DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Network Security (http://www.daniweb.com/forums/forum167.html)
-   -   Help locking down access to client data from "outside" hacking. (http://www.daniweb.com/forums/thread58171.html)

grindy Oct 15th, 2006 7:54 pm
Help locking down access to client data from "outside" hacking.
 
My situation is this:
I have a small business with 5 users. Each user can access our clients data from our internal file server. All users are running XP Professional, as is the server machine.
All of us require daily internet access, which is broadband cable behind a router. Each system is running a Security Suite with personal firewall.
What I need to do is be as certain as is "practically" possible that our clients data is not "compromised" from the outside ( via our broadband connection ).
What - if anything - should I add to this setup to be more secure from "outside" hacking?
All comments are certainly appreciated.

'Stein Oct 16th, 2006 7:19 pm
Re: Help locking down access to client data from "outside" hacking.
 
(moved.)

John A Oct 16th, 2006 8:04 pm
Re: Help locking down access to client data from "outside" hacking.
 
Quote:
Originally Posted by grindy
Each system is running a Security Suite with personal firewall.
What I need to do is be as certain as is "practically" possible that our clients data is not "compromised" from the outside ( via our broadband connection ).
What - if anything - should I add to this setup to be more secure from "outside" hacking?
OK, there are a couple of main security models in terms of firewalls.
  • One Internet gateway firewall that's extremely secure, and all the other computers insecure. This is the most common model. Benefits of this model are that security updates only need to done on one system, disadvantages are that once the hacker is in, your whole system is compromised.
  • Firewall is in place on main gateway, but firewalls are also installed on every network client machine. Benefits of this is that it's very secure, disadvantages are that it will become increasingly difficult to maintain security updates on all machine and still keep the network running.
As most people opt for the first one, that's probably the best one to go with. It's still very secure, and like I just said, it's very easy to maintain.

Your router has a built-in firewall, so your router can double as an Internet gateway. However, you might want to consider getting a seperate Internet gateway machine (woud have 2 network cards, one connected to the Internet, and the other connected to the WAN port in the router) that all the data has to pass through before it gets to the router, if you find the router's built-in firewall to limited.

Hope this helps

TheOgre Nov 7th, 2006 12:30 pm
Re: Help locking down access to client data from "outside" hacking.
 
What kind of router are you using? Is it a cheapo LinkSys/D-Link/Netgear/etc or is it a more robust FIREWALL (Netopia/Cyberguard/etc.)? Do you have access controls in place? Do you allow VPN access into your network (so people can work from home)?

What KIND of data are you trying to protect? Do you fall under GLBA/SOX/HIPAA and are therefor required to meet government regulations for securing data access?


Do you have antivirus installed on all systems? What kind of spyware protection do you have? How are you preventing your inside users from downloading potentially harmful files from the Net that can initiate connections that bring in potentially unsafe content?

Some more details would help..


All times are GMT -4. The time now is 11:28 pm.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC