Help locking down access to client data from "outside" hacking.

grindygrindy
edited October 2006 in Science & Tech
My situation is this:

I have a small business with 5 users. Each user can access our clients data from our internal file server. All users are running XP Professional, as is the server machine.

All of us require daily internet access, which is broadband cable behind a router. Each system is running a Security Suite with personal firewall.
What I need to do is be as certain as is "practically" possible that our clients data is not "compromised" from the outside ( via our broadband connection ).

What - if anything - should I add to this setup to be more secure from "outside" hacking?

All comments are certainly appreciated

Comments

  • airbornflghtairbornflght Houston, TX Icrontian
    edited October 2006
    Well, if you have a router, I would ensure that all the ports except for which ones you need open are closed. Keep your computers updated. There isnt much more you can do without spending some money. You most likely have a dynamic IP, so that lessens the chances of you getting hacked, which weren't that great to begin with. What I would be more worried about is internal leaks.
  • zero-counterzero-counter Linux Lubber San Antonio Member
    edited October 2006
    grc.com for shieldup test to see if you external WAN connection has holes, you might need to ensure that 113 is stealthed if using a dlink. If the xp pro server is using ntfs, then ensure that the appropriate permission have been assigned to only the users and no the everyone group...especially as far as sharing is concerned.

    Enable MAC filtering on the router, static ip addressing, set your personal firewall software to authenticate file access if possible via password requests.
    Change the administrator name on all machines as well as the guest account (disable), disable the automatic shares on all systems, etc.

    If you really wanted to be secure, there are numerous ways but I could suggest that you run an SSH connection as the server with the clients. Your connection will be encrypted if you are that paranoid.

    This coudl get really in depth, but for simplicity's sake, permissions, acls appropriate for your LAN, and good router security procedures will do it for you.
  • grindygrindy
    edited October 2006
    zero.counter wrote:
    grc.com for shieldup test to see if you external WAN connection has holes, you might need to ensure that 113 is stealthed if using a dlink. If the xp pro server is using ntfs, then ensure that the appropriate permission have been assigned to only the users and no the everyone group...especially as far as sharing is concerned.

    Enable MAC filtering on the router, static ip addressing, set your personal firewall software to authenticate file access if possible via password requests.
    Change the administrator name on all machines as well as the guest account (disable), disable the automatic shares on all systems, etc.

    If you really wanted to be secure, there are numerous ways but I could suggest that you run an SSH connection as the server with the clients. Your connection will be encrypted if you are that paranoid.

    This coudl get really in depth, but for simplicity's sake, permissions, acls appropriate for your LAN, and good router security procedures will do it for you.


    All excellent recommendations that I should have thought of... Thx much for your considered response... :)
  • zero-counterzero-counter Linux Lubber San Antonio Member
    edited October 2006
    grindy wrote:
    All excellent recommendations that I should have thought of... Thx much for your considered response... :)
    No problem. I got ideas spewing, I just don't have a formal way of presenting them right now. Let me know if you need more info.
Sign In or Register to comment.