|
Suggestions to secure a home business network
Hi All,
I'm in the process of redesigning a network at my father in laws place since his partner has left the business. He's concerned about people that his partner may know and try to break through his network. Currently the network is only guarded by a router with firewall capabilities. To add more comfort I thought on adding another computer to be a firewall that will connect to the router ( again which it also has a firewall built in ). Then all computers go through the firewall All passwords have already been changed, just need more ideas on securing the internet to his internal network. If my idea is good then please let me know and if you have other ideas which may be more secure then again, please let me know. Thanks for your help... Gnarg |
most routers can be configured to only certain MAC addresses. lock down the router.
|
A router/firewall appliance provides excellent security. They default to having all inbound ports blocked (except ICMP usually) and since everything is in firmware they are pretty hard to hack.
I have always found one of those devices to be quite adequate. In fact, I have an ASP server that runs on Windows 2000 (I have to...) that is secured with one of those little router appliances and no one to date has hacked it. For my office LAN, a router appliance guards the internet gateway, iptables protects all Linux machines, and ZoneAlarm (an older version that is firewall only) along with the usual suite of protection software is in place on all Windows machines. Further, we don't use Outlook Express or Internet Explorer to access the internet, and we don't have any problems. |
Do not forget anti-virus and ad-ware stuff.
|
If you want to use a separate computer as a firewall, check out Smoothwall. This is basically a slimmed down distro that runs as a firewall, DHCP, DNS, etc. It has a simple setup utility, and a good web based config tool.
You will need a PC with two or three NICs. One will connect to the untrusted, outside world (Your ISP). Another will be your trusted, internal network, and the third is for a De-militarized zone, where you put any public servers. Smoothwall uses colour coding for these - Green (Trusted), Red (Untrusted) and Orange (DMZ). Computers in the green zone will use the smoothwall box for DHCP, and you will need to forward the relevant ports to the respective servers from the smoothwall web interface. I hope this helps --Ian |
That's nice, but...
If you're concerned about break 'n enter situations then adding another firewall is good, but just one added layer of protection. Focus on what valuables people would like to get their hands on and act on that. If there for instance are valuable documents all over the place you might want to force a central protected storage area and even decide to have some docs encrypted or stored on a disconnected box or tape. Also focus on other ways information can leave the place and take into account what this partner already took with him (as in prevention like revoking certain documents and re-issueing them to clients or business partners).
If we're talking about a judicially volatile situation, if there's an abnormal amount of interest in obtaining information or much financial gain involved it may be "interesting" to invest time in setting up a honeypot as a form of early warning system. |
Very good stuff
Thanks everyone,
This is very good information. The honeypot I totally forgot which I think I'll try and implement as well. Thanks for the help.. Gnarg |
| All times are GMT -5. The time now is 08:09 AM. |