What's new

Small network design with controlled Internet access - comments please

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ade

New Around Here
I am working on a network design for 4-6 computers with the main objective of file sharing but I also anticipate needing to patch these computers with Microsoft Windows and McAfee updates from the Internet besides optionally allowing some light surfing/emailing as well. Underlying all this, I'm also worried about security & hacking into the system which contains sensitive data.

Would appreciate some advice on whether the following design is feasible or even practical.

1) For file sharing, all 4-6 computers would be connected to a network switch with a NAS attached.

2) For Windows & McAfee updates, on occasion (monthly/weekly), the network switch (with the 4-6 computers) is connected to a router which in turn is connected to a ADSL modem for the Internet access. After downloading the necessary updates, the switch is disconnected from the router once again.

3) For surfing/emails, the router's Internet access is made available via its wireless port for users with wireless devices (smartphones/laptops). This wireless feature however would be turned off when Windows/McAfee updates are being performed for the internal network.
 
Last edited:
Hi. Just wondering if the lack of feedback means the design really is foolproof or perhaps the opposite and too silly to work.

Some comments would be welcomed.
 
Hi. Just wondering if the lack of feedback means the design really is foolproof or perhaps the opposite and too silly to work.

Some comments would be welcomed.

Not sure what the question is.

You might want to look at some of the consumer UTM devices out there if security is a big issue.
 
Last edited:
Depend on how far you want to go. If absolute isolation, consider setting up a firewall with dmz. Lock all access down to the ip and port (that's what I do at home). Do not allow PC to PC to communicate if possible, this reduce the worms travelling.

In terms of patching, consider setting WSUS and McAfee server to down the patch in a DMZ.
 
For security..keep them behind a good UTM edge appliance like Untangle or Astaro.

For Microsoft updates...have a WSUS box on the LAN to serve them.

Since the greater part of security is through exploits in what I call "web players"..(Java, Flash, Shockwave, PDF readers)...you'll have to address how to keep them updated..offline, or via GPO, or manually.

If security is concerned..I'd look at a much more effective antivirus than Mcafee.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top