Introduction: - A small business network design will of course be a function of the number of users, and the programs that make it up. For most small businesses a peer to peer network with a file server, a router, and a few workstations will be adequate.

Your file server can basically be a standard PC that you consider to be your file server.

Small Office Network

Internet – ISP Wire to office

Modem Translates electronic data

Router Disperses electronic data

Network Adaptor Required for each Computer

Wired NIC (network interface card) or Ethernet card

Wireless Wireless Adaptor

With this configuration you can use the file server as locker for all of your data and set up online backup software to back it up continually. The costs for these services are negligible when considering the frustration and lost time that comes from losing your data.

I would like to suggest use static IP addresses to each work station not DHCP. What this means is that the IP address of each machine will remain the same at all times. Removing the variability that is associated with DHCP makes trouble shoots much easier if you have any problems or need to add equipment to the network. 

What you will need to get started;

cat 5 Ethernet Cable (purchase lengths accordingly)

cable/dsl modem (the box the cable supplying the internet plugs into)

Router (Wired or Wi-Fi. If using Wi-Fi stick with 802.11n)

Two workstation and two laptop

File server (another computer)

Modem

Printer

Network: - One or more devices connected together

To the Internet with a router

To each other in order to share Resources:

Internet Connections

Sharing Files

Sharing Printers

WAN, LAN, WLAN, PAN

WAN – Wide Area Network … many computers, locations

LAN – Local Area Network … few computers, 1 location

PAN – Personal Area Network … home network

WLAN – Wireless Local Area Network

Note :- Cross-over cable can be confusing. Hold them side by side and the colors should be the same, otherwise orange and blue are switched

Wireless

Wireless Networking Standards

802.11 a, b, and g

configuration specifications to insure compatibility

Different speed/range capabilities

Equipment conforming to “g” is most popular/available

Good for 100-400 feet … in a house

General rule – don’t mix equipment made to different standards

Bluetooth

Standard which is often used for peripheral devices

Printers, scanners, cell phones, etc

Short range (10 ft), high speed

What is a Cable/DSL Modem

Modem (modulator/demodulator)

encodes/decodes information transmitted to the internet

Usually provided and controlled by your ISP

Connects your home to the Internet.

This is the device that gets your public IP (internet protocol) address

Normally has no firewall protection

What is a Router

Connects one network to another … Sometimes called a “Gateway”

Connects your computer to the internet (cable modem or DSL Line) – keeps LAN traffic local

Routers keep track of IP addresses and physical (MAC) addresses of hosts

IP (Internet Protocol) address … your computers internet address

MAC (Media Access Control) … id for each physical communication device

What is an Access Point

A point where computers access a network

Device which links wireless users to network

Transmits and receives data (Transceiver)

Bridge between wireless and wired networks

Can be linked together to cover broad area

No security or firewall implemented

What is a Firewall

A device that filters packets of data or traffic

Its job is to be a traffic cop

You configure the firewall:

What will allow to pass

What will it block

Hides your home network from the outside world

Can be either in hardware or software

Most popular routers for home have built in firewall protection

What Does a Firewall do?

They:

Protect your home computer from the bad guys

Keep your information private

Make you less of a target

By:

Stopping viruses

Hiding your computer from the world

Making the bad guys work harder to get your info

Firewall Protection

Hardware Firewall Routers

The idea is layers of protection

Examples of home combo units include

Belkin (we will demo tonight)

Dlink

Linksys

Netgear

Software Firewalls

Adding a second level of protection

Controlling what leaves your computer

By being aware of application level attacks

By allow you to schedule

Usage of the internet by time (control access at night)

By location (block content for young children)

Software Firewalls for Home Use

Examples

Zone Alarm (Free)

McAfee Firewall

Symantec’s Norton Personal Firewall

Computer Associates with Firewall (free)

Windows Firewall in XP Service Pack 2 (free)

Configure Wireless Firewall/router Overview

Basic Settings … name, ip address, etc

Check for firmware updates

Set Account name and password

Change name and password … don’t used default

Wireless Settings

SSID broadcast …

make sure that remote computers are set to automatically connect

Do not enable DMZ

Do enable ping blocking

Security - Blocking and Filtering

Wireless Security encryption

MAC filtering

Back up settings

Basic Settings and Info

Run Install CD that comes with router

Basic info will be automatically entered or requested

To change info:

For Belkin the default IP address is 192.168.2.1

Other manufacturers use different ip addresses (later slide)

Enter this into address bar

Setup page will be displayed

Firmware – firmware that is embedded in a hardware device

Updated occasionally by manufactures

Check whenever you access router

Account Name

Change name

Default name is set by manufacturer … eg, Belkin54

Bad guys know defaults and default administrative passwords

Create Administrative Password

Use Strong Password

Record your password where you can find it so you can make changes

Default Info

Router default info is easily available on internet for consumers

So Change Name and Password

Mfg Default IP User Name

Password

Belkin 192.168.2.1

admin

blank

D-link 192.168.0.1

admin

blank

Linksys

192.168.1.1

blank admin

Netgear

192.168.0.1

admin

password

Wireless Settings

SSID - service set identifier

name given to your wireless network

Broadcasting this ID makes network visible to PCs in area

can be turned off so it will not be detected by other PCs in area

Be sure to set up your own pc to automatically detect and logon to your WLAN

DMZ –

allows you to select a PC to access WLAN outside the firewall

do not enable unless firewall interferes with some activity

Ping Blocking –troubleshooting tool

Signal sent and echo received indicates valid ip address

Used by hackers to find active computers

Enable ping blocking … won’t send echo back

Security Blocking and Filtering

Encryption – coding transmissions

Multiple variations. 2 most common:

WPA-PSK … Wireless Protected Access (Pre-shared key)

Use same password for all computers

Preferred Choice

WEP … Wired equivalent privacy

64 or 128 bit encryption … doesn’t matter

Enter Password … converts to hex code

Must enter hex code

2nd Choice (if WPA not supported)

MAC Filtering

MAC address … Media Access Control address

Unique ID permanently attached to each communication device by manufacturer – hardware id

Can find MAC address: run à cmd à ipconfig/all

Enter MAC addresses of acceptable network clients

If address is not on filter list, access to network will be denied

Very effective security method

RECAPSteps to protect your wireless network

Change the default password on your router

Enable WPA(PSK) or WEP on router and wireless workstation

Use MAC address filtering

SSID broadcast off

Prohibit Peer-to-peer (Ad Hoc) networking

5. Keep current on hardware bios upgrades

Print and File SharingOverview

Print and File Sharing:

Useful, but Risky if all computers are not secure

Setting up Network for Printer and File sharing

Interface card

Set Interface card to allow

Each computer in network

Make sure each computer is part of network

Printer

Make sure that Print sharing is allowed for printer

Load appropriate print drivers on each computer

Firewall Settings

Reset network IP range to trusted zone

Place files to share in “Shared Documents” folder

Print and File SharingDetails (1)

Be sure WLAN is working and secure

Interface card

Start à connect to à NIC or WLAN card à properties

Check “File and Printer sharing on Microsoft Networks”

Repeat for all PCs on Network

Printer

Start à Printers and Faxes à shared printer

Select properties à sharing à check “share this Printer)

Print and File SharingDetails (2)

Firewall

Be sure WLAN IPs are allowed in Firewall for all PCs

Zone Alarm

à Firewall à zones à add à IP range à <enter appropriate range>

Network ID for each computer

Under My Computer à Properties à Computer name

Click Change and add WLAN name as Workgroup

Shared Documents Folder for each computer

Any files in the Shared Documents folder will be accessible from all computers

www.lccug.com

Set Up Your Router

If you are using a new router it should work right away with your computers. It may come with software that will set up your initial configurations.Security for small business wireless network

If you choose to go with a wireless/ Wi-Fi network a few precautions can be taken to minimize the threat of an intruder.

1. Change your routers SSID. This is simply what you call your router. A name like “Joe the plumber’s small business wireless network” could potentially draw some attention so stick with something that promotes anonymity.

2. Don’t broadcast. Some router have a broadcast setting that you want to make sure is turned off.

3. Use a password. Set up 128-bit WEP encryption. This is a straight forward process that varies depending on your router. Once you set the password write it down and file it away.

4. Enable firewall. If your wireless router has one enable the firewall.5. Set up a work group. The last measure is simply naming the workgroup of your network.

This will have to be done on each workstation. To do this, go to “Control Panel,” then “System Properties,” then “Computer Name.” Click the “Change” button and type in a new workgroup name.

What can one expect to pay for the above solution? Well, I recently reviewed a proposal from a mom and pop computer repair and consulting company and the price for a new server, one workstation, the router, and setting it all up was right around $1760.00.

Copyright SHYEntrepreneur.com. All Rights Reserved.

How to set up a TCP/IP network

You may want set up a local network for the Internet protocol TCP/IP (in addition to IPX) to allow use of applications which use TCP/IP on your network. In addition you may want to set up

TCP/IP to allow computers on your LAN to access the Internet as described below. To do this set up the TCP/IP protocol in Windows 98/XP networking and bind it to your Ethernet adapter. Each computer on the LAN needs to have its own address. The addresses in the ranges 10.10.10.0 to 10.10.10.255 and 192.168.0.0 to 192.168.0.255 have been reserved for local networks so no site on the Internet will have addresses in these ranges. Therefore you should give each computer on your LAN a different address within this range such as 10.10.10.1, 10.10.10.2, etc. Doesn’t use 10.10.10.0 or 10.10.10.255 as these have special uses. Set the network mask to 255.255.255.0 on each computer. You may be able to use the network connection wizard to automatically set up your network.

Connecting your local network to the Internet

You can set up a modem on one of your computers under dial up networking to access an Internet Service Provider (ISP) such as IBM.net or sprynet.com even though you have a local TCP/IP network set up. The computer will automatically go to your local network for addresses in the 10.10.10.X range and to your dial up network for other addresses. But what if you want employees on any of your computers to have access to the Internet for email and other applications? This can be done as follows:

ISPs generally provide a single Internet Protocol (IP) address to their low-cost dial-up customers. This IP address is usually assigned dynamically at logon time so that it can be reassigned to someone else when you log off. ISPs also usually only allow one person to log on at a time under a single account so even if you have multiple phone lines and modems you would need multiple ISP accounts to allow two or more people simultaneous internet access. There are a number of software products such as Trumpet Firesock ( see "connectivity products" at www.tucows.com or www.cws.com ) which allow multiple computers on a LAN to use a single ISP account simultaneously. These programs use "IP spoofing" to make multiple users look like a single user to your ISP. The modem and connectivity product are installed on one of your computers. The TCP protocol in all the computers is set so that the address of the connectivity computer (eg 10.10.10.1) is set as the gateway. All the computers are set to use the Domain Name Server address (DNS) specified by the ISP. The connectivity product can be set to automatically dial and connect to the ISP whenever anyone tries to access any internet service outside your LAN and disconnect after a predetermined time elapses with no access. The "connectivity computer" would need to be left on whenever anyone might need access. Alternately a stand-alone "router" can be used to connect between your LAN and the internet via dial-up modem, high speed access, or ISDN line.

You can usually connect multiple computers to a network that also includes a cable modem or DSL modem to allow all the computers Internet access. However, cable and DSL accounts also typically charge more for multiple computer access to the Internet. If you have two NIC cards in a connectivity computer you can connect one to your cable modem and the other to your in-house network linking to other computers. Windows XP will nearly automatically set up both sides of this arrangement (no additional connectivity product needed) such that the cable or DSL modem thinks it is only talking to one user. You only pay the single user charge while your other computers can access the Internet via the connectivity computer. You may also be able to use a single NIC to connect to your internal network and use a USB cable to connect to the cable or

DSL modem, avoiding a second NIC. Inexpensive router boxes can be used to connect a single modem to multiple computers.

Cable and DSL "always on" services normally semi-permanently assign an IP address and name to your account.

Voice Over IP Services

Inexpensive router boxes are now available to support voice over IP (VOIP) services provided by Vonage or other Internet based telephone service. These units connect to the Internet via RJ-45 cable connecting to your cable or DSL modem and typically provide two RJ-11 phone connectors and three RJ-45 ethernet connectors. The ethernet connectors can be connected directly to up to three computers. The phone connectors can be connected to ordinary phones to provide up to two lines of phone service. The phone lines can be routed to many phones via standard building phone lines. However, these small VOIP boxes may not be able to drive as many ringers as a typical telephone company line. If you are using more than one phone on each line, check with the box vendor to see how many phones each line can handle. A major advantage of Vonage or other non-locality based VOIP provider is that by taking the little box with you and plugging it in to local Internet, you can be reached on your local number wherever you go. Callers have no way of knowing you are not in your office. Careful, if someone should happen to dial 911 while in the remote location, the fire trucks are going to go to the wrong address!

The quality of the VOIP service is mostly dependent on the quality of the underlying Internet service. For example, if you are having problems with Vonage it is more likely that the actual problem is with your cable or DSL supplier. If you are using a separate router (e.g. wireless router) the VOIP box should be connected to the modem and the router connected to the VOIP box. This way the VOIP box will have priority over the computer's access and voice quality will be better during times when your computers are accessing the Internet.

Be advised that fax machines typically do not work well with VOIP. This is because any momentary delay, slowdown, or dropped packets, which do not cause any problem with the computer Internet connection, and only cause a click on the voice line, can interfere with the operation of the analog modem in the fax causing a dropped fax error. If you are having problems faxing, try setting the fax's modem to operate at a slower speed (2400 baud) instead of the normal 14,400 baud. If the fax's instruction manual does not say how to do this (they frequently do not), try searching on the Internet. Unfortunately, if it works today it still might not work tomorrow when if the Internet is busier.

Many people report they are totally unable to obtain reliable fax operation through VOIP. It is futile to look to the VOIP service for a solution and your Internet provider is likely to blame the VOIP provider. An obvious solution that eliminates the need to even have a fax machine is to have capability for receiving faxes as an email attachment and for sending faxes from a scanned or PDF document file uploaded to the VOIP provider. This would allow you to send and receive faxes at your laptop in the field as well as at your SOHO and also allows you to store faxes on your hard drive as opposed to paper file. For some unknown reason, Vonage does not provide

this capability although they do provide the capability for receiving voice mail messages as email attached audio files. You may obtain fax capability from myfax.com, which allows faxes to be sent by sending an email with or without attachment to 13015552525@myfax.com, allows receipt of faxes by email, and provides incoming fax numbers matching your area code. They have a cheaper service in which you cannot specify area code for your incoming fax number.

Dynamic Host Configuration Protocol (DHCP)

All the participating devices (computers, routers, etc) in an Internet network need certain configuration data to operate including the Internet Protocol (IP) address to be used by the device, IP address of the upstream gateway, mask defining the size of the local network, and nameserver addresses. Modern software and hardware can use DHCP to get this information automatically from the upstream side at startup and avoid the need for manual entry. However, you need to initialize the boxes in a particular order for this to work. If you first turn on the cable or DSL modem, the modem will get its information from the company. Then you can turn on your router box, which will get its information from the modem. Then turn on computers so they can get their configuration data from the router box. If power fails frequently in your area you may want to use a small uninterruptible power supply (UPS). to power the modem and router boxes to avoid having to go through this sequence later.

Using ISDN with a local network

If you live in an area which provides Integrated Services Digital Network (ISDN) at reasonable rates such as the Southern part of Bell Atlantic’s service area you may want to consider using ISDN vs a modem and analog line to provide Internet connectivity to a LAN.ISDN is being replaced with DSL or cable high speed Internet access.

Wireless

Inexpensive wireless routers are now available that connect to a cable or DSL modem and provide a local wireless Internet "hot spot" in addition to providing typically three RJ-45 connections for wired service. Modern laptops,, netbooks, and smart phones typically come with built-in wireless capability. Small wireless adapters that plug into a USB port can be used to connect a desktop machine to the wireless network. Wireless typically has more "glitches" than wired and may be somewhat slower, so if a computer is semi-permanently in the same room as the router, use a wired connection.

Typical Small Office Network with Internet Capability

Here is a description of a typical Internet enabled small office network for a small company "SmallCo":

Five PC type computers running Windows or MacOS are connected via NICs to an Ethernet using 10-base-T RJ-45 wiring and an 8 port hub. PCs are configured to use TCP/IP protocol and to use file and printer sharing over the IPX/SPX protocol so all employees can use all the printers and can use a common file areas or drives on the PCs. A stand-alone router is used to connect to

the Internet via DSL, cable, or analog modem using an Internet access provider and single user account. The company has a web site at www.xyz.com hosted elsewhere by an ISP or web site developer. (Some DSL and cable providers object to users running web sites from their DSL or cable accounts.) Each employee has an email address such as aaa@xyz.com , bbb@xyz.com etc. The web site provider furnishes POP email mail boxes for each employee. Alternately, the web site provider can supply aliases to route mail from " aaa@xyz.com ” to an access provider mail box. Email clients on the employee computers access the POP mail boxes to receive mail and send mail via an access provider SMTP server.

Managing Modems and Routers

Cable modems, DSL modems, and routers usually have a built-in web server that displays administrative pages. By entering the proper numerical IP address in your browser, you can contact this web server and configure the operation of the device. Modems also usually display diagnostic information including incoming signal strength, etc. This information is very useful when talking to your provider about any problem. Modems, routers, and your individual computers all can be configured to act as firewalls. This can cause confusion if, for example, you are trying to alter the firewall to allow some new service. Also see DHCP above.

Copyright © 1997 - 2010 Azinet LLC