|
Posted by Bruce on August 11, 2006, 3:07 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Leythos wrote:
>> Hi Leythos... I didn't expect this much help (and much appreciated),
>> but since you replied see my followups below...
>>
>> Leythos wrote:
>>>> Hi... Before I ask any questions on any NG, could someone
>>>> give me some links to networking basics. I'm computer literate
>>>> but I've never had to deal with networks so I'm pretty ignorant.
>>>>
>>>> I need to understand an existing small network that needs
>>>> to expand. It currently has a DSL line with a Netgear
>>>> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
>>>> router, and a Print Server. I need to expand the network in
>>>> another part of the building where the wireless signal is weak.
>>>> The expansion is to attach more computers and a printer.
>>>>
>>>> The DSL is only used for internet/email access. There is no
>>>> web services or other fancy needs.
>>>>
>>>> I need to understand the basics of Routers, Switches, hubs,
>>>> Print Servers, hardware & software firewalls. I hope I don't
>>>> need to understand all the different protocols. My biggest
>>>> concern is to protect these new computers as they will have
>>>> sensitive data. So I need to protect it from outside the
>>>> firewall as well as computers from within the network.
>>>>
>>>> Any assistance/links would be appreciated
>>> One way to protect a set of computer, not physical protection, but
>>> network protection, would be to install a second router, in series with
>>> the first router, and connect the "Sensitive" computer to that router.
>>>
>>> The Sensitive computers could access everything connected to the first
>>> router (existing PC's, print server, internet, etc...) but nothing in
>>> front of the second router could access inside the second routers
>>> network directly.
>>>
>>> INTERNET
>>> |
>>> WAN
>>> FIRST ROUTER
>>> ---LAN---
>>> | |
>>> | - First Less secure computers/printers
>>> |
>>> WAN
>>> SECOND ROUTER
>>> LAN
>>> |
>>> - Second group of computers
>>>
>>> You should use a wired connection between your first router and your
>>> second router, and not some wireless solution, this keeps performance
>>> up.
>>>
>>> You also might want to set the WAN address of router 2 to a fixed in the
>>> router 1 LAN network, but it's not 100% necessary.
>>>
>>> You also need to know that with eithernet, CAT5/6, you are limited to
>>> 100 meters between router 1 and router 2 to connect them (most people
>>> use 90 meters so that there is no mistakes).
>> Good to know. I believe the amount I would need to pull is under
>> the max. Probably 50 meters at most.
>>
>>> Anything behind the second router (second computers) can't be directly
>>> reached by the First Router LAN (first group of computers), UNLESS you
>>> poke holes (FORWARDING) from WAN to LAN in the second router.
>> (Note that all the computers are Windows based)
>>
>> I was wondering whether I needed a router of if a hub is sufficient.
>> The computers on the first router are laptops that I don't have much
>> control over and I'm concerned that virus' and other nasties might
>> invade the 2nd network systems.
>
> A HUB would connect the two sets of computers without any blocking of
> connections between them.
>
> You specifically asked for a secure set of second computers, the NAT
> function of the second router would block access from the first set to
> the second set.
>
>> Though I want to limit the accessibility from those computers to the
>> "2nd network" computers, there is some access I need to allow, such
>> as access to a database, read-only. Would a 2nd router allow
>> access to a particular shared area?
>
> It depends, you didn't say what type of Database. If you mean a MSSQL
> database, then you would have to PORT FORWARD TCP1433 to the second
> level computer with the MS SQL Service running on it - then all
> computers in LAN 1 could access TCP 1433 on the Target computer.
>
> If you mean MS Access or some other file based pseudo database, then no,
> you could do it, but then it's not really secure.
>
> What type of database?
>
>> Would a software firewall be advised on the 2nd network computers
>> if 2nd router is used?
>
> Well, I'll get flamed no matter how I answer this, but, with a router
> you already have NAT from LAN1>LAN2, so that means the computers in LAN
> 1 can't access the computers in LAN2 unless you map ports inbound to
> LAN2.
>
> If you use a HUB, you could use a PFW solution, as long as you
> understand how to configure it, to only allow certain (depending on the
> PFW) access to the local computer, there are several complications with
> this and without knowing what you want to allow access to (specific
> database type/name) I can't say for sure.
I forgot to ask... So if I have these two routers can I eliminate
the need for the software firewall?
| 
XML site map