Jump to content

Welcome to TheHotfix.net Forums

Welcome to TheHotfix.net Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of TheHotfix.net Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Get your own profile and make new friends
  • Customize your experience here
Guest Message by DevFuse
 

Photo

Network Setup


  • Please log in to reply
8 replies to this topic

#1 Paul Masley

Paul Masley

    Geek of the Week

  • Exclusive Member
  • 253 posts
  • Gender: Male
  • Location: Charleston, West Virginia
  • Country:

Posted 08 November 2009 - 10:14 AM

Gang, I was not sure where to post this request for help and advice.

The situation I have is setting up a small network. The network is for a town. It will only have four computers and a laptop. All will need access to the internet. Two computers are running XP Pro, two XP Home and the laptop is XP Pro. The internet access is through a telecable modem. I have setup a Netgear Prosafe VPN Firewall (FVS318 V3) to act as a router and firewall.


Problem 1

As the police department computers (Desk and laptop) has to be super secure, I don't want them to be able to be seen on the network, but I want them to be able to sync files between themselves. The same goes for the standalone desktop in the Mayor's office. If possible these three need to be able to share printers also.

As these three need to be able to send information to each other, how can I do this without opening them up to the other computers on the network and be secure from outside intrusion?

Problem 2

The other office (water company) has access to the same network (2 desktops - XP Home). They need to be able to see each other, use a shared printer and not be able to see the police department or the mayors, but also be secure from outside intrusion.

As these two do not need any access to the super secure side, how can I block them?

There is no server involved to provide password security. I know this would be better, but I am under a very tight budget restraint. This needs to be done immediately.

Thanks for your help!
  • 0

#2 MrDan

MrDan

    TROLOLOLOLOLOLOL!

  • Administrator
  • 3532 posts
  • Gender: Male
  • Location: Ye old'e Anglia!
  • Country:
  • Interests: Computers, football (Chelsea FC).

Posted 08 November 2009 - 11:43 AM

1. To stop outsiders from seeing the network, can't you turn off SSID in the routers settings and use a WPA2 password? So only people who know the network name and password can use the network?

2. I thought Windows XP home did not support networking...

I'm not great at networking in XP as I've had very little experience in doing so; so that's all I can really help you with i'm afraid. If it was vista or 7 I'd be able to assist you more :)
  • 0

#3 Dave

Dave

    Zero Tolerance

  • Root Admin
  • 12495 posts
  • Gender: Male
  • Location: UK
  • Country:

Posted 08 November 2009 - 11:47 AM

XP home supports networking, but only simple file sharing, XP Pro supports Group Policies etc which is what would be needed for this setup
  • 0

#4 Paul Masley

Paul Masley

    Geek of the Week

  • Exclusive Member
  • 253 posts
  • Gender: Male
  • Location: Charleston, West Virginia
  • Country:

Posted 08 November 2009 - 12:38 PM

Dave, I need you to go a little deeper with the Group Policies. I am familiar with the Policies, but do not see how that would keep the home computers from seeing the Pros. The network is locked down from the modem out. I am not afraid of outsiders because I take the adadge that no network is actually safe from hackers. If they want in, they will get there. I was already asked to install a wireless. My response to that was no as I feel that there is no way to secure a wireless network. You can hide all you want and someone very persistant will be able to find it. Now entering it is another hack, but once found, anything is possible.
  • 0

#5 Dave

Dave

    Zero Tolerance

  • Root Admin
  • 12495 posts
  • Gender: Male
  • Location: UK
  • Country:

Posted 08 November 2009 - 01:07 PM

Group policies would not hide the network, it would only give rules as to who can and who cant access files / folders / drives, to hide a computer on a network, you need to turn off network discovery and just map drives between the PCs you want to share files between

Wireless can be hidden, as in not broadcasting the SSID, and given a WPA2 encryption, that would be a pretty secure wireless network.

I guess also you could set everything on a uncommon static IP range, meaning anyone who does try to hack in would also need to be on that range.

Edited by Dave, 08 November 2009 - 01:11 PM.

  • 0

#6 hydra

hydra

    Hardcore Nerd

  • Member
  • 192 posts

Posted 08 November 2009 - 07:52 PM

To hide your computer either use:

1. start > run > net config server /hidden:yes

or via the registry

2. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\
Parameters]

Either add a DWORD Hidden or modify it and set value to '1'



To Share files, it sounds like you could setup a NAS.

Most NAS's will allow you to set file permissions, users, user groups, and file shares. Once you've setup your shares, you can map the shares to each computer, or you could do what I did was add another layer of protection by writing an HTA Application (http://thehotfix.net...lp-with-script/) PM me if you need the completed script.

I also made sure that I made the shares hidden, by appending a $ sign after the share name. This makes your share hidden from the My Network Places browser list.

Printer
==================
You might want to consider getting a Network Printer. This way you don't have to use simple file sharing, and network administration can be done over the web, like you would find with many HP printers.


Wifi
======
As far as security is concerned, wifi is the worst.

- As you mentioned you could disable SSID broadcasting
- Setup Mac Address Filtering
- Setup a IP range for the exact number of computers and networking devices on the network
- Use WPA 2
  • 0

#7 Paul Masley

Paul Masley

    Geek of the Week

  • Exclusive Member
  • 253 posts
  • Gender: Male
  • Location: Charleston, West Virginia
  • Country:

Posted 09 November 2009 - 03:01 AM

Thanks gang, you have given me some ideas to start with. I am already running an oddball IP range. I was taught that back before Win 2000. I have also limted the amount of IP Addresses to the five that I use and the computers have a static IP tied to the mac address.

I am going to have to research the server/hidden item. I think I understand wht it does. Just want to make sure.

There is no budget for a network printer. It would also cause a security problem as it would have to be localized and the different offices are locked for most of the time. A very small town with a parttime mayor and town recorder(secretary).

Hydra, send me the script to look over if you don't mind. I want to get this network up and running secure before Saturday.
  • 0

#8 spacednow

spacednow

    Hardcore Nerd

  • Member
  • 111 posts
  • Location: Illinois, USA
  • Country:

Posted 09 November 2009 - 08:43 PM

Whatever you do, don't forget to leave yourself a back door.......(did I type that?)
  • 0

#9 Paul Masley

Paul Masley

    Geek of the Week

  • Exclusive Member
  • 253 posts
  • Gender: Male
  • Location: Charleston, West Virginia
  • Country:

Posted 10 November 2009 - 04:58 AM

Thanks gang. I got the script, thanks and yes, I always leave myself another way to get in. backdoor. Have not heard that one in a while. LOL
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users