Question

Locked

Setting up a network

By porknar ·
I have been given the duty to setup our network. I am not a network administrator or any of the such. I do know a little about tcpip and some other configuration settings. Our existing setup is as follows. We have a Efficient Networks speed stream 5100 DSL modem which is plugged into a linksys BEFSR41 router, which is plugged into a Dell Powerconnect 2324 Unmanaged switch, which all XP sp2 workstations & win 2003 Small business server standard are plugged into. I basicly plugged everything in and it worked. Now I am wondering if I set this up correctly, or if I could set it up to be more effecient. Maybe connect it differently or some thing. I also would like to be able to moniter our users.

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

We have simular configuration

by fwang In reply to Setting up a network

But we have a firewall connect to T3, win2k3 SBS with two NICs, one connect to the fireware, another connect to switch. All local PCs connect to switch. This way, all local PCs have to go through SBS to go out. And the firewall only see SBS server. Once you turn on the reoprt function on SBS, you should be able to monitor all users.

Collapse -

Reply

by porknar In reply to We have simular configura ...

Is your firewall a router too? I do have two Nics in my server so I should be able to hook this up. Will it slow the internet connection down by going through the server?

Collapse -

Ideally

by CG IT In reply to Setting up a network

Protection of your network is done by a layered approach. At the perimeter, you have a firewall to block intrusions, This perimeter firewall can be from a mutitude of products. Like the other poster who runs ISA server on their SBS network. ISA Server is an extremel powerful proxy server/firewall. On the perimeter, ISA will act as the go between for external requests. No external traffic ever gets past ISA as its the proxy. Cisco PIX is another full fledged firewall.

After a firewall, you also need a layer 3 device [router] which can do many to on NAT so you can share an Internet connection. There are other devices for spam blocking at the perimeter you can incorporate to block unwanted traffic. Baracuda makes a good spam blocking device.

After the perimeter, you can incorporate a DMZ zone where services you want to allow the general public to access can access them.

After the DMZ zone, you have another firewall. This firewall protects the internal network from any unwanted traffic from that makes it into the DMZ from the internal network. This firewall could be another ISA server or another device with firewall capabilities.

After that, local machines also incorporate their own firewalls [desktops] which you create exceptions for other desktops and servers [and corresponding services]so that users can access the resources on the network.

From there, other network protections such a antivirus and antispyware software can be used to protect desktops and servers from these threats.

Infrastructure security and how its implemented all boils down to how secure you want the network vs the administrative time and cost for that secure network.

I've found that consumer level products do a decent job in protecting consumer level networks. For businesses, more sophisticated products are needed to ensure business critical data is safeguarded.

Collapse -

Hmm

by porknar In reply to Ideally

Thank you this clears up some of my questions but now generate more. Like do I really need a hardware firewall? I am not sure if I have ISA in the SBS standard, I will have to check that out. For the DMZ zone I assume I would need another box running ISA or a hardware firewall? Where excatly does the server get connected. PLease bear with me, as I might have some stupid questions. So the way I understand it is Modem, ISA server or hardware firewall, router, ISA server or hardware firewall, then workstations and servers?
What about the server and the two nic cards?

Thank you very much,
Darrell

Collapse -

general terms

by CG IT In reply to Hmm

I just outlined the general idea of the layered approach for securing a network.

The modem [if it's just a modem] does nothing except massage the single to work for DSL. your consumer level router provides many to one NAT so that you can share the internet connection with other computers on the network. It also provide basic firewall security [meaning it blocks inbound connection attemtps]. Some of the pricier consumer level routers have packet inspection but it's still not a business class firewall or router.

as far as your LAN network, there are many ways in which to setup your LAN infrastructure. If this is a small business on a tight budget, then you do what you have to do.

Collapse -

Thank you

by porknar In reply to general terms

I have a better understanding now. Seeing as we are a small business (12 computers) I do not think the pricey hardware is an option. I do thinkn I will change how the server is connected. I will run into one nic on the server then out the other. Not sure how to implment this any helpful hints? I already have a .local domain, mapped drives. I would also like to implment an exchange server for our email.
Thank you for all your knowledge.

Darrell

Collapse -

Some ideas...

by nneelix In reply to Thank you

Unfortunately there isn't much you can do without spending at least some money. The good news it shouldn't cost too much.

First SBS standard does not included ISA server. An upgrade to SBS Premium can be had for about $600. You can get a general overview of their products here:
http://www.microsoft.com/windowsserver2003/sbs/evaluation/features/default.mspx

I would recommend you actually buy a business class firewall product though. Even with ISA I still recommend all businesses have one. Like the previous poster said there are now a ton of products on the market geared towards the small business network security, and most of these products can do all of what he/she said in one device if properly configured. Personally my favorite product on the market now for this is the SonicWALL TZ 190 (about $700). Ask me again in two months and I might have changed my mind as the industry changes that quickly now.

Collapse -

Get some on-site professional help

by NetizenX In reply to Setting up a network

It sounds as if your company is growing. I highly recommend that your company consider investing, yes investing, funds for an on-site professional review and recommendation and maybe even the implementation. As you stated "I am not a network administrator or any of the such". It sounds like you really want to learn more about computer networking, and have, but this is a project that should involve someone with the right set of skills. You will learn much from outsourcing this project during the interaction with the consultant. And your company will have the comfort of knowing that it was done right. Finding a consultant for this project is a process in itself. If your company's survival depends on it's data, then figure out it's worth and weight the cost of failure, like a security breach, against the cost of a professional. If you can't afford a professional, then check out http://www.consultantcommons.org/ and http://www.techsoup.org/ for some free information. Good luck.

Collapse -

Thank you

by porknar In reply to Get some on-site professi ...

I have brought this up to management, to which I was declined the funding. So I am back to setting this up myself. We have just move to a t1 line that includes our phone and data. I am try to configure my server to work and I am not quiet sure how to achieve this. I have a 2 Nic cards, and I have been told this is the way to confgre the service. I also have a linksys router, which I am not sure I need anymore. The ISP has installed a voice/data router(Adtran). They said that I have to call tech support to have them open ports. I also have an unmanaged 24 port switch. Any help with the configuration is greatly appericated.

Collapse -

ISA server

by porknar In reply to Setting up a network

I see that the ISA server is an important part of the system. Is there other software that does the same thing as MS ISA?

Back to Networks Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums