Help building a network
Results 1 to 5 of 5

Thread: Help building a network

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    111

    Help building a network

    I looked around the forums here and couldn't find a general networking category so i posted here.

    I have a friend who runs a non-profit organization and wants a network built. This would consist of a server at a central location (office) that would hold all the data, and three offices around town, and a few people at their private home that could access this server. It has to have 10 access points and be secure.

    Any help would be great. What am i gonna need? Server, software, etc. Any tutorials on this, etc.

    I know this is sort of a broad question but any and all help would be greatly appreciated.

    Thanks in advance
    Last edited by Atticus|1; August 21st, 2009 at 10:21 PM.
    NORML

    Signature image is too tall!

  2. #2
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Before I get to the part of recommendations, just make sure you aren't fooling yourself into that "security" thing. If you have users connecting to anything, you have threats too. There are millions of things you could do to make it what I think you're aiming for, but first you have to decide on some some things:

    1. What kind of budget? Non-Profit doesn't always mean broke, so you're going to need to decide what KIND of server you want. You also need to choose an OS. Most people will tell you that a Non-Profit organization should use Free to download Open / Free software, like Linux boxes as servers. Some also say BSD. This is OK advice for the most part, but other than that the rest is bull. You have to pick something YOU know how to use. And not just as a user either. Using Linux and BSD at home, doesn't mean a thing when it comes to servers.

    I had used Linux at home for a while and it was good and I could fix most problems myself, but, with a server where you're going to have people logging into this thing and have actual users, and, really, ANY server, you have a problem, because, using these at home VS as a server are two very different things.

    I think it was close to a year into using Linux before I even attempted setting up any type of server situation. I did it in small steps because setting up a PC with services available and throwing it on the net, is not only bad taste but dangerous. I set up a hardware firewall, denied all services from there, and only allowed LOCAL IP addys to access the thing from inside. This kept it somewhat safe while I learned how to work it.

    I started with using SSH / Telnet, and a few small things to test it out. I moved onto Apache and a mix of VSFTPd and PureFTPd and sometmies ProFTPd.

    Basically, without typing a bunch of stuff out, you have to look at your area of expertise, and use that.

    What kind of stuff have you used in the past?

    Have you ever done this before?

    Are you the sole support option?

    You have a lot of options, which is why this is a fairly vague question, so, it boils down to what you can use better. You could use Linux, you could use BSD, you could use Mac OS X Server, and you could use Windows Server Systems.

    What kind of services are you going to plan on running? If you chose Windows, you'll need some licenses that allow server connections I think. (It's been a while, it's been a long day).

    What kind of hardware are you looking at?

    What type of net connection is this thing going to use?

    How will Security Patches be handled?

    For security patches, if you use a Linux distro, you can normally just use SSH to log into the machine, do the patches, and you're done. If you're using BSD or Windows, you're going to want to be there. They handle patches a lot differently. BSD has some binary updates, and you can set it up, but you may have to recompile things at times, and doing that over SSH is not the best idea.

    Windows has some neat remote service stuff available, but installing patches on Windows remotely, I wouldn't want to do that. You should do this from the Machine itself. And also, if you do choose Windows; DO NOT allow "Automatic Updates". It's a horrible idea and you're better off doing what I do as well as a lot of other people; Look at each update yourself, make sure it's not going to break anything you might be using, and test it first. Then install them, reboot, and keep rolling.

    If you're wondering why I said it was OK to do Linux updates remotely, it's because Linux in general (BSD is getting better at this, but still) Linux can install updates over SSH, and it's usually just fine. Most distros will even shut down services for you while they're updated, and you can even script the updates.

    The only time you should NOT do this, is with Kernel stuff. Always do Kernel updates from the Console. That way you can make sure it is working properly.

    Also, firewalls? Windows has a HUGE number of them. BSD and Linux all have stuff built in that will do this too, and you can get other firewalls to run on the machine too, but again, don't do this remotely. You can lock yourself out of your own machine with one small click or typing thing.

    Anyway this is getting to be kind of long, so I'll stop here for now until you reply with some of what you're looking for.

    Security you say is a must. That isn't really a problem no matter what OS you choose. You can lock any of them down properly.
    Kill the lights, let the candles burn behind the pumpkinsí mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    27
    I want to add one thing to gore's post. Regardless of which option you choose, if the home users will be connecting through dialup (less likely) then you should configure the server with a phone number to call them back at. This way, they'll log in, and the server will disconnect them and call them right back on the same line (and log them in).

    It's done so that if user A steals user B's information, they can't log into the server because it will call User B instead of them.

    If they're using broadband, then you can configure VPN's for them to access the server. I'm not familiar enough with them to walk you through that, but I'm sure you can find suitable programs to do it. Citrix or LogMeIN are two that I'm familiar with.

    Have a great day
    Patrick.

  4. #4
    Member
    Join Date
    Apr 2004
    Posts
    69
    If you want users to be able to log in from home, I recommend letting these users take home "their" own laptops. These laptops can either have NO harddrives and boot off a CD (very time-consuming process, involving creating boot-CDs, with the correct hardware drivers for each computer, ugh) which mitigates the possibility of confidential data being lost/stolen/read by unauthorized individuals, OR you can have the laptops' harddrives encrypted so that if one of them does get lost/stolen, the data on them cannot be easily read. SafeBoot is one option.

    You also need to be aware of certain access policies this organization may have when it comes to logging in remotely. Policies such as firewall/antivirus/updates, etc need to be able to be enforced on the remote machines.


    Btw, if at all possible, try not to use wireless network connectivity. There's no way to stop data from ending up where it's not supposed to end up, whether or not you have the latest encryption standard set up on each access point. The risks vastly outweigh the convenience.

  5. #5
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    What am i gonna need? Server, software, etc. Any tutorials on this, etc.
    What you need is a qualified network engineer! I'm not being a dick, I am 100% serious. DO NOT ATTEMPT TO DO THIS!

    You're asking what you need to set up a WAN. If you don't know this much, you will EPIC FAIL!

    The process of designing a network takes many hours of work up front. I designed and installed a LAN for a real estate company a few years back.

    20 office users and 15 remote users. It took almost 3 weeks just to gather all the requirements, and then at least another two to get the users to understand the requirements. Because of the owners lack of technical knowledge, I implemented a hosted email solution and Windows 2003 AD LAN.

    I used http://www.dd-wrt.com/dd-wrtv3/dd-wrt/about.html to modify his cable router to provide a vpn solution for his remote users. Since virtual servers would have been over kill, I got a few dell's for storage, backup and applications. Got a nice little Nortel switch for the office.

    Laptops already existed (VISTA CRAP) so 20 XP Machines 3 servers, 1 Switch, 3 WAP's, CAT 5, one weekend setup and about 2 months of support.

    Behind the scenes, Knowledge of scripting, programing and a tool kit full of tried and trusted goodies. The image software I used for imaging the 20 PC's; for instance.

    I installed OpenDNS and guided him in creating usage policies.

    Free Antivirus, probably AVG (Back then it didn't suck) set up the dhcp scope and secured layer 3.

    Once completed, I went back and scanned the hell out of the network with netcat and nmap. (that was fun)

    The only problem he had since installation is one of his employees kids installed a java based game on a pc that infected the other 19. That employee doesn't work there anymore - remember POLICIES MUST BE ENFORCED.

    All that being said, there are about 15 different ways to configure and implement a simple network. There are over 1 million ways to do it wrong.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Similar Threads

  1. Introduction to Securing a Wireless Network.
    By keezel in forum The Security Tutorials Forum
    Replies: 28
    Last Post: December 11th, 2006, 10:02 PM
  2. A guide to proactive network security
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: November 30th, 2004, 11:45 PM
  3. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 09:03 PM
  4. mini-tutorial on network topologies
    By cwk9 in forum Other Tutorials Forum
    Replies: 6
    Last Post: June 3rd, 2002, 06:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides