Sign in to follow this  
Followers 0
Paul Masley

Network Setup

9 posts in this topic

Gang, I was not sure where to post this request for help and advice.

The situation I have is setting up a small network. The network is for a town. It will only have four computers and a laptop. All will need access to the internet. Two computers are running XP Pro, two XP Home and the laptop is XP Pro. The internet access is through a telecable modem. I have setup a Netgear Prosafe VPN Firewall (FVS318 V3) to act as a router and firewall.

Problem 1

As the police department computers (Desk and laptop) has to be super secure, I don't want them to be able to be seen on the network, but I want them to be able to sync files between themselves. The same goes for the standalone desktop in the Mayor's office. If possible these three need to be able to share printers also.

As these three need to be able to send information to each other, how can I do this without opening them up to the other computers on the network and be secure from outside intrusion?

Problem 2

The other office (water company) has access to the same network (2 desktops - XP Home). They need to be able to see each other, use a shared printer and not be able to see the police department or the mayors, but also be secure from outside intrusion.

As these two do not need any access to the super secure side, how can I block them?

There is no server involved to provide password security. I know this would be better, but I am under a very tight budget restraint. This needs to be done immediately.

Thanks for your help!

0

Share this post


Link to post
Share on other sites

1. To stop outsiders from seeing the network, can't you turn off SSID in the routers settings and use a WPA2 password? So only people who know the network name and password can use the network?

2. I thought Windows XP home did not support networking...

I'm not great at networking in XP as I've had very little experience in doing so; so that's all I can really help you with i'm afraid. If it was vista or 7 I'd be able to assist you more :)

0

Share this post


Link to post
Share on other sites

XP home supports networking, but only simple file sharing, XP Pro supports Group Policies etc which is what would be needed for this setup

0

Share this post


Link to post
Share on other sites

Dave, I need you to go a little deeper with the Group Policies. I am familiar with the Policies, but do not see how that would keep the home computers from seeing the Pros. The network is locked down from the modem out. I am not afraid of outsiders because I take the adadge that no network is actually safe from hackers. If they want in, they will get there. I was already asked to install a wireless. My response to that was no as I feel that there is no way to secure a wireless network. You can hide all you want and someone very persistant will be able to find it. Now entering it is another hack, but once found, anything is possible.

0

Share this post


Link to post
Share on other sites

Group policies would not hide the network, it would only give rules as to who can and who cant access files / folders / drives, to hide a computer on a network, you need to turn off network discovery and just map drives between the PCs you want to share files between

Wireless can be hidden, as in not broadcasting the SSID, and given a WPA2 encryption, that would be a pretty secure wireless network.

I guess also you could set everything on a uncommon static IP range, meaning anyone who does try to hack in would also need to be on that range.

Edited by Dave
0

Share this post


Link to post
Share on other sites

To hide your computer either use:

1. start > run > net config server /hidden:yes

or via the registry

2. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\

Parameters]

Either add a DWORD Hidden or modify it and set value to '1'

To Share files, it sounds like you could setup a NAS.

Most NAS's will allow you to set file permissions, users, user groups, and file shares. Once you've setup your shares, you can map the shares to each computer, or you could do what I did was add another layer of protection by writing an HTA Application () PM me if you need the completed script.

I also made sure that I made the shares hidden, by appending a $ sign after the share name. This makes your share hidden from the My Network Places browser list.

Printer

==================

You might want to consider getting a Network Printer. This way you don't have to use simple file sharing, and network administration can be done over the web, like you would find with many HP printers.

Wifi

======

As far as security is concerned, wifi is the worst.

- As you mentioned you could disable SSID broadcasting

- Setup Mac Address Filtering

- Setup a IP range for the exact number of computers and networking devices on the network

- Use WPA 2

0

Share this post


Link to post
Share on other sites

Thanks gang, you have given me some ideas to start with. I am already running an oddball IP range. I was taught that back before Win 2000. I have also limted the amount of IP Addresses to the five that I use and the computers have a static IP tied to the mac address.

I am going to have to research the server/hidden item. I think I understand wht it does. Just want to make sure.

There is no budget for a network printer. It would also cause a security problem as it would have to be localized and the different offices are locked for most of the time. A very small town with a parttime mayor and town recorder(secretary).

Hydra, send me the script to look over if you don't mind. I want to get this network up and running secure before Saturday.

0

Share this post


Link to post
Share on other sites

Thanks gang. I got the script, thanks and yes, I always leave myself another way to get in. backdoor. Have not heard that one in a while. LOL

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0