Announcement

Collapse
No announcement yet.

Segmenting my parents off my network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Segmenting my parents off my network

    I currently have a lan at home working fine. It's based on the following hardware

    One Comcast supplied Surfboard modem
    One Linksys RT31P2 freed from Vonage acting as my NAT router IP 192.168.3.1
    One Linksys WRT54G with Firmware: DD-WRT v23 SP2 (09/15/06) vpn IP 192.168.3.2
    One Netgear 10/100/1000 Switch ( 6 ports)

    In the main room I have connected via cat-5

    One 2003 Server (30day Eval) IP 192.168.3.3
    Two Windows XP Pro Systems IP 192.168.3.100 & 101
    One Tivo IP 192.168.3.200

    Downstairs I have a Tivo on Wifi with an IP of 192.138.3.201

    I have a laptop that gets 192.168.3.105 when wired and 192.168.3.205 when wireless

    I want to add two computers for my parents to use one wired and one wireless.
    Physicaly that is not a problem because I have space on the switch for a wired PC. The problem is I want to segment them (If thats the correct term)

    I want them to be able to access the following

    1) The Internet
    2) Printers attached to the 2003 Server
    3) Audio files that will be stored on a Linux system that will be added in a few weeks.

    I don't want them to be able to access any files on my computers. I'm mostly concerned with them getting spyware which will try to infect my computers over the internet.

    They will be using their computers mainly for Internet browsing, E-mail and DVD Playing.

    Other than running a firewall on my XP systems is there anyting I can do to secure the network.

  • #2
    Re: Segmenting my parents off my network

    Make sure your XP boxes are on NTFS filesystems and then implement NTFS file and folder security. If you are unsure about how to do that, post back and we'll help.

    Make all accounts on all your computers have good strong passwords.

    Logon to (and use on a daily basis) only User accounts, not accounts that are members of the Administrators group. That'll help a whole lot with security.

    (edit: ) Oh, and you do have WPA security on the WRT54G do you? Cos WEP is not secure any more, so increase the wireless security to WPA.
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: Segmenting my parents off my network

      Originally posted by PaulH View Post
      Make sure your XP boxes are on NTFS filesystems and then implement NTFS file and folder security. If you are unsure about how to do that, post back and we'll help.

      Make all accounts on all your computers have good strong passwords.

      Logon to (and use on a daily basis) only User accounts, not accounts that are members of the Administrators group. That'll help a whole lot with security.

      (edit: ) Oh, and you do have WPA security on the WRT54G do you? Cos WEP is not secure any more, so increase the wireless security to WPA.
      I already use plain user accounts for my day to day activities. I use run-as when I need administrative rights..

      Unfortunately my father has trouble remembering passwords so I have to allow weak ones. I will have his account limited to logging onto the computer in the den to try and mitigate some of the risks.


      I'm forced to use WEP because the TiVo will not support WPA with the wireless adapter I am using.

      I do have broadcast turned off and mac filtering turned on hoping that if someone will connect one of the unsecured networks in my area rather than trying to get into mine.
      Last edited by MannyL; 2nd January 2008, 21:44.

      Comment


      • #4
        Re: Segmenting my parents off my network

        As long as the acconts on your PCs are strongly password protected, and as long as his account does not exist on your PCs, you should be safe even though his has a weak password. But to make it stronger, consider a passphrase with a space in and a fullstop at the end. Asking him to remember a short sentence should be pretty easy, e.g. Dad best 4 ever.
        Best wishes,
        PaulH.
        MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

        Comment

        Working...
        X