Odd Network/DSL installation.

I hope that I am posting this in the appropriate area. If not perhaps someone will be kind enough to let me know.

I recently attended Windows 2000 Pro Workgroup network installation, where one of the terminals has DSL connection to the Internet a Modem/Router.

I was invited to assist because the owners believed that there was neither Firewall nor Antivirus software in place.

I installed both Firewall and Antivirus software. I also established that the Modem/Router has NAT capability. I was unable to verify whether the Modem/Router was configured correctly as the owners could not find the appropriate information. I understand that the network has been "˜maintained’ by a number of persons, including staff members.

The intention is to use the computer in question as the Gateway machine to the Internet.

Apart from the fact that there was no Firewall of Antivirus, I also noted other possible security problem areas "“ there was no log-on password to the network, the user was the Administrator. I asked whether this was the same for all (8) terminals and was told that this was correct. They find passwords so cumbersome.

I also noted that the DSL connection seemed very slow "“ 4 minutes per MB download, or about the speed of a dialup connection.

I have not been able to determine the configurations of the other terminals. Therefore I have no idea at all regarding permissions, although I observed that the computer in question could access drives on at least some of the other terminals

At last, we get to the actual question!
During my attendance, I was asked why the computer in question could not be logged on to the Local Network unless the Modem/Router was first powered on.

I found that the computer in question has one NIC. This card is attached via Twisted Pair to the original Network Hub.

The Network Hub itself is attached via Twisted Pair to the Modem/Router.

There is a Serial to RJ45 cable joining the Serial Port of the computer in question to the Modem/Router.

I have no idea at this time as to the purpose of the Serial connection as I have not been able to return to the site

The computer in question is not the gateway. The network and the Modem/Router is the gateway.

I believe that the entire network is insecure both internally and in relation to the Internet, and have informed the owners of my belief. The owners do not seem all that concerned.

Can someone assist? Is the network potentially in danger from attack from the Internet? Or have I missed something basic? What might be the purpose of the Serial to Modem/Router connection?

GeoffG

 

Geoff,

It sounds like you have inherited a messy network. I am not a network guru, but have a few thoughts about the setup. If anyone can add anything or pull my thoughts to bits, please do so.

The serial to RJ45 connection sounds like a connection for a console management tool and can probably be disconnected.

You should have a look at the IP addressing of the entire network - remove any unnecessary protocols (anything except tcp really), check that all the machines are using the same subnet etc. It is probably best to start with the modem and work back from there. The modem will probably have the ip of 192.168.1.1 or somesuch.

If you can access the router from a web browser on any connected machine, try and reset everything to default (or just use a paperclip and the reset button hidden somewhere on the case) - NAT has alot going for it security-wise,and until the network is stable I would rely on that rather than your firewall software, which I would disable until all other issues have been ironed out It may just confuse things.

The slow connection may be a combination of clashing protocols, ip addressing, bad DNS settings etc. Someone may have also tried to put in the ip address of the gateway machine. The topology you have described indicates that the machine in question is not yet a gateway, the hub is, so they will be looking to the wrong route. You need to check the network card settings of each machine to make sure they are all set to get their IP addresses from DHCP - the modem router should do this if it also does NAT. If they are set to fixed addresses it is quite likely the DNS settings are blank, or just wrong, in which case any internet traffic will be severly hampered.

I question whether you need to set one machine as a gateway - the modem/router's firewall may be good enough and you can use the internal modem connection as the gateway. If you do want to use a single machine, you will need to fit a second NIC and put it between the modem and the rest of the network.

Some hubs/switches can be configured and partitioned as DMZ zones etc, which may negate the need for a second NIC, but that is beyond me so I am just suggesting the easy stuff.

The user accounts are a little easier to sort out - password protect all administrator accounts, create a user account with limited permissions that everyone can use if they are too lazy to remember usernames and passwords. Also do an audit of shares on each machine, delete the unnecessary ones, reset the permissions on the others. It may be worth using one machine as a general file server, placing all the shares on that just to make administration easier. Then all other shares on all other machines can be deleted.

As for your actual question, i am not sure but suspect that the machine in question has some kind of ip setup issue that sends all requests through the modem, which if switched off will fail.

The trick is to get your internal network running first before worrying about internet connectivity. Fire up the modem so it can issue ip addresses, but disconnect from the internet until the network is up and running - sharing printers is always a very good way of testing, if they work, anything will.

All the above is just my ramblings and I have had a couple of whiskies, it is late and i need sleep, but I hope some of this has helped. I will post again if I thing of anything else or in reply to other stuff.

 

Hi Grunty.
Thanks for your response and detailed observations.

I will certainly take on board your suggestions. I agree that there is probably no need to have a gateway computer. This is what the client has indicated that he is trying to achieve. I am really just a bystander at this time.

I believe that you are correct when you say "but suspect that the machine in question has some kind of ip setup issue" . The indications are that a number of people have "had a go" at the DSL installation.

This, (who knows how the Modem/ROuter is configured?) together with the lack of basic internal network security, the fact that W2000 is not fully patched leads me to believe that attention is needed quickly.

Unfortunately, I will have to wait on the owner to respond and ask me to attend.

I may just join you in a whisky, although it is only 10.45am here, and I normally wait until the sun is over the yard arm.