August 21st, 2009 10:07 PM
Help building a network
I looked around the forums here and couldn't find a general networking category so i posted here.
I have a friend who runs a non-profit organization and wants a network built. This would consist of a server at a central location (office) that would hold all the data, and three offices around town, and a few people at their private home that could access this server. It has to have 10 access points and be secure.
Any help would be great. What am i gonna need? Server, software, etc. Any tutorials on this, etc.
I know this is sort of a broad question but any and all help would be greatly appreciated.
Thanks in advance
Last edited by Atticus|1; August 21st, 2009 at 10:21 PM.
Signature image is too tall!
August 21st, 2009 10:55 PM
Before I get to the part of recommendations, just make sure you aren't fooling yourself into that "security" thing. If you have users connecting to anything, you have threats too. There are millions of things you could do to make it what I think you're aiming for, but first you have to decide on some some things:
1. What kind of budget? Non-Profit doesn't always mean broke, so you're going to need to decide what KIND of server you want. You also need to choose an OS. Most people will tell you that a Non-Profit organization should use Free to download Open / Free software, like Linux boxes as servers. Some also say BSD. This is OK advice for the most part, but other than that the rest is bull. You have to pick something YOU know how to use. And not just as a user either. Using Linux and BSD at home, doesn't mean a thing when it comes to servers.
I had used Linux at home for a while and it was good and I could fix most problems myself, but, with a server where you're going to have people logging into this thing and have actual users, and, really, ANY server, you have a problem, because, using these at home VS as a server are two very different things.
I think it was close to a year into using Linux before I even attempted setting up any type of server situation. I did it in small steps because setting up a PC with services available and throwing it on the net, is not only bad taste but dangerous. I set up a hardware firewall, denied all services from there, and only allowed LOCAL IP addys to access the thing from inside. This kept it somewhat safe while I learned how to work it.
I started with using SSH / Telnet, and a few small things to test it out. I moved onto Apache and a mix of VSFTPd and PureFTPd and sometmies ProFTPd.
Basically, without typing a bunch of stuff out, you have to look at your area of expertise, and use that.
What kind of stuff have you used in the past?
Have you ever done this before?
Are you the sole support option?
You have a lot of options, which is why this is a fairly vague question, so, it boils down to what you can use better. You could use Linux, you could use BSD, you could use Mac OS X Server, and you could use Windows Server Systems.
What kind of services are you going to plan on running? If you chose Windows, you'll need some licenses that allow server connections I think. (It's been a while, it's been a long day).
What kind of hardware are you looking at?
What type of net connection is this thing going to use?
How will Security Patches be handled?
For security patches, if you use a Linux distro, you can normally just use SSH to log into the machine, do the patches, and you're done. If you're using BSD or Windows, you're going to want to be there. They handle patches a lot differently. BSD has some binary updates, and you can set it up, but you may have to recompile things at times, and doing that over SSH is not the best idea.
Windows has some neat remote service stuff available, but installing patches on Windows remotely, I wouldn't want to do that. You should do this from the Machine itself. And also, if you do choose Windows; DO NOT allow "Automatic Updates". It's a horrible idea and you're better off doing what I do as well as a lot of other people; Look at each update yourself, make sure it's not going to break anything you might be using, and test it first. Then install them, reboot, and keep rolling.
If you're wondering why I said it was OK to do Linux updates remotely, it's because Linux in general (BSD is getting better at this, but still) Linux can install updates over SSH, and it's usually just fine. Most distros will even shut down services for you while they're updated, and you can even script the updates.
The only time you should NOT do this, is with Kernel stuff. Always do Kernel updates from the Console. That way you can make sure it is working properly.
Also, firewalls? Windows has a HUGE number of them. BSD and Linux all have stuff built in that will do this too, and you can get other firewalls to run on the machine too, but again, don't do this remotely. You can lock yourself out of your own machine with one small click or typing thing.
Anyway this is getting to be kind of long, so I'll stop here for now until you reply with some of what you're looking for.
Security you say is a must. That isn't really a problem no matter what OS you choose. You can lock any of them down properly.
August 23rd, 2009 03:57 AM
I want to add one thing to gore's post. Regardless of which option you choose, if the home users will be connecting through dialup (less likely) then you should configure the server with a phone number to call them back at. This way, they'll log in, and the server will disconnect them and call them right back on the same line (and log them in).
It's done so that if user A steals user B's information, they can't log into the server because it will call User B instead of them.
If they're using broadband, then you can configure VPN's for them to access the server. I'm not familiar enough with them to walk you through that, but I'm sure you can find suitable programs to do it. Citrix or LogMeIN are two that I'm familiar with.
Have a great day
August 24th, 2009 02:11 PM
If you want users to be able to log in from home, I recommend letting these users take home "their" own laptops. These laptops can either have NO harddrives and boot off a CD (very time-consuming process, involving creating boot-CDs, with the correct hardware drivers for each computer, ugh) which mitigates the possibility of confidential data being lost/stolen/read by unauthorized individuals, OR you can have the laptops' harddrives encrypted so that if one of them does get lost/stolen, the data on them cannot be easily read. SafeBoot is one option.
You also need to be aware of certain access policies this organization may have when it comes to logging in remotely. Policies such as firewall/antivirus/updates, etc need to be able to be enforced on the remote machines.
Btw, if at all possible, try not to use wireless network connectivity. There's no way to stop data from ending up where it's not supposed to end up, whether or not you have the latest encryption standard set up on each access point. The risks vastly outweigh the convenience.
August 26th, 2009 07:22 PM
What you need is a qualified network engineer! I'm not being a dick, I am 100% serious. DO NOT ATTEMPT TO DO THIS!
What am i gonna need? Server, software, etc. Any tutorials on this, etc.
You're asking what you need to set up a WAN. If you don't know this much, you will EPIC FAIL!
The process of designing a network takes many hours of work up front. I designed and installed a LAN for a real estate company a few years back.
20 office users and 15 remote users. It took almost 3 weeks just to gather all the requirements, and then at least another two to get the users to understand the requirements. Because of the owners lack of technical knowledge, I implemented a hosted email solution and Windows 2003 AD LAN.
I used http://www.dd-wrt.com/dd-wrtv3/dd-wrt/about.html to modify his cable router to provide a vpn solution for his remote users. Since virtual servers would have been over kill, I got a few dell's for storage, backup and applications. Got a nice little Nortel switch for the office.
Laptops already existed (VISTA CRAP) so 20 XP Machines 3 servers, 1 Switch, 3 WAP's, CAT 5, one weekend setup and about 2 months of support.
Behind the scenes, Knowledge of scripting, programing and a tool kit full of tried and trusted goodies. The image software I used for imaging the 20 PC's; for instance.
I installed OpenDNS and guided him in creating usage policies.
Free Antivirus, probably AVG (Back then it didn't suck) set up the dhcp scope and secured layer 3.
Once completed, I went back and scanned the hell out of the network with netcat and nmap. (that was fun)
The only problem he had since installation is one of his employees kids installed a java based game on a pc that infected the other 19. That employee doesn't work there anymore - remember POLICIES MUST BE ENFORCED.
All that being said, there are about 15 different ways to configure and implement a simple network. There are over 1 million ways to do it wrong.
By keezel in forum The Security Tutorials Forum
Last Post: December 11th, 2006, 10:02 PM
By SDK in forum Miscellaneous Security Discussions
Last Post: November 30th, 2004, 11:45 PM
By NullDevice in forum The Security Tutorials Forum
Last Post: December 17th, 2003, 09:03 PM
By cwk9 in forum Other Tutorials Forum
Last Post: June 3rd, 2002, 06:57 PM