Setting up a proper network at home

I have a home network where there is very restricted file sharing as I
was rather paranoid about security (there is a 'transfers' folder that
other PCs can read from but not write to, i.e. you can 'pull' things
to your PC but not 'push' them to another). This was fine when there
were only the two PCs and few files to move around that we were
working on.

I now want to make the next step and have something more like a proper
network with a fileserver. At least, that's about as far as I've got
with thinking about things. So I'm looking for some websites,
threads, etc. that might give me some ideas about pros and cons.
Perhaps I'm over-engineering the problem?

As part of this upgrade, I'd like to build in the ability so that in
the nearish future I would be able to add the functionality to be able
to connect to my home LAN from outside the house (e.g. from work) and
to connect to devices on the home LAN. I am very very concerned about
the security risks of this.

I've tried a number of searches on google but get lots of hits for the
wrong things (mainly setting up regular home networks). Could someone
please point me in the right direction?

Thanks in advance

--
TTFN
Brian
Reply to brian [.] white [@] pobox [.] com
[Not got a decent sig yet - another thing to do!]

On Sun, 16 Oct 2005 20:02:43 +0100, Brian <address_in_sig> scrawled:

>I have a home network where there is very restricted file sharing as I
>was rather paranoid about security (there is a 'transfers' folder that
>other PCs can read from but not write to, i.e. you can 'pull' things
>to your PC but not 'push' them to another). This was fine when there
>were only the two PCs and few files to move around that we were
>working on.
>
>I now want to make the next step and have something more like a proper
>network with a fileserver. At least, that's about as far as I've got
>with thinking about things. So I'm looking for some websites,
>threads, etc. that might give me some ideas about pros and cons.
>Perhaps I'm over-engineering the problem?
>
Possibly, I'm just in the process of setting up a SuSE\Samba based
network with centralised server (and I use "in the procsess of" in
it's loosest sense!).

I have no real need to do this, even with 6 PC's on the network. The
file sharing between machines (one is designated as a central sort of
file server with a seperate shared partition with full read\write
access. I have mapped network drives from all machines to this and it
works well. This particular machine is always on as it is also a
central media server for the MediaMVP boxes around the house.

The only reason I'm changing the way it all works to add in the SuSE
box is because I decided I wanted roaming profiles.

>As part of this upgrade, I'd like to build in the ability so that in
>the nearish future I would be able to add the functionality to be able
>to connect to my home LAN from outside the house (e.g. from work) and
>to connect to devices on the home LAN. I am very very concerned about
>the security risks of this.
>
Google VPN. You don't need a server to do remote access.
--
Stuart @ SJW Electrical

Please Reply to group

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian wrote:
> I have a home network where there is very restricted file sharing as I
> was rather paranoid about security (there is a 'transfers' folder that
> other PCs can read from but not write to, i.e. you can 'pull' things
> to your PC but not 'push' them to another). This was fine when there
> were only the two PCs and few files to move around that we were
> working on.
>
> I now want to make the next step and have something more like a proper
> network with a fileserver. At least, that's about as far as I've got
> with thinking about things. So I'm looking for some websites,
> threads, etc. that might give me some ideas about pros and cons.
> Perhaps I'm over-engineering the problem?

You could go for a "Network Attached Storage" or NAS drive. It's a hard
disk in a box with network access. AFAIK needs very little set up or
maintenance and you can usually have different logins for different folder
access etc.


> As part of this upgrade, I'd like to build in the ability so that in
> the nearish future I would be able to add the functionality to be able
> to connect to my home LAN from outside the house (e.g. from work) and
> to connect to devices on the home LAN. I am very very concerned about
> the security risks of this.

If you've got broadband you could get a router that has a built-in VPN
server (not "pass through"). Not looking at more than £150 for a good
device, ZyXEL's Prestige range have worked well for me. You could quite
easily set the router's firewall to only allow VPN access from certain IP
addresses and depending on the device only certain times/days.


HTH
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDU4tQ7uRVdtPsXDkRAgOIAJ4z4nP3tnOGU1uwxudOeg xAhMSyfQCgg5br
81cTHu5iO+7SmGY4dFkc2HM=
=0AKT
-----END PGP SIGNATURE-----

Adam Piggott wrote:
>>I have a home network where there is very restricted file sharing as I
>>was rather paranoid about security (there is a 'transfers' folder that
>>other PCs can read from but not write to, i.e. you can 'pull' things
>>to your PC but not 'push' them to another). This was fine when there
>>were only the two PCs and few files to move around that we were
>>working on.
>>
>>I now want to make the next step and have something more like a proper
>>network with a fileserver. At least, that's about as far as I've got
>>with thinking about things. So I'm looking for some websites,
>>threads, etc. that might give me some ideas about pros and cons.
>>Perhaps I'm over-engineering the problem?
>
>
> You could go for a "Network Attached Storage" or NAS drive. It's a hard
> disk in a box with network access. AFAIK needs very little set up or
> maintenance and you can usually have different logins for different folder
> access etc.
>
>>As part of this upgrade, I'd like to build in the ability so that in
>>the nearish future I would be able to add the functionality to be able
>>to connect to my home LAN from outside the house (e.g. from work) and
>>to connect to devices on the home LAN. I am very very concerned about
>>the security risks of this.
>
>
> If you've got broadband you could get a router that has a built-in VPN
> server (not "pass through"). Not looking at more than £150 for a good
> device, ZyXEL's Prestige range have worked well for me. You could quite
> easily set the router's firewall to only allow VPN access from certain IP
> addresses and depending on the device only certain times/days.

That's one way of solving the two problems. An alternative, if you want
to learn about the world outside redmond, might be to get a linux or
*bsd (I use freebsd) box, which can be as flexible in use as you like -
mine acts as router (two home lan segments, plus bb/fallback dialup
connection), highly flexible firewall, file server (smb and nfs), mail
server (*I* get to say what's spam or not), multiple web servers, time
server, (experimental, in my case) vpn server, plus odds and ends like
automatically checking ernie monthly. It's a steep learning curve after
win*ws to get started though, I can't deny, but *very* well worth while
(IMO, of course) -- when I started, I was after a programmable
router/firewall, that was all; it just growed :-)

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)

In message <(E-Mail Removed)>, Brian
<address_in_sig@?.?.invalid> writes
>I have a home network where there is very restricted file sharing as I
>was rather paranoid about security (there is a 'transfers' folder that
>other PCs can read from but not write to, i.e. you can 'pull' things
>to your PC but not 'push' them to another). This was fine when there
>were only the two PCs and few files to move around that we were
>working on.
>
>I now want to make the next step and have something more like a proper
>network with a fileserver. At least, that's about as far as I've got
>with thinking about things. So I'm looking for some websites,
>threads, etc. that might give me some ideas about pros and cons.
>Perhaps I'm over-engineering the problem?

If you go with Windows software you have two basic choices. You can use
a peer-to-peer network. You have to set up security on each PC
separately. You can certainly run a file-server this way, but if you
need to make changes to security settings it will become a pain.

If you want to control network security from a single point then you
need a real server operating system; NT4, Windows 2000 or Windows 2003.
That's expensive but not too complicated.

If you have the time and the inclination you can set up a Linux server
to do pretty much the same thing, using the Samba package. It's
reasonably straightforward and quite secure.

>
>As part of this upgrade, I'd like to build in the ability so that in
>the nearish future I would be able to add the functionality to be able
>to connect to my home LAN from outside the house (e.g. from work) and
>to connect to devices on the home LAN. I am very very concerned about
>the security risks of this.

That's good. Because even if your system doesn't hold valuable data it
could still be turned into a zombie that then becomes a problem for
everyone else.

If you have a broadband router that handles NAT then you can simply hook
your internal network to it.

There are several different options you can use to connect from outside.
Which one is best for you depends on what you intend to do with the
Internet connection and how much use you are going to make of it.
A simple approach (and free) would be to install VNC on each machine
with SSH tunnelling to get a secure connection.

Keywords: VPN, VNC, SSH Tunnelling, NAT, port forwarding



--
Bernard Peek
London, UK. DBA, Manager, Trainer & Author.

Lurch wrote:
> Possibly, I'm just in the process of setting up a SuSE\Samba based
> network with centralised server (and I use "in the procsess of" in
> it's loosest sense!).

If you need any help with that, let me know. I'm far from an expert,
but I've just done exactly that with SLES 9 for ~2000 and ~200
workstations. Works like a charm.

--
-Gareth Halfacree
http://gareth.halfacree.co.uk

On Mon, 17 Oct 2005 16:39:30 GMT, Gareth R Halfacree
<(E-Mail Removed)> scrawled:

>If you need any help with that, let me know. I'm far from an expert,
>but I've just done exactly that with SLES 9 for ~2000 and ~200
>workstations. Works like a charm.

Ta very much.

Glad to hear I didn't just dream up a madcap idea after all!
--
Stuart @ SJW Electrical

Please Reply to group

Lurch wrote:
> On Mon, 17 Oct 2005 16:39:30 GMT, Gareth R Halfacree
> <(E-Mail Removed)> scrawled:
>>If you need any help with that, let me know. I'm far from an expert,
>>but I've just done exactly that with SLES 9 for ~2000 and ~200
>>workstations. Works like a charm.
>
> Ta very much.
>
> Glad to hear I didn't just dream up a madcap idea after all!

No problems. For those playing at home, the missing word was 'users',
as in "for ~2000 _users_ and ~200 workstations".

I set up the server as a Windows NT Primary Domain Controller, and it
takes care of user authentication, file storage, roaming profiles, and
network printing. Performance is excellent, the users don't know it's
Linux, and it makes my life one heck of a lot easier compared to the
Novell Netware server it replaces.

Like I say, if your project leaves the planning stages let me know;
there are a few pitfalls to watch out for.

--
-Gareth Halfacree
http://gareth.halfacree.co.uk