Office network advice wanted

D

Digital-Vortex

Gawd
Joined
Dec 11, 2001
Messages
961
Hey all,

I'm setting up a network for a small office next week, i spoke to them today and its not a big job, 2 laptops, 2 printers, one internet connection.

My first question is wired or wireless. They origionally suggested wireless, but security is my main concern. i know i could just turn off SSID broadcasting and run MAC filtering, but is this enough?

Also, the 2 printers, while one is a simple printer the other is a 3 in 1 printer/scanner/copier, and i beleive they want to use it as a scanner. Is it possible to have this run over the network? I've never attempted this before, so was wondering if anyone has done this?

and last but not least, would a cheap linksys switch be ok for this task? i only as because the guys jaw dropped in horror when i quoted £200 as a maximum price. so cheaper it is the better it is :D

Thanks
 
That depends on a few factors.

There's two laptops, you said -- will they be moving around during use, or just plopped on a desk when in use?

In terms of the 3-in-1 machine, scanning over a network is usually something that depends on the manufacturer as well. Printing's easy to share if it's connected to a laptop. However, if they're gunna be wireless users, keeping the printer connected to the laptop might not always be a viable option.

And yeah, a linksys would work. I'd find one with a built-in print server though.
 
I hate all in one printers, and the above poster is correct. It depends on the manufacturer. No All-In-One software package, or cheapo scanner software I've seen takes networking into consideration...
 
Digital-Vortex said:
but security is my main concern. i know i could just turn off SSID broadcasting and run MAC filtering, but is this enough?
Click to expand...

If security is your main concern then this is not enough - since they are easily bypassed, and still leave your data transmitting in the clear. Look to WPA instead of WEP if your access points support it. Pick a long passphrase (20+ chars, non-dicitionary, letters, numbers, symbols).
 
MAC filtering and turning off SSID broadcasting is quite secure and also less of a pain in the ass to add new workstations. It would stop a passerby with Wi-Fi on a Laptop from getting into their Network. Packets could still be intercepted though since there's no encryption.

The printers can be shared over the network just fine, no big deal there. However, the all in one will only function as a scanner at the local machine. HP has a couple business Inkjet all in ones that support scanning over the network, but its not a model I've seen much of.

Switches won't share the internet connection. Besides, a Linksys AP + router + 4 port switch is about $75, less if you can catch a deal. However, your customer is looking at probably $200 in just client adapters for wireless. (If all 4 terminals get wireless)

If that business owner shat a brick at $200, wait till he sees what a REAL network setup company charges. I reckon a bigger network company would charge him $500 for 4 workstations and 2 printers...that's not even counting equipment. Hell, I charge $100 to setup 2 workstations and a printer on a wireless or existing wired network, plus $50 for each workstation after the first two....that's just labor cost. I don't give away routers and APs and adapters :p
 
Malk-a-mite said:
If security is your main concern then this is not enough - since they are easily bypassed, and still leave your data transmitting in the clear. Look to WPA instead of WEP if your access points support it. Pick a long passphrase (20+ chars, non-dicitionary, letters, numbers, symbols).
Click to expand...

I forgot to add WPA to that :( slipped my head. The laptops will just be on desks when in the office anyway, so wired should be fine. However since they will leave the office rather often the printers need to be on seperate servers.

would it be better if i setup a windows box to share both printers? and a shared folder of scanned documents?
 
Malk-a-mite said:
I'm curious what you consider secure, could you elaborate?
Click to expand...

something thats hidden and not accessable by the wrong people.
as i suggest, i forgot to mention WPA encryption in there.
 
Digital-Vortex said:
something thats hidden and not accessable by the wrong people.
as i suggest, i forgot to mention WPA encryption in there.
Click to expand...

Sorry DV was addressing that to Mr_Evil who seemed to imply that SSID disabling and MAC filters were good enough security.

But here is a question - what business is this company in? Depending on what kinds of data they deal with can greatly affect the level of security that is needed.
 
They are a business consultant. so they have details of companys and contacts. dont think were talking financial data or bank acounts :)
 
Malk-a-mite said:
I'm curious what you consider secure, could you elaborate?
Click to expand...

Well, the fact that my SSID isn't being broadcast would keep a casual looker out of my network unless they knew my ID...next, one would have to know which MACs are allowed on my AP in order to spoof a MAC address that is allowed. That's a whole lot of fuckin work just to get at my pr0n collection. Hell that's alot of work to get at a company's customer list.

Anything that's encrypted can be decrypted and always remember "There is no patch for human stupidity."
 
Mr_Evil said:
Well, the fact that my SSID isn't being broadcast would keep a casual looker out of my network unless they knew my ID...next, one would have to know which MACs are allowed on my AP in order to spoof a MAC address that is allowed. That's a whole lot of fuckin work just to get at my pr0n collection. Hell that's alot of work to get at a company's customer list.

Anything that's encrypted can be decrypted and always remember "There is no patch for human stupidity."
Click to expand...

Yea, but is that all there is? usernames and passwords for bank acounts. pin numbers for banks, website acount names, loads more can be stored on someones computer, some people dont think about things. If its a business. customer names. addresses. payment details. personal data. alot more can be on computers than you think. and theres alot of harm that can be done if someone gets it!
 
Mr_Evil said:
Well, the fact that my SSID isn't being broadcast would keep a casual looker out of my network unless they knew my ID...next, one would have to know which MACs are allowed on my AP in order to spoof a MAC address that is allowed. That's a whole lot of fuckin work just to get at my pr0n collection. Hell that's alot of work to get at a company's customer list.
Click to expand...

I would have to disagree. I would suggest that for a list of a consulting firms contacts, and customer data that firing up NetStumbler for a while is an incredibly low investment in time and energy to effectively steal business data. Not to mention that if any of the companies they consult for have restrictions on data privacy and handling and that customer information/data is leaked from the consultant's network, you can bet they won't be getting any more business from that client. Also business's and consultant's talk amongst each group. Blacklisting irresponsible parties on either side is a reality.

To spoof the MAC address all you need is the ability to sniff the traffic, note the MAC addresses and then change the MAC on your NIC.

While this might be enough for a casual home user, it is not enough for any business that is using the network for business data (if they are just letting the people in the back of the warehouse surf the web then maybe it's ok, maybe).
 
Malk-a-mite said:
I would have to disagree. I would suggest that for a list of a consulting firms contacts, and customer data that firing up NetStumbler for a while is an incredibly low investment in time and energy to effectively steal business data. Not to mention that if any of the companies they consult for have restrictions on data privacy and handling and that customer information/data is leaked from the consultant's network, you can bet they won't be getting any more business from that client. Also business's and consultant's talk amongst each group. Blacklisting irresponsible parties on either side is a reality.

To spoof the MAC address all you need is the ability to sniff the traffic, note the MAC addresses and then change the MAC on your NIC.

While this might be enough for a casual home user, it is not enough for any business that is using the network for business data (if they are just letting the people in the back of the warehouse surf the web then maybe it's ok, maybe).
Click to expand...


Its not the casual user that you should be worried about.
 
oakfan52 said:
Its not the casual user that you should be worried about.
Click to expand...

Exactly, never assume the technical expertise of anyone like that... Always think to yourself that networks are pretty much never TRULY secure. But, what can you do to BEST prevent users from intruding? The more you can do to secure a network properly, the better.
 
You must log in or register to reply here.
Back
Top