Security, Security and Security...

[freedom4ever]

So always, the local users should be only connected to the LDAP layer only, right?

The LDAP will do the Job of delivering all the requests to the user by accessing the other layers on the network?

in this way we decrease the danger that the user will access an unlikely application or confidential data.

I hope i get it well.

[Mar1K]

Quote:

Originally Posted by freedom4ever

So always, the local users should be only connected to the LDAP layer only, right?

The LDAP will do the Job of delivering all the requests to the user by accessing the other layers on the network?

in this way we decrease the danger that the user will access an unlikely application or confidential data.

I hope i get it well.

Users can be on the same DMZ as the ldap (since the ldap typically runs a file server as well in most cases). The ldap holds their access rights if your running AD or eDirectory.

If your running a database that has a web interface for exmaple. users sould be able to talk to the machine running the web interface but not the database.

In this scenario, the web server is commonly known as Presentation server. If users access the data directly through an application on their pc, well, there is no where to run but to highly secure your db server (which you should do anyway).

[Mar1K]

Would you like to share ideas on how do you secure your business infrastructure?

Maybe your personal PCs at home?

[freedom4ever]

Quote:

Originally Posted by Mar1K

Would you like to share ideas on how do you secure your business infrastructure?

Maybe your personal PCs at home?

Well I want to ask about securing a small business, and network infrastructure.

I know that we already discussed this earlier in the anti-virus thread but maybe we can make it clearer.

I have about 30-35 user in my company,
We have no infrastructure, i came in into the company they are using, wireless network, access point and wireless repeaters.
All file are saved locally on users PC, anyone can access the network, no domain name, no nothing that looks like a network.

And i am trying to configure out how to put the company on the right track, i need the following but i need to achieve it with less resources:

1- Domain name authentication, to keep track with company owned PCs and laptops.

2- File Sharing on the network and not locally.

3- Exchange mail ( we are using webmail which is exhausting our internet conenction).

4- ISA to control the people who access the internet and what they access

5- We have a Management Program that we are using for work flow and internal transactions.(the software consist of a client installed on the users PC that speaks with a MySQL server that contains the data and information).

6- Anti virus solution to install updates automatically on users PC without need to update via internet.

The MySQL server of the management application it should be stand alone as the company management is requiring.

I can get an Additional server and a powerful desktop to be used as a server.

What are the advices in such case to have a low cost /secure network.

P.S.: we cannot establish a wired network to connect the Users to the Network, so using wireless is necessity.

The wired server connection is not a problem i am preparing a small data center to centralize the network management in one place.

[Mar1K]

Quote:

Originally Posted by freedom4ever

Well I want to ask about securing a small business, and network infrastructure.

I know that we already discussed this earlier in the anti-virus thread but maybe we can make it clearer.

I have about 30-35 user in my company,
We have no infrastructure, i came in into the company they are using, wireless network, access point and wireless repeaters.
All file are saved locally on users PC, anyone can access the network, no domain name, no nothing that looks like a network.

And i am trying to configure out how to put the company on the right track, i need the following but i need to achieve it with less resources:

1- Domain name authentication, to keep track with company owned PCs and laptops.

2- File Sharing on the network and not locally.

3- Exchange mail ( we are using webmail which is exhausting our internet conenction).

4- ISA to control the people who access the internet and what they access

5- We have a Management Program that we are using for work flow and internal transactions.(the software consist of a client installed on the users PC that speaks with a MySQL server that contains the data and information).

6- Anti virus solution to install updates automatically on users PC without need to update via internet.

The MySQL server of the management application it should be stand alone as the company management is requiring.

I can get an Additional server and a powerful desktop to be used as a server.

What are the advices in such case to have a low cost /secure network.

P.S.: we cannot establish a wired network to connect the Users to the Network, so using wireless is necessity.

The wired server connection is not a problem i am preparing a small data center to centralize the network management in one place.

What is the security your applying on your wireless network? First, what is your wireless access point? I hope your not using WEP.

You may want to start with WPA2-PSK (if your router can take 35 users with WPA2, that would be great, start by listing your wireless ap).

As for equipments, you NEED 3 servers (or desktops). ISA is a gateway. It should not be shared with ldap (obviously cause ldap shares files publicly) . ISA can not be shared with Exchange obviously cause Exchange is a resources hog

What mysql version are you using? I would advise to implement a CA server but 35 users wireless... not a good idea...

So let's start by your wireless network security and we move on from there.

[freedom4ever]

Quote:

Originally Posted by Mar1K

What is the security your applying on your wireless network? First, what is your wireless access point? I hope your not using WEP.

You may want to start with WPA2-PSK (if your router can take 35 users with WPA2, that would be great, start by listing your wireless ap).

As for equipments, you NEED 3 servers (or desktops). ISA is a gateway. It should not be shared with ldap (obviously cause ldap shares files publicly) . ISA can not be shared with Exchange obviously cause Exchange is a resources hog

What mysql version are you using? I would advise to implement a CA server but 35 users wireless... not a good idea...

So let's start by your wireless network security and we move on from there.

Hi Again sorry for my late reply again.

Oh!! Wireless security there is no wireless security used lol
We connect to the network using a Private IP with a Subnet mask and a gateway.

SQL Server 9.0.1399 SQL server 2005

[Mar1K]

Quote:

Originally Posted by freedom4ever

Hi Again sorry for my late reply again.

Oh!! Wireless security there is no wireless security used lol
We connect to the network using a Private IP with a Subnet mask and a gateway.

SQL Server 9.0.1399 SQL server 2005

So you have not even setup a key? my friend this is very dangerous. So if a user knows your IP range, he can connect to your network? That is half the job done to compromise your entire network.

Do you even use MAC address filtering? (even though MAC addresses are very easily replicated or changed)

I urge you to consider using AES or 3DES encryption with a proper key.

What is your access point? Maybe i can help with determining the encryption gender for suitable performance for your environment.

[freedom4ever]

Quote:

Originally Posted by Mar1K

So you have not even setup a key? my friend this is very dangerous. So if a user knows your IP range, he can connect to your network? That is half the job done to compromise your entire network.

Do you even use MAC address filtering? (even though MAC addresses are very easily replicated or changed)

I urge you to consider using AES or 3DES encryption with a proper key.

What is your access point? Maybe i can help with determining the encryption gender for suitable performance for your environment.

They are Using Linksys Wireless G-Router along with Linksys Wireless G Access Point

No kind of security is used,
And the access point are conencted to the Router as wireless repeater

[Mar1K]

Quote:

Originally Posted by freedom4ever

They are Using Linksys Wireless G-Router along with Linksys Wireless G Access Point

No kind of security is used,
And the access point are conencted to the Router as wireless repeater

That should not be hard to setup, the repeater actually work more of a booster for the signal, it does not function as a gateway itself.
on the router interface, login to your admin page and go to security tab, under it, enable security and choose WPA2 with AES encryption.

http://downloads.linksysbycisco.com/...0_UG_C+web.pdf

This should help you. When you create a key, be aware that you will need to enter that key on each client that needs to connect to that router so you may want to do that after hours and start assisting your users early in the morning. WPA2 may have some performance issues on your network so you may want to monitor your network's performance especially that your running on a wireless device.

Please post the outcome.

[freedom4ever]

Quote:

Originally Posted by Mar1K

That should not be hard to setup, the repeater actually work more of a booster for the signal, it does not function as a gateway itself.
on the router interface, login to your admin page and go to security tab, under it, enable security and choose WPA2 with AES encryption.

http://downloads.linksysbycisco.com/...0_UG_C+web.pdf

This should help you. When you create a key, be aware that you will need to enter that key on each client that needs to connect to that router so you may want to do that after hours and start assisting your users early in the morning. WPA2 may have some performance issues on your network so you may want to monitor your network's performance especially that your running on a wireless device.

Please post the outcome.

I already did that in my home this is not the issue,
I know that the network is not secure at all.
Currently what i am concerned with is to keep my network like it is and build a parallel one with good infrastructure.
There is a priority with controlling the access to the internet.
So i think Active Directories along with ISA server are a priority.