Jump to content
  • 0
Sign in to follow this  
Followers 0

Question

Posted

Hello

First off I have never done a small office network before so....

Ive been asked to redo a existing network in my office. Mainly because the connection to the main router fails and the firewall is pretty basic/weak.

The first thing Ill have to do is recon some of the network devices.

This is what I know 100%:
Our IP is static
The number of devices connected to the network.
There are two wireless networks
The wireless clients are MACed controll and WEP
The other network only controls a security camera (WPA2)
There is a Windows DC
There are 2 active Linux boxes
All the phyically connected devices (except the unix boxes) are part of the domain.
The IPs are assigned via MAC addresses.

Thats pretty much all I know, where should I contiue from here?

What ideas I have:

A way better firewall; pFsense seems complicated so Im thinking Cisco or DD-WRT.
Change the wireless to WPA2
Make sure all routers (except the main) are acting as switches (as sometimes conflicts occur)


Also, since this is a office which is already running, downtime is impossible.....or max for reboots of devices.

Share this post


Link to post
Share on other sites

59 answers to this question

  • 0

Posted

Its enabled out of the box.

Did you read the article I pointed out saying that there are some built in programs that if IPv6 is disabled on W7, could break normal operations???

And our DC is [color="#000000"]Windows Small Business Server 2003[/color]

Share this post


Link to post
Share on other sites
  • 0

Posted

"And our DC is [color=#000000]Windows Small Business Server [b]2003[/b]"[/color]

[color=#000000]Then it has NO ipv6 enabled out of the box - did you ENABLE it?? I highly doubt it!![/color]

[color=#000000]Then there is NO freaking way anything your doing with xp, vista, w7 or even 8 is doing anything with your server that has anything thing to do with you ipv6. Period - and they don't do anything to each other. So you HAVE NO USE if ipv6 on your network - NONE!! As I already stated disable it on a couple of machines if your worried. It takes 2 seconds and reboot to disable it, and same amount of time to re-enable it if something doesn't working. Which is not the case because if you have 2k3 server your NOT doing anything with ipv6, because its even enabled on that os unless you installed it..[/color]

[color=#000000]And yes I read your link - it does NOT pertain to ANYTHING you could be doing because your not even running ipv6 on your server - so as I stated before everything ipv6 related on your clients is freaking noise! nothing more[/color]...

Share this post


Link to post
Share on other sites
  • 0

Posted

Very quick and simple to disable, http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx. Doesn't look like it would take more than 10 min either.

Share this post


Link to post
Share on other sites
  • 0

Posted

^ I already linked to that article back on post #36, and your link is bad btw -- there is a . on the end that causes it to fail.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='AOXOMOXOA' timestamp='1363208620' post='595575806']
Hey pes2013 !!

Listen to BudMan,,

he has really good advice, he has helped me out of a jam once or twice as well. and I have been running networks since before windows was a household name.


:)
[/quote]

THIS, to the infinite power. Don't shun BudMan....he actually KNOWS what he's talking about. I suggest to listen to him. Don't be argumentive. He is the person that has kept my network still working through his advice to others. Trust the almighty BudMan... He'll help you get everything flowing properly. (Y)

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='BudMan' timestamp='1362754005' post='595566178']
"The wireless clients are MACed controll and WEP"

So completely open to anyone that can google then ;) Since both are completely and utterly useless as security measures.

[/quote]

agreed WEP is easy to hack and MACs easy to fake... you can sniff the working macs while you are cracking the WEP XD

Share this post


Link to post
Share on other sites
  • 0

Posted

Here is the updated network with the DNS entry of my router removed and DHCP lease time increased to 1 day:

[attachment=330846:update.png]

Next step that should be done? For now, with the new firewall and the AD updated to the new settings, internet access seems to be doing great without a hiccup (for now)

Share this post


Link to post
Share on other sites
  • 0

Posted

Why are you posting from a different nic? That just joined? Your only suppose to use 1 account on neowin.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='pes2013' timestamp='1364435125' post='595602582']
Its enabled out of the box.

Did you read the article I pointed out saying that there are some built in programs that if IPv6 is disabled on W7, could break normal operations???

And our DC is [color=#000000]Windows Small Business Server 2003[/color]
[/quote]

BudMan is sound when it comes to advice. You should listen to him.
What he's basically doing here is offering you a near 100% walk through of setting up your network *perfectly*, apart from actually coming on site and doing it for you. All you just have to answer his questions and do what he says.
Do you even know how much he could be charging you for this service?
He's handing you the offer of a trouble free setup of your network, one that is secure, and easy to maintain after it's setup .. and you're throwing the chance it away.

Budman has more experience then most on these forums, if he says it'd be best to disable IPv6 if your clients aren't using it, he's probably telling you it for a reason that he's had experience from.


As for your lack of worry about security, if your clients are tunnelling IPv6 over IPv4, the machines are pretty much bypassing your firewall and giving them direct contact with the outside world over IPv6. While you'll have internet facing IPv6 addresses for this, you're still poking holes in to your network (directly to machines) from the outside and once they're in your network, they can use the Local and LAN IPv6 addresses to attack any other IPv6 enabled machine on your network. It's just not worth the security risk, no matter how small it is. It's like the 90's all over again and people are just ignoring it as a non-issue.
Lastly, I noticed you weren't too concerned about WiFi setup, one of the reasons your network could be dropping its connections is if a rogue attacker has your WEP key and is using all your bandwidth or simply screwing around with the network in general. Security should almost always be one of your top priority, even more so on a live network.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.