Security & Network Question

Discussion in 'Computer Security' started by kelton, Apr 19, 2004.

  1. kelton

    kelton Nibble Poster

    Kinda cross-forum question this, but simpler to say it only once.

    I have a friend who is running a small business that is just starting. He was wanting some advice on his network setup that he is wanting to do. He also mentioned a firewall and zonealarm. After I got over the shock of them two words together, he told me what his setup was going to be:

    He has 3 computers running XP, he also has a 4th running XP that he plans to use as a server (File, Fax, Printer ext ect).

    He has a 1megabit broadband connection, and a broadband router.

    He also mentioned the server was connected via a switch (not sure what he meant here... dont think its a network switch!)... to his computer.

    He asked if it will work, and if its the best setup.

    I did ask him why the server wasnt connected to the router for access by all, he didnt know - but if thats the best solution. He did say in answer to another question that all 3 mahcines needed to access this server.

    As mentioned, we then talked about security. He mentioned using Zonealarm or Norton firewall on each machine. Im not sure if this is the best way to go...


    What do you think I should suggest about his network. He is a small business and can not go down the like of spending much cash just now as he is starting out... so going and installing Win2003 server is a bit much just now I think. A small peer-to-peer network would be ok, although I feel he would have to watch security carefuly opening up access to other network machines when the broadband is connected straight into his LAN router.

    Also, can any security experts please suggest something that he could do / use, or if his current thinking is ok the right lines.


    Hey to everyone! Its been a while, im hoping to get back into study ways asap... 18 months of course and done bugger all in last year :( I can see the CDL man starting to queue already to get his cash back... oh well, thats life!
  2. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    Well, you get what you pay for. Actually, Zone Alarm is not that bad and certainly better than depending on XP's on board firewall. In addition, if you didn't already mention it to him, he might want to pick up professional anti-virus and anti-spyware programs to further protect his network.

    Does the broadband router do NAT and DHCP? NAT would add another layer of protection since the IP addressing scheme of his internal network would not be visible on the Internet; just the IP address assigned by his ISP.

    I assume you're talking about XP Pro and not XP Home (don't laugh...I've seen XP Home deployed in small offices because the boss was too cheap to buy Pro).

    I don't know what the relative pricing differences are between Server 2000 versus 2003 but if 2000 is more affordable, he might want to start with that. Unfortunately, as I recall, MS doesn't sell CALs for Server 2000 anymore, forcing you to buy Server 2003 CALs which would be good for 2000. Still, if he's got less than 5 connecting computers, 5 CALs come with the OS.

    I'm just shooting from the hip here. Hope some of what I've said makes sense. Glad to see you around again, Kelton.
    Certifications: A+ and Network+
  3. kelton

    kelton Nibble Poster

    I asked him about NAT - he was not sure. He is using BT Internet (Or whatever they call themselfs this week) who I understand use dynamic IP allocation. I would imagine that it is set up with NAT, gave up at that point before asking about DHCP :)

    Will go through that when the router arrives. The router has a firewall included, but this is likely going to be a basic one - I know what mine in like on my router (which won't be connected to broadband till August!).

    Its another good point asking which version of XP he has.

    As for getting him setup with a server - I have to talk to him further about his exact needs. I get the impresion that he requires it only for basic file / printer / fax sharing. You could argue that under peer-to-peer he doesnt need a 4th machine setup with XP acting as this... unless he specifically wants it on a single machine that is always on? Maybe.

    Thanks for the help and guidance... may be back when I get more information!
  4. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    seems like a pretty standard set up for a place that small
    should work fine

    like trip said try and sort out decent anti virus and any spyware

    if DHCP is not running on the router he may find it useful to run a server OS of some sort (i get the impression you were saying he is using an xp box as a server, not a sever OS),
    and yes the network switch is probably his best bet, beats a hub :P
    i dont see too many problems / complications with a set up of that size to be honest
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  5. luckyluke

    luckyluke New Member


    Take a look at WWW.SMOOTHWALL.ORG - Stick a smoothwall inbetween your "router" and the private network and you'll be fine

    Smoothwall is a free downloadable program, which can turn an old PC (for example a 486or pentium 100mhz) into a fully functionable hardware firewall! All the pc needs is 2 old network cards or a network card and a USB port! despite it sounding it, it is not difficult at all to set up!

    It provides many extensive features, but given your scenario I would suggest the following are the main reasons....

    Hardware Firewall instead of software firewall - A software firewall is better than nothing but to have a hardware firewall will protect your network better as any potential intrusion attempts are not already on your network when they occur!

    DHCP server - Default is a 192.168.0.X address range but totally configurable all the way to 10.X.X.X address range :eek: :D :D

    NAT - Almost forgot - This obviously has NAT as well...

    Web proxy - Caches offline web pages etc for faster web access

    Intrusion Detection System (IDS) - Monitors for port scanning attacks etc (note you can even turn off ICMP (ping etc) - handy to prevent against port scanning).

    Time settings - Smoothwall can ensure evey PC getsit time from Smoothwall ensuring they are all up to date..might be handy..might not?!

    Give it a look is a quality product! Might be what you're looking for by the sound of things?

    The only thing it doesn't do that you might want to sort is Antivirus protection for the network, and print/file serving, but your XP pc will do those if you are on a budget.

    Any questions feel free to ask!
    Hope this helps

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.