Solved

Can someone hack in to a protected domain from public DMZ Wireless?

Posted on 2012-04-13
9
937 Views
Last Modified: 2012-04-13
We have a public wireless network in the DMZ and the a protected wireless network behind the firewall. I had someone tell me that he sat in our parking lot and could see the entire network that's behind the firewall from the Public wireless network.

Is that possible? are there a couple of things i can do to plug the hole?
0
Comment
Question by:ronfast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844646
First thing would be to check your DMZ configuration.  See if you can see the internal network computers from a DMZ computer.
0
 

Author Comment

by:ronfast
ID: 37844671
So it's possible then?

Unfortunately since i'm new to wireless networks, DMZ, etc that i wouldn't know how to try to do that. So if i'm connected to the public network I would have to go through the firewall to the private network somehow?
0
 

Author Comment

by:ronfast
ID: 37844678
would it help if the IP range for the public wireless was radically different from the private wireless. Like 10.xxxxx rather than 192....?
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 6

Accepted Solution

by:
awaggoner earned 500 total points
ID: 37844705
Not really.  It sounds like you are a beginner with setting up not just wireless, but firewalls, DMZ, and any type of security.  Your question spans quite a few areas, some of which could get technical.

Since this is for a corporate network, and not just a home setup.  I would strongly recommend hiring a qualified outside consultant to set up your network securely.  You should be very involved with the configuration and ask lots of questions.

It is very important to get security right in a corporate environment.  I am sure you would not want to be responsible in case employee information got out.  This can include bank account information (direct deposit), Social Security Numbers, home addresses and phone numbers, plus any proprietary and accounting information relating to the business itself.
0
 

Author Comment

by:ronfast
ID: 37844722
Got it. I understand the risks of someone hacking in. I'll take your advice under advisement. the reason that i was surprised that is a possibilty is that i've had two companys work on the network and neither have ever mentioned it.

thanks again, I'll get working on understanding all of the above.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844737
Unfortunately, a lot of consultants will only concentrate on what they were hired to do.  If you don't specifically tell them to check something, they won't.

This does not apply to everyone, and there a plenty of very good independant consultants out there.  It just is not practical to think someone will be able to walk in and know everything about your network.  They are paid to do a certain thing, but not to poke around looking for holes (unless that is what you are paying them for to begin with).
0
 

Author Comment

by:ronfast
ID: 37844759
Got it. THe one company originally designed and set up the entire network. so they were there from teh beginning. up until a few weeks ago they help me support the network on a monthly basis
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37844863
Get a list of questions you have.  Make sure to include questions about how the firewall and DMZ are set up and what the traffic flows and restrictions are.  Then ask them to show it to you.  Confirm that it is working as advertised.

Take the time to get to know your network, inside and out.  Hopefully, your employer will invest in training courses for you.  I cannot recommend SANS training highly enough.  It is expensive, but worth it.

You might need to invest in more basic training first though.  The 'Teach Yourself TCP/IP in 24 hours' book is excellent.  Take it one step at a time and don't get discouraged with how much there is to learn.
0
 

Author Comment

by:ronfast
ID: 37844902
Good advice. my boss is allowing to invest in training videos. I love the stuff from TrainSignal.com. They are very well done and they even include sample certification testing. i'll get the book you recommended.

I do know networks as i'm the one that set up our domain controllers, including DHCP. I set up VMWare for almost all of my servers. the only thing i haven't done much on is our firewall programming and the Intricacies of wireless access, and installing Exchange.

thank you again
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question