Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Setting up a company network questions
New Posts  All Forums:Forum Nav:

Setting up a company network questions

post #1 of 8
Thread Starter 
Im a noob to networking so my apologies if this question seems bad. Is there a way that a server and a few computers can only be limited to seeing each other and only allowed to communicate to each other on a network? Im trying to prevent unwanted access. Are there any solid tutorials for complicated network setups for noobs and documentation on what I can do with my netgear?
OverKill
(18 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1055T Gigabyte 890FXA ATI FirePro V3800 ATI FirePro V3800 
RAMHard DriveHard DriveOptical Drive
16gb GSkill 10666 Seagate Western Digital  LG Blue Ray 
CoolingOSMonitorMonitor
stock air 7 Pro 64 bit (2)22" Acer x223w (2)23" Acer G235H 
KeyboardPowerCaseMouse
Microsoft Wireless Antec 900watt Antec 300 Wacom Tablet 
Audio
Logitech Speakers and sub 
  hide details  
Reply
OverKill
(18 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1055T Gigabyte 890FXA ATI FirePro V3800 ATI FirePro V3800 
RAMHard DriveHard DriveOptical Drive
16gb GSkill 10666 Seagate Western Digital  LG Blue Ray 
CoolingOSMonitorMonitor
stock air 7 Pro 64 bit (2)22" Acer x223w (2)23" Acer G235H 
KeyboardPowerCaseMouse
Microsoft Wireless Antec 900watt Antec 300 Wacom Tablet 
Audio
Logitech Speakers and sub 
  hide details  
Reply
post #2 of 8
Your question is very vague and very difficult to answer without what services your server is doing and what are you trying to restrict.

Are you talking about a file share?
Do you have an Active Directory Environment?
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #3 of 8
Run a Firewall with authentication or just run it behind a Router.
Routers all have firewalls of some sort since they have to packet filter with the multiple networks / subnets.
ESXi Home Box
(6 items)
 
The Workstation.
(16 items)
 
 
CPURAMHard DriveOS
Dual L5630 72GB DDR3 RECC 120GB VERTEX 4 + 6TB RAID5 ESXi 6.0 U2 
Other
Dell PowedgeR710  
CPUGraphicsRAMHard Drive
Intel Core i5 2.4GHZ Intel Iris Pro 16GB DDR3 256GB PCI-e x2 
OSKeyboardMouse
OSX 10.11 + Win 10 Apple Wireless Keyboard Apple Magic Trackpad 
  hide details  
Reply
ESXi Home Box
(6 items)
 
The Workstation.
(16 items)
 
 
CPURAMHard DriveOS
Dual L5630 72GB DDR3 RECC 120GB VERTEX 4 + 6TB RAID5 ESXi 6.0 U2 
Other
Dell PowedgeR710  
CPUGraphicsRAMHard Drive
Intel Core i5 2.4GHZ Intel Iris Pro 16GB DDR3 256GB PCI-e x2 
OSKeyboardMouse
OSX 10.11 + Win 10 Apple Wireless Keyboard Apple Magic Trackpad 
  hide details  
Reply
post #4 of 8
Thread Starter 
I would like to learn about active domain but never done one before. I have two netgear routers both N600s. Would it also be a good idea to restrict what goes in and out of the router by ip? I dont know how or if IPs are there for iPads or iPhones.
OverKill
(18 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1055T Gigabyte 890FXA ATI FirePro V3800 ATI FirePro V3800 
RAMHard DriveHard DriveOptical Drive
16gb GSkill 10666 Seagate Western Digital  LG Blue Ray 
CoolingOSMonitorMonitor
stock air 7 Pro 64 bit (2)22" Acer x223w (2)23" Acer G235H 
KeyboardPowerCaseMouse
Microsoft Wireless Antec 900watt Antec 300 Wacom Tablet 
Audio
Logitech Speakers and sub 
  hide details  
Reply
OverKill
(18 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1055T Gigabyte 890FXA ATI FirePro V3800 ATI FirePro V3800 
RAMHard DriveHard DriveOptical Drive
16gb GSkill 10666 Seagate Western Digital  LG Blue Ray 
CoolingOSMonitorMonitor
stock air 7 Pro 64 bit (2)22" Acer x223w (2)23" Acer G235H 
KeyboardPowerCaseMouse
Microsoft Wireless Antec 900watt Antec 300 Wacom Tablet 
Audio
Logitech Speakers and sub 
  hide details  
Reply
post #5 of 8
Quote:
Originally Posted by graphicsman View Post

Im a noob to networking so my apologies if this question seems bad. Is there a way that a server and a few computers can only be limited to seeing each other and only allowed to communicate to each other on a network? Im trying to prevent unwanted access. Are there any solid tutorials for complicated network setups for noobs and documentation on what I can do with my netgear?
What you are really wanting/needing is a Firewall. This is the preferred method for a business.
Quote:
Originally Posted by wgman003 View Post

Your question is very vague and very difficult to answer without what services your server is doing and what are you trying to restrict.

Are you talking about a file share?
Do you have an Active Directory Environment?
If you are a Networking Nut then you should have identified that the OP is needing a device that can run an Access Control List.
Quote:
Originally Posted by linkinparkfan007 View Post

Run a Firewall with authentication or just run it behind a Router.
Routers all have firewalls of some sort since they have to packet filter with the multiple networks / subnets.
While this statement is partially true with home grade equipment it is not with business grade equipment. All routers do not have firewalls built in. While most routers do have the capabilities of running ACL's all they do not look deeper into the packet. Most ACL's applied that are applied at a router or layer 3 switch will filter by IP and/or VLAN. Extended ACL's can filter on source port.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #6 of 8
The reason I asked is because he said he wanted to restrict computers talking to other computers and servers on a network. So I was looking at within the confines of the subnet. You could literally come up a thousand ways to "restrict" access. That is why I asked for clarification. If he was trying to restrict folder access on a server or particular service, Active Directory is an option, but again, I did not know what his specifications were. You can also apply Access Controls within AD. And as the title stated it was a company, then chances are it has AD in it. Which prompted my question.



However, I digress...

Ideally, to get more manageability than the N600 will require more expensive hardware/software, as some of the items above are suggested. I personally would look at a centralized approach and have Active Directory (Windows Small Business server is a great option) manage which ever resources on the server. Usernames are controlled by the server and workstations do not communicate to each other at all. However, you may not have that capability, so I suggest the options below with what you have.


Wireless Devices
I actually own a N600 and what you can do are two options. The wireless router has a Guest network and an isolated 5GHz band. On the 5GHz band of the WiFi (which most new mobile devices have) is enable network isolation and it will still get an IP address from the router, but it will not be able to communicate to you computers that are hard wired. You can also set up the guest wireless feature in the N600 which will also isolate your mobile devices from touching your LAN.

Workstation to Server
As far as on limiting connectivity from a workstation to a server, assuming you are running Windows 2008 you can go into the windows firewall and block a specific IP address.
LINK: https://support.gearhost.com/KB/a520/block-ip-address-with-windows-firewall-2008.aspx


Workstation to Workstation
Blocking workstation from workstation, again, you can use windows firewall.
Link: http://www.petri.co.il/windows-7-firewall.htm



The only caveat to this is that machines will have to have static IP addresses to block but this can be avoided if they change the IP address.

In that case, you can say only allow communication from these IP addresses and anything else you can block. Careful with this because you may block your gateway or other important services and kill internet connectivity.


You could also block based on computer name too. Also, possibly MAC address, but that may require additional software as I'm not aware of whether you can do that.
Edited by wgman003 - 2/27/13 at 10:30pm
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #7 of 8
That is by far the least centralized way to limit connectivity. It also posses numerous security risks and relying on Windows to filter access. Appling an ACL at a hardware firewall or even at a router will stop all traffic from even getting to that subnet. If you have an insider threat with the above recommendation would enable that threat access to perform things such as port scans, brute force attacks and more. Utilizing hardware when the packet incoming is destined to the unauthorized network segment simply and cleanly just drops the packet not even allowing a TCP ack syn-ack from occuring, same with UDP sessions.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #8 of 8
Would it not be possible to just start very simple and set a subnet mask of something that prevents less hosts on the network? Example: 255.255.255.240 allowing 14 hosts on the network? I dont know if you have a budget or are working on only what you have. You may find it a valid solution to purchase a manged switch. This way you could setup VLANS and isolate network traffic to only the Vlan you create for it. You could take a standard 24 port switch and create 2 vlans with 12 ports each. The only way Vlan 1 could talk to Vlan 2 would be if you physically plug the patch cable between them.

Let me know if there are any inaccuracies in any of that guys. redface.gif
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Setting up a company network questions