Office network advice wanted

Discussion in 'Networking & Security' started by Digital-Vortex, Jun 2, 2005.

  1. Digital-Vortex

    Digital-Vortex Gawd

    Messages:
    961
    Joined:
    Dec 11, 2001
    Hey all,

    I'm setting up a network for a small office next week, i spoke to them today and its not a big job, 2 laptops, 2 printers, one internet connection.

    My first question is wired or wireless. They origionally suggested wireless, but security is my main concern. i know i could just turn off SSID broadcasting and run MAC filtering, but is this enough?

    Also, the 2 printers, while one is a simple printer the other is a 3 in 1 printer/scanner/copier, and i beleive they want to use it as a scanner. Is it possible to have this run over the network? I've never attempted this before, so was wondering if anyone has done this?

    and last but not least, would a cheap linksys switch be ok for this task? i only as because the guys jaw dropped in horror when i quoted £200 as a maximum price. so cheaper it is the better it is :D

    Thanks
     
  2. Blitzrommel

    Blitzrommel 2[H]4U

    Messages:
    2,659
    Joined:
    Sep 26, 2001
    That depends on a few factors.

    There's two laptops, you said -- will they be moving around during use, or just plopped on a desk when in use?

    In terms of the 3-in-1 machine, scanning over a network is usually something that depends on the manufacturer as well. Printing's easy to share if it's connected to a laptop. However, if they're gunna be wireless users, keeping the printer connected to the laptop might not always be a viable option.

    And yeah, a linksys would work. I'd find one with a built-in print server though.
     
  3. Nasty_Savage

    Nasty_Savage [H]ardForum Junkie

    Messages:
    14,191
    Joined:
    Mar 19, 2001
    I hate all in one printers, and the above poster is correct. It depends on the manufacturer. No All-In-One software package, or cheapo scanner software I've seen takes networking into consideration...
     
  4. Malk-a-mite

    Malk-a-mite [H]ard|Gawd

    Messages:
    2,023
    Joined:
    Feb 16, 2002
    If security is your main concern then this is not enough - since they are easily bypassed, and still leave your data transmitting in the clear. Look to WPA instead of WEP if your access points support it. Pick a long passphrase (20+ chars, non-dicitionary, letters, numbers, symbols).
     
  5. Mr_Evil

    Mr_Evil 2[H]4U

    Messages:
    3,700
    Joined:
    Dec 24, 2001
    MAC filtering and turning off SSID broadcasting is quite secure and also less of a pain in the ass to add new workstations. It would stop a passerby with Wi-Fi on a Laptop from getting into their Network. Packets could still be intercepted though since there's no encryption.

    The printers can be shared over the network just fine, no big deal there. However, the all in one will only function as a scanner at the local machine. HP has a couple business Inkjet all in ones that support scanning over the network, but its not a model I've seen much of.

    Switches won't share the internet connection. Besides, a Linksys AP + router + 4 port switch is about $75, less if you can catch a deal. However, your customer is looking at probably $200 in just client adapters for wireless. (If all 4 terminals get wireless)

    If that business owner shat a brick at $200, wait till he sees what a REAL network setup company charges. I reckon a bigger network company would charge him $500 for 4 workstations and 2 printers...that's not even counting equipment. Hell, I charge $100 to setup 2 workstations and a printer on a wireless or existing wired network, plus $50 for each workstation after the first two....that's just labor cost. I don't give away routers and APs and adapters :p
     
  6. Digital-Vortex

    Digital-Vortex Gawd

    Messages:
    961
    Joined:
    Dec 11, 2001
    I forgot to add WPA to that :( slipped my head. The laptops will just be on desks when in the office anyway, so wired should be fine. However since they will leave the office rather often the printers need to be on seperate servers.

    would it be better if i setup a windows box to share both printers? and a shared folder of scanned documents?
     
  7. Malk-a-mite

    Malk-a-mite [H]ard|Gawd

    Messages:
    2,023
    Joined:
    Feb 16, 2002
    I'm curious what you consider secure, could you elaborate?
     
  8. Digital-Vortex

    Digital-Vortex Gawd

    Messages:
    961
    Joined:
    Dec 11, 2001
    something thats hidden and not accessable by the wrong people.
    as i suggest, i forgot to mention WPA encryption in there.
     
  9. Malk-a-mite

    Malk-a-mite [H]ard|Gawd

    Messages:
    2,023
    Joined:
    Feb 16, 2002
    Sorry DV was addressing that to Mr_Evil who seemed to imply that SSID disabling and MAC filters were good enough security.

    But here is a question - what business is this company in? Depending on what kinds of data they deal with can greatly affect the level of security that is needed.
     
  10. Digital-Vortex

    Digital-Vortex Gawd

    Messages:
    961
    Joined:
    Dec 11, 2001
    They are a business consultant. so they have details of companys and contacts. dont think were talking financial data or bank acounts :)
     
  11. Mr_Evil

    Mr_Evil 2[H]4U

    Messages:
    3,700
    Joined:
    Dec 24, 2001
    Well, the fact that my SSID isn't being broadcast would keep a casual looker out of my network unless they knew my ID...next, one would have to know which MACs are allowed on my AP in order to spoof a MAC address that is allowed. That's a whole lot of fuckin work just to get at my pr0n collection. Hell that's alot of work to get at a company's customer list.

    Anything that's encrypted can be decrypted and always remember "There is no patch for human stupidity."
     
  12. Digital-Vortex

    Digital-Vortex Gawd

    Messages:
    961
    Joined:
    Dec 11, 2001
    Yea, but is that all there is? usernames and passwords for bank acounts. pin numbers for banks, website acount names, loads more can be stored on someones computer, some people dont think about things. If its a business. customer names. addresses. payment details. personal data. alot more can be on computers than you think. and theres alot of harm that can be done if someone gets it!
     
  13. Malk-a-mite

    Malk-a-mite [H]ard|Gawd

    Messages:
    2,023
    Joined:
    Feb 16, 2002
    I would have to disagree. I would suggest that for a list of a consulting firms contacts, and customer data that firing up NetStumbler for a while is an incredibly low investment in time and energy to effectively steal business data. Not to mention that if any of the companies they consult for have restrictions on data privacy and handling and that customer information/data is leaked from the consultant's network, you can bet they won't be getting any more business from that client. Also business's and consultant's talk amongst each group. Blacklisting irresponsible parties on either side is a reality.

    To spoof the MAC address all you need is the ability to sniff the traffic, note the MAC addresses and then change the MAC on your NIC.

    While this might be enough for a casual home user, it is not enough for any business that is using the network for business data (if they are just letting the people in the back of the warehouse surf the web then maybe it's ok, maybe).
     
  14. oakfan52

    oakfan52 [H]ard|Gawd

    Messages:
    1,578
    Joined:
    Oct 5, 2003

    Its not the casual user that you should be worried about.
     
  15. Blitzrommel

    Blitzrommel 2[H]4U

    Messages:
    2,659
    Joined:
    Sep 26, 2001
    Exactly, never assume the technical expertise of anyone like that... Always think to yourself that networks are pretty much never TRULY secure. But, what can you do to BEST prevent users from intruding? The more you can do to secure a network properly, the better.