Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey im just looking for some good suggestions, and i know you people got'm
Im looking to put together a smal network, including a server, for a small practice. As far as a server goes its gotta be windows, the software needed to be run on it is windows only. Should I get something with Raid mirror functions for backups, tape drive? What is some good backup software (Not too pricey) Can i get a cheapy Array controller (Not really familiar at all with RAID to begin with)?What about Switches/Hubs, only maybe 5-6 PC's + Printer gonna be on the network. As far as security goes, should i setup a little junk box at the source and maybe run iptables/chains blocking everything incoming? Is iptables easy to configure (I ran it a while back)? Would it be stupid to just setup iptables and then route that to a Linksys router (sounds cheezy i know). I know this post is all over the place, but i'm trying to cover every area possible. Any recommendations for servers, IBM, HP, etc. If you want to check out the software that will be used, its something in the area of this http://www.dbconsultants.com/ basically that type of software. Any suggestions, be my guest. Thanks ahead of time. I really do appreciate it. If you can recommend a specific type of server that will be sufficient please do so, I'm leaning towards a tape drive and maybe two 72GB SCSI Drives (RAID 1?).
I am a very big fan of IPCop as a Firewall/NAT/Router. You can throw it on a very small system (I was running it on a PII with 32 MB of RAM and only 4GB HardDrive). You can, also, plug it into a switch for connectivity. Just remember one thing:
Green is the inside address
Red is the outside address
Just set it up with 2 Network cards, have your red address plug into your Point of Pressence (DSL router, Cable Modem, Whatever) and your green address plug into the switch. Remember that the red must match the address of the POP and that the green is your own network scheme. You'll, then, point the machines to use the green address as they're default gateway.
Your green address will also have an easy to use web interface that you can use to administer your firewall.
As to your RAID setup: do you want to mirror- copy the harddrive for backup reasons (RAID -1) or do you want to double your harddrive space (RAID-0)?
You might want to check with HP and DELL for your server, or build your own.
RAID-1 is NOT a backup solution! It's used for redundancy incase one drive fails. The reason it is not used for backup is because everything that is done to drive 1 is mirrored to drive 2 this includes, deleting files, formating hard drives, virus infections, etc. Tape backup is a very good solution as long as you rotate the tapes and replace them often.
Tape is rather obsolete for backup purposes when extremely dense USB 2.0 hard-drives that can fit in your pocket (or in a safe-deposit box) are available for only a few hundred dollars.
If you want to create a really secure network, you need more than a firewall. Most corporate networks are like a chocolate truffle: once you get past the thin, crunchy shell, there's nothing but sweetness inside. Not another obstacle to be seen. If you can get into one machine you can get anywhere. That shouldn't be.
All of your passageways into the network should require VPN. (Virtual Private Networking.) The only exception might be if you're running a web-server in which case there is a port to this server, which is running as an entirely "stupid" unprivileged user (no logins permitted) with no access to anything except the minimum that it needs to run. All other access to anything anywhere, from the outside, must pass through VPN.
Furthermore... all traffic inside(!) your corporate network should require VPN as well! And this is a separate circuit. All of the traffic that is passing from one computer to another, inside the 'perimeter,' should be encrypted. Someone who brings their laptop in without authorization, like someone sitting outside the building eavesdropping on the wireless, would not be able to connect to anything.
Every bit of this encryption should rely upon individually-issued digital certificates, assigned to each machine and/or user as required, not merely passwords, pre-shared-keys or XAUTH.
"A lot of work?" "Too much trouble?" Hmm, usually the case. People secure their buildings carefully but never their own networks, where the true crown-jewels of every business are so carelessly stored.
Just as sundialsvcs said: Anyone sitting in the lobby or in their car on the side of the building can hack this type of network. My opinion: Use Wireless like a DMZ. Keep it on an entirely different network. After all, if you can wire your own building, it's a lot more secure. Really, wireless should be for the home anyway, not the office.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.