check something, they won't.

This does not apply to everyone, and there a plenty of very good independant consultants out there.  It just is not practical to think someone will be able to walk in and know everything about your network.  They are paid to do a certain thing, but not to poke around looking for holes (unless that is what you are paying them for to begin with).
0
 

Author Comment

by:ronfast
ID: 37844759
Got it. THe one company originally designed and set up the entire network. so they were there from teh beginning. up until a few weeks ago they help me support the network on a monthly basis
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844863
Get a list of questions you have.  Make sure to include questions about how the firewall and DMZ are set up and what the traffic flows and restrictions are.  Then ask them to show it to you.  Confirm that it is working as advertised.

Take the time to get to know your network, inside and out.  Hopefully, your employer will invest in training courses for you.  I cannot recommend SANS training highly enough.  It is expensive, but worth it.

You might need to invest in more basic training first though.  The 'Teach Yourself TCP/IP in 24 hours' book is excellent.  Take it one step at a time and don't get discouraged with how much there is to learn.
0
 

Author Comment

by:ronfast
ID: 37844902
Good advice. my boss is allowing to invest in training videos. I love the stuff from TrainSignal.com. They are very well done and they even include sample certification testing. i'll get the book you recommended.

I do know networks as i'm the one that set up our domain controllers, including DHCP. I set up VMWare for almost all of my servers. the only thing i haven't done much on is our firewall programming and the Intricacies of wireless access, and installing Exchange.

thank you again
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 207
Allow IP range in sonicwall 1 32
Amazon Echo Dot 2 setup problem 5 72
Draytek (Site to Site VPN using IPSec) 6 69
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question