Jump to content

Network Security


the scouser

Recommended Posts

I've recently moved in to an office in a shared building. In total there are 3 separate businesses operating from the same premises. I've treated myself and had installed a 10Mb internet connection but the owners of the building are now suggesting that I could fit a wireless router, share the internet access with the 2 other occupants, and split the cost.

Now the business I run is one in which client confidentiality is paramount. If I share this internet connection can I prevent access to my company's files by the others on the same network?

Scouse.

Link to comment
Share on other sites

I've recently moved in to an office in a shared building. In total there are 3 separate businesses operating from the same premises. I've treated myself and had installed a 10Mb internet connection but the owners of the building are now suggesting that I could fit a wireless router, share the internet access with the 2 other occupants, and split the cost.

Now the business I run is one in which client confidentiality is paramount. If I share this internet connection can I prevent access to my company's files by the others on the same network?

Scouse.

Well, they are ways to protect yourself, but none that are 100 percent effective. A good hacker/Computer jock could get in. If your files are THAT important I wouldn't do it.

Greg

Edited by griser
Link to comment
Share on other sites

wow 10 mbps how much did it cost you and how do you evaluate their performance?

If you really want to share the bandwidth, then there are some ways you could secure yourself, but as griser says, there can be no sure way.

The best method would be have 2 internal networks, one the regular wired lan(for your office), and one the wireless network(for the others), both sharing the internet from the same external connection(i.e. the 10 mbps).

now you will need a firewall(i recomend using a good hardware firewall) to ensure that there is no way the wireless network can comunicate with your office lan.

I trust this solution will solve your purpose unless you are holding some CIA classified documents ;-)

The hardware firewall can be setup on using any old computer and a linux firewall costing < 10,000 baht, perhaps the guys at linux forum can guide you more on this. The easy way would be to get some branded hardware firewall which may cost a fortune.

personally i wouldnt go this route just to save money...but for a chance to play with more toys, definately.

Link to comment
Share on other sites

I wouldnt entertain the idea if confidentiality is paramount to you. There are however ways to share the one connection into separate networks but i wouldnt suggest getting involved with that unless you

a] have some understanding of VLANs & Routing

b] wish to buy a Router

c] need to share the single connection.

Edited by rio666uk
Link to comment
Share on other sites

Thanks for your help folks. I must admit that's what I wanted to hear, that there's no 100% effective way of safeguarding the files. I don't hold top secret documents but a breach in confidentiality means that I lose my licence to practise, so, no matter how small the risk, I think I'll keep the 10 megs for myself. :o

SMS, I'm in the UK and the 10 meg connection costs £35 per month. Every now and then I run a speed test and I've been getting anything between 4500 and 9800 kbps.

Cheers,

Scouse.

Link to comment
Share on other sites

I've treated myself and had installed a 10Mb internet connection

Can I come and live in your office ??? :o

If you are seriously concerned about maintaining the confidentiality of your files (particularly if you think people might be interested enough to come after them) then I wouldn't recommend having wireless access to your network. It is too easy to get into.

One way you might be able to do it would be to set up a common router that you all share (with WIFI), and then you stick a second firewall box betweeen it and your internal 'wired' office network set up to keep your friends out, ie. the WIFI goes in a 'demilitarized zone' outside your LAN.

Basic steps to stop your WIFI being abused by passers by are to disable the SSID broadcast, use MAC address filtering to limit access to specific machines and enable WPA encryption (definitely not WEP) with a strong randomly generated key (not a password). Bear in mind that the first two measures are trivial to bypass for someone that knows what they are doing.

Link to comment
Share on other sites

In this world nothing is certain but death and taxes – said Benjamin Franklin.

Every network and every encryption can be broken but the question is how long does it take and what expertise is required.

If your business is confidential than first secure your files by encrypting them with a strong encryption:

If you need to encrypt your files for storage you can use - AES or Blowfish

http://www.truecrypt.org/ (free software)

If you need to share the info use public key encryption

http://www.pgp.com/ (you can find free versions too)

Even if you don’t share the connection you must to take precautions because your network provider does not protect you.

Don’t use your internet connection directly have a low cost router with built in firewall, port blocking and NAT (Network Address Translation), run firewall on each of your computers such as Kerio or ZoneAlarm. Have some anti spyware software (Microsoft, Lavasoft, Spybot etc)

In your case I just don’t see why you should share your connection. To save ~20pounds? I guess that must buy just a couple of beers in England.

a.) you don’t know the Internet usage patterns of the others, therefore it can happen that your bandwidth will be severely reduced.

b.) personally I would be afraid of “war driving” (unauthorized use of Wi-Fi resources) and downloading pirated music, movies or child porn or other materials that will lead to your IP address.

Regards

Link to comment
Share on other sites

I would say that with the proper setup (proxies, firewalls, DMS's, etc), sharing your wireless connection wouldn't be any more or less dangerous than having an internet connection.

However, given the fact that you're paying *only* 35 quid a month, I see no reason why the other offices couldn't get their own line.

Of course, even without the sharing, you should get a good network consultant to come in and take a look at your current security, since being connected to the internet is a security risk in itself. As far as I've seen, law practices seem to rarely employ their own computer guy.

Link to comment
Share on other sites

Can I come and live in your office ??? :D

No! Cos I'm living there. You can, however, go and live with my wife and 3-month-old son (they could do with some company) and have as much use as you like of my 1 meg home connection..... :o

Thanks for the advice one and all. It's certainly given me food for thought above and beyond my original question. The unfortunate thing is I don't possess the technical nous to sort it myself, so I'll take Firefoxx's advice and get in a man who knows. You're right, too, that it's not worth sharing for the sake of saving 20 quid a month.

Cheers,

Scouse.

Link to comment
Share on other sites

The hardware firewall can be setup on using any old computer and a linux firewall costing < 10,000 baht, perhaps the guys at linux forum can guide you more on this. The easy way would be to get some branded hardware firewall which may cost a fortune

Ipcop

can be used for this..just install an extra lan card in a cheapo computer ( 2000,3000 baht pentium 2 or 3 with 128 megs of ram and a 4 gig harddrive will do ) then set up Ipcop with Red, Green and Blue interfaces connect the internet to Red.. your trusted lan to Green and the wireless access point to Blue...the bonus of this is that you could have full acces the Blue lan but they can't access your Green lan :o

Link to comment
Share on other sites

talking about network security in a building shared with others ..i used to live in a condominium complex for one year in sukhumvit and they had one connection shared with all users, which was a huge security problem because with a bit of fine tuning, you could see all of their online activities and someone with malicious intentions could easily gain personal and even credit card information, etc.

Link to comment
Share on other sites

Yep... in Thailand you pay around that much for a 1 meg (abit) home connection, and you get actual speeds of around 100 k (ilobits). Biiig discrepancy here.

A 10 megabit business connection here would probably cost in the hundreds of thousands of baht, if not millions. Not strange, considering that there are quite a few Thai ISPs which have only that much international bandwidth to begin with.

Link to comment
Share on other sites

I've recently moved in to an office in a shared building. In total there are 3 separate businesses operating from the same premises. I've treated myself and had installed a 10Mb internet connection but the owners of the building are now suggesting that I could fit a wireless router, share the internet access with the 2 other occupants, and split the cost.

Now the business I run is one in which client confidentiality is paramount. If I share this internet connection can I prevent access to my company's files by the others on the same network?

Scouse.

There are a lot of ways you could do this. Easiest would be to run a wireless router / switch with the ADSL connection and then run another router / firewall ( a dedicated linux box would work well) off it for your separate network.

The other tenants in the building connect through the wireless router and you lock down your network with rules on your firewall / router.

If you need wireless for laptops in your own network buy a separate access point and lock that one down with WEP or WPA encryption.

You could also throw a win2K domain into the mix if you're doing file sharing amongst a number of PC's and get an additional layer of file access control and security.

Link to comment
Share on other sites

Guest endure

If you're a residential NTL customer it's worth calling them every now and then. Last week I was paying £40 for 1MB, cable TV and a phone line. I called and whined and now I'm paying £28 for 4MB, cable TV and a phone line :o

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...