Newbie... need basics

Hi... Before I ask any questions on any NG, could someone
give me some links to networking basics. I'm computer literate
but I've never had to deal with networks so I'm pretty ignorant.

I need to understand an existing small network that needs
to expand. It currently has a DSL line with a Netgear
8-port VPN Switch/Router/Firewall (VPN not used), a wireless
router, and a Print Server. I need to expand the network in
another part of the building where the wireless signal is weak.
The expansion is to attach more computers and a printer.

The DSL is only used for internet/email access. There is no
web services or other fancy needs.

I need to understand the basics of Routers, Switches, hubs,
Print Servers, hardware & software firewalls. I hope I don't
need to understand all the different protocols. My biggest
concern is to protect these new computers as they will have
sensitive data. So I need to protect it from outside the
firewall as well as computers from within the network.

Any assistance/links would be appreciated

--bruce

Re: Newbie... need basics

Post removed (X-No-Archive: yes)

Re: Newbie... need basics

Hi Leythos... I didn't expect this much help (and much appreciated),
but since you replied see my followups below...

Leythos wrote:
> In article <44DBC8DC.7040707@nospam.net>, bruce@nospam.net says...
>> Hi... Before I ask any questions on any NG, could someone
>> give me some links to networking basics. I'm computer literate
>> but I've never had to deal with networks so I'm pretty ignorant.
>>
>> I need to understand an existing small network that needs
>> to expand. It currently has a DSL line with a Netgear
>> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
>> router, and a Print Server. I need to expand the network in
>> another part of the building where the wireless signal is weak.
>> The expansion is to attach more computers and a printer.
>>
>> The DSL is only used for internet/email access. There is no
>> web services or other fancy needs.
>>
>> I need to understand the basics of Routers, Switches, hubs,
>> Print Servers, hardware & software firewalls. I hope I don't
>> need to understand all the different protocols. My biggest
>> concern is to protect these new computers as they will have
>> sensitive data. So I need to protect it from outside the
>> firewall as well as computers from within the network.
>>
>> Any assistance/links would be appreciated
>
> One way to protect a set of computer, not physical protection, but
> network protection, would be to install a second router, in series with
> the first router, and connect the "Sensitive" computer to that router.
>
> The Sensitive computers could access everything connected to the first
> router (existing PC's, print server, internet, etc...) but nothing in
> front of the second router could access inside the second routers
> network directly.
>
> INTERNET
> |
> WAN
> FIRST ROUTER
> ---LAN---
> | |
> | - First Less secure computers/printers
> |
> WAN
> SECOND ROUTER
> LAN
> |
> - Second group of computers
>
> You should use a wired connection between your first router and your
> second router, and not some wireless solution, this keeps performance
> up.
>
> You also might want to set the WAN address of router 2 to a fixed in the
> router 1 LAN network, but it's not 100% necessary.
>
> You also need to know that with eithernet, CAT5/6, you are limited to
> 100 meters between router 1 and router 2 to connect them (most people
> use 90 meters so that there is no mistakes).
Good to know. I believe the amount I would need to pull is under
the max. Probably 50 meters at most.

> Anything behind the second router (second computers) can't be directly
> reached by the First Router LAN (first group of computers), UNLESS you
> poke holes (FORWARDING) from WAN to LAN in the second router.

(Note that all the computers are Windows based)

I was wondering whether I needed a router of if a hub is sufficient.
The computers on the first router are laptops that I don't have much
control over and I'm concerned that virus' and other nasties might
invade the 2nd network systems.

Though I want to limit the accessibility from those computers to the
"2nd network" computers, there is some access I need to allow, such
as access to a database, read-only. Would a 2nd router allow
access to a particular shared area?

Would a software firewall be advised on the 2nd network computers
if 2nd router is used?

If a hub is a feasible choice, to allow the database accessibility,
should a software firewall be used?

>
> To setup the printers for the second LAN, just created a standard TCP
> printer port and point to the IP of the printer in the first lan.
>
> Also, you need to MAKE SURE that both networks (routers LAN) are
> different subnets:
>
> LAN1 = 192.168.8.0/24
> LAN2 = 192.168.9.0/24
I don't understand subnets! :-( If they were the same does it
make the router looke like a hub?

>
> Hope this helps.
Yes! Thank you!

Re: Newbie... need basics

Post removed (X-No-Archive: yes)

Re: Newbie... need basics

Bruce wrote:
> Hi... Before I ask any questions on any NG, could someone
> give me some links to networking basics. I'm computer literate
> but I've never had to deal with networks so I'm pretty ignorant.
>
> I need to understand an existing small network that needs
> to expand. It currently has a DSL line with a Netgear
> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
> router, and a Print Server. I need to expand the network in
> another part of the building where the wireless signal is weak.
> The expansion is to attach more computers and a printer.
>
> The DSL is only used for internet/email access. There is no
> web services or other fancy needs.
>
> I need to understand the basics of Routers, Switches, hubs,
> Print Servers, hardware & software firewalls. I hope I don't
> need to understand all the different protocols. My biggest
> concern is to protect these new computers as they will have
> sensitive data. So I need to protect it from outside the
> firewall as well as computers from within the network.
>
> Any assistance/links would be appreciated
>
> --bruce

I know my way around a computer. HW,windows,SW.
but am new to networks. But i'm a small step ahead of you. So maybe can
advise a littl

routers,switches,hubs and some more , try the book computer
networking first steps by wendel odom.

that taught me the basics. Not much on VPNs though. I'm still stalled
on a basic level though- which you haven't reached yet.


But you're with that equipment so you could get past that level more
easily.

Re: Newbie... need basics

Leythos wrote:
> In article <44DBFC41.6080508@nospam.net>, bruce@nospam.net says...
>> Hi Leythos... I didn't expect this much help (and much appreciated),
>> but since you replied see my followups below...
>>
>> Leythos wrote:
>>> In article <44DBC8DC.7040707@nospam.net>, bruce@nospam.net says...
>>>> Hi... Before I ask any questions on any NG, could someone
>>>> give me some links to networking basics. I'm computer literate
>>>> but I've never had to deal with networks so I'm pretty ignorant.
>>>>
>>>> I need to understand an existing small network that needs
>>>> to expand. It currently has a DSL line with a Netgear
>>>> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
>>>> router, and a Print Server. I need to expand the network in
>>>> another part of the building where the wireless signal is weak.
>>>> The expansion is to attach more computers and a printer.
>>>>
>>>> The DSL is only used for internet/email access. There is no
>>>> web services or other fancy needs.
>>>>
>>>> I need to understand the basics of Routers, Switches, hubs,
>>>> Print Servers, hardware & software firewalls. I hope I don't
>>>> need to understand all the different protocols. My biggest
>>>> concern is to protect these new computers as they will have
>>>> sensitive data. So I need to protect it from outside the
>>>> firewall as well as computers from within the network.
>>>>
>>>> Any assistance/links would be appreciated
>>> One way to protect a set of computer, not physical protection, but
>>> network protection, would be to install a second router, in series with
>>> the first router, and connect the "Sensitive" computer to that router.
>>>
>>> The Sensitive computers could access everything connected to the first
>>> router (existing PC's, print server, internet, etc...) but nothing in
>>> front of the second router could access inside the second routers
>>> network directly.
>>>
>>> INTERNET
>>> |
>>> WAN
>>> FIRST ROUTER
>>> ---LAN---
>>> | |
>>> | - First Less secure computers/printers
>>> |
>>> WAN
>>> SECOND ROUTER
>>> LAN
>>> |
>>> - Second group of computers
>>>
>>> You should use a wired connection between your first router and your
>>> second router, and not some wireless solution, this keeps performance
>>> up.
>>>
>>> You also might want to set the WAN address of router 2 to a fixed in the
>>> router 1 LAN network, but it's not 100% necessary.
>>>
>>> You also need to know that with eithernet, CAT5/6, you are limited to
>>> 100 meters between router 1 and router 2 to connect them (most people
>>> use 90 meters so that there is no mistakes).
>> Good to know. I believe the amount I would need to pull is under
>> the max. Probably 50 meters at most.
>>
>>> Anything behind the second router (second computers) can't be directly
>>> reached by the First Router LAN (first group of computers), UNLESS you
>>> poke holes (FORWARDING) from WAN to LAN in the second router.
>> (Note that all the computers are Windows based)
>>
>> I was wondering whether I needed a router of if a hub is sufficient.
>> The computers on the first router are laptops that I don't have much
>> control over and I'm concerned that virus' and other nasties might
>> invade the 2nd network systems.
>
> A HUB would connect the two sets of computers without any blocking of
> connections between them.
OK... that's what I thought... probably not a good idea...

> You specifically asked for a secure set of second computers, the NAT
> function of the second router would block access from the first set to
> the second set.
I was a little vague when I said that I wanted to "protect" the new
computers. I want to protect these computers but not necessarily
isolate them.

Disregarding the database, I suppose I could put one computer on
router #1 as you mentioned below to allow sharing.

However, with the database (which is MS Access... sorry, legacy software),
I'm not sure how safe it would be to put it on a computer on router #1
(am I too paranoid?). The only system with full access to the database
would be on router #2, so I'm not sure if it is "good practice" to
put the data on a router #1 system.

Sorry if this is confusing, as that is my state of mind...

>> Though I want to limit the accessibility from those computers to the
>> "2nd network" computers, there is some access I need to allow, such
>> as access to a database, read-only. Would a 2nd router allow
>> access to a particular shared area?
>
> It depends, you didn't say what type of Database. If you mean a MSSQL
> database, then you would have to PORT FORWARD TCP1433 to the second
> level computer with the MS SQL Service running on it - then all
> computers in LAN 1 could access TCP 1433 on the Target computer.
>
> If you mean MS Access or some other file based pseudo database, then no,
> you could do it, but then it's not really secure.
>
> What type of database?
It is MS Access... so what do you mean that it's not "really secure".
BTW, my plan after all this is to port it over to something like MySQL.

>
>> Would a software firewall be advised on the 2nd network computers
>> if 2nd router is used?
>
> Well, I'll get flamed no matter how I answer this, but, with a router
> you already have NAT from LAN1>LAN2, so that means the computers in LAN
> 1 can't access the computers in LAN2 unless you map ports inbound to
> LAN2.
>
> If you use a HUB, you could use a PFW solution, as long as you
> understand how to configure it, to only allow certain (depending on the
> PFW) access to the local computer, there are several complications with
> this and without knowing what you want to allow access to (specific
> database type/name) I can't say for sure.
>
>> If a hub is a feasible choice, to allow the database accessibility,
>> should a software firewall be used?
>
> Why not put the database on one of the computers in LAN1? Put it on a
> dedicated computer, locked in a closet, in LAN1, then all users can
> access it.
I think I'll look into this. I'm just not sure how to keep it read-only.
I need to read up on MS Access security options.

>>> To setup the printers for the second LAN, just created a standard TCP
>>> printer port and point to the IP of the printer in the first lan.
>>>
>>> Also, you need to MAKE SURE that both networks (routers LAN) are
>>> different subnets:
>>>
>>> LAN1 = 192.168.8.0/24
>>> LAN2 = 192.168.9.0/24
>> I don't understand subnets! :-( If they were the same does it
>> make the router looke like a hub?
>
> No, if they are on the same subnet it means that one LAN will have no
> idea how to access the other.

Ahhh... isn't this like the unix hosts file where it lists all the
systems? doh!

>
> A HUB expands your network with more jacks, a router (typical home user
> type) isolates one network from the other in one direction, but should
> NOT be the same network address range or there is confusion.
>
>>> Hope this helps.
>> Yes! Thank you!
>
> Need more info - what type of DB?

Re: Newbie... need basics

q_q_anonymous@yahoo.co.uk wrote:
> Bruce wrote:
>> Hi... Before I ask any questions on any NG, could someone
>> give me some links to networking basics. I'm computer literate
>> but I've never had to deal with networks so I'm pretty ignorant.
>>
>> I need to understand an existing small network that needs
>> to expand. It currently has a DSL line with a Netgear
>> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
>> router, and a Print Server. I need to expand the network in
>> another part of the building where the wireless signal is weak.
>> The expansion is to attach more computers and a printer.
>>
>> The DSL is only used for internet/email access. There is no
>> web services or other fancy needs.
>>
>> I need to understand the basics of Routers, Switches, hubs,
>> Print Servers, hardware & software firewalls. I hope I don't
>> need to understand all the different protocols. My biggest
>> concern is to protect these new computers as they will have
>> sensitive data. So I need to protect it from outside the
>> firewall as well as computers from within the network.
>>
>> Any assistance/links would be appreciated
>>
>> --bruce
>
> I know my way around a computer. HW,windows,SW.
> but am new to networks. But i'm a small step ahead of you. So maybe can
> advise a littl
>
> routers,switches,hubs and some more , try the book computer
> networking first steps by wendel odom.
>
> that taught me the basics. Not much on VPNs though. I'm still stalled
> on a basic level though- which you haven't reached yet.
>
>
> But you're with that equipment so you could get past that level more
> easily.
>
Thanks for the book reference. I was hoping I could get
through the basics with some web references before I had to
get a book...

Re: Newbie... need basics

Leythos wrote:
> In article <44DBFC41.6080508@nospam.net>, bruce@nospam.net says...
>> Hi Leythos... I didn't expect this much help (and much appreciated),
>> but since you replied see my followups below...
>>
>> Leythos wrote:
>>> In article <44DBC8DC.7040707@nospam.net>, bruce@nospam.net says...
>>>> Hi... Before I ask any questions on any NG, could someone
>>>> give me some links to networking basics. I'm computer literate
>>>> but I've never had to deal with networks so I'm pretty ignorant.
>>>>
>>>> I need to understand an existing small network that needs
>>>> to expand. It currently has a DSL line with a Netgear
>>>> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
>>>> router, and a Print Server. I need to expand the network in
>>>> another part of the building where the wireless signal is weak.
>>>> The expansion is to attach more computers and a printer.
>>>>
>>>> The DSL is only used for internet/email access. There is no
>>>> web services or other fancy needs.
>>>>
>>>> I need to understand the basics of Routers, Switches, hubs,
>>>> Print Servers, hardware & software firewalls. I hope I don't
>>>> need to understand all the different protocols. My biggest
>>>> concern is to protect these new computers as they will have
>>>> sensitive data. So I need to protect it from outside the
>>>> firewall as well as computers from within the network.
>>>>
>>>> Any assistance/links would be appreciated
>>> One way to protect a set of computer, not physical protection, but
>>> network protection, would be to install a second router, in series with
>>> the first router, and connect the "Sensitive" computer to that router.
>>>
>>> The Sensitive computers could access everything connected to the first
>>> router (existing PC's, print server, internet, etc...) but nothing in
>>> front of the second router could access inside the second routers
>>> network directly.
>>>
>>> INTERNET
>>> |
>>> WAN
>>> FIRST ROUTER
>>> ---LAN---
>>> | |
>>> | - First Less secure computers/printers
>>> |
>>> WAN
>>> SECOND ROUTER
>>> LAN
>>> |
>>> - Second group of computers
>>>
>>> You should use a wired connection between your first router and your
>>> second router, and not some wireless solution, this keeps performance
>>> up.
>>>
>>> You also might want to set the WAN address of router 2 to a fixed in the
>>> router 1 LAN network, but it's not 100% necessary.
>>>
>>> You also need to know that with eithernet, CAT5/6, you are limited to
>>> 100 meters between router 1 and router 2 to connect them (most people
>>> use 90 meters so that there is no mistakes).
>> Good to know. I believe the amount I would need to pull is under
>> the max. Probably 50 meters at most.
>>
>>> Anything behind the second router (second computers) can't be directly
>>> reached by the First Router LAN (first group of computers), UNLESS you
>>> poke holes (FORWARDING) from WAN to LAN in the second router.
>> (Note that all the computers are Windows based)
>>
>> I was wondering whether I needed a router of if a hub is sufficient.
>> The computers on the first router are laptops that I don't have much
>> control over and I'm concerned that virus' and other nasties might
>> invade the 2nd network systems.
>
> A HUB would connect the two sets of computers without any blocking of
> connections between them.
>
> You specifically asked for a secure set of second computers, the NAT
> function of the second router would block access from the first set to
> the second set.
>
>> Though I want to limit the accessibility from those computers to the
>> "2nd network" computers, there is some access I need to allow, such
>> as access to a database, read-only. Would a 2nd router allow
>> access to a particular shared area?
>
> It depends, you didn't say what type of Database. If you mean a MSSQL
> database, then you would have to PORT FORWARD TCP1433 to the second
> level computer with the MS SQL Service running on it - then all
> computers in LAN 1 could access TCP 1433 on the Target computer.
>
> If you mean MS Access or some other file based pseudo database, then no,
> you could do it, but then it's not really secure.
>
> What type of database?
>
>> Would a software firewall be advised on the 2nd network computers
>> if 2nd router is used?
>
> Well, I'll get flamed no matter how I answer this, but, with a router
> you already have NAT from LAN1>LAN2, so that means the computers in LAN
> 1 can't access the computers in LAN2 unless you map ports inbound to
> LAN2.
>
> If you use a HUB, you could use a PFW solution, as long as you
> understand how to configure it, to only allow certain (depending on the
> PFW) access to the local computer, there are several complications with
> this and without knowing what you want to allow access to (specific
> database type/name) I can't say for sure.

I forgot to ask... So if I have these two routers can I eliminate
the need for the software firewall?

Re: Newbie... need basics

Bruce wrote:
> q_q_anonymous@yahoo.co.uk wrote:
> > Bruce wrote:
> >> Hi... Before I ask any questions on any NG, could someone
> >> give me some links to networking basics. I'm computer literate
> >> but I've never had to deal with networks so I'm pretty ignorant.
> >>
> >> I need to understand an existing small network that needs
> >> to expand. It currently has a DSL line with a Netgear
> >> 8-port VPN Switch/Router/Firewall (VPN not used), a wireless
> >> router, and a Print Server. I need to expand the network in
> >> another part of the building where the wireless signal is weak.
> >> The expansion is to attach more computers and a printer.
> >>
> >> The DSL is only used for internet/email access. There is no
> >> web services or other fancy needs.
> >>
> >> I need to understand the basics of Routers, Switches, hubs,
> >> Print Servers, hardware & software firewalls. I hope I don't
> >> need to understand all the different protocols. My biggest
> >> concern is to protect these new computers as they will have
> >> sensitive data. So I need to protect it from outside the
> >> firewall as well as computers from within the network.
> >>
> >> Any assistance/links would be appreciated
> >>
> >> --bruce
> >
> > I know my way around a computer. HW,windows,SW.
> > but am new to networks. But i'm a small step ahead of you. So maybe can
> > advise a littl
> >
> > routers,switches,hubs and some more , try the book computer
> > networking first steps by wendel odom.
> >
> > that taught me the basics. Not much on VPNs though. I'm still stalled
> > on a basic level though- which you haven't reached yet.
> >
> >
> > But you're with that equipment so you could get past that level more
> > easily.
> >
> Thanks for the book reference. I was hoping I could get
> through the basics with some web references before I had to
> get a book...

consider the other way around here.

networking is so broad . googling doesn't have the necessary
organisation that a book has. Don't think that a book is harder than
web links - sometimes they are, sometimes they aren't. I found that Web
links can fill in some gaps.

That guy that wrote the pcguide wrote this-
http://www.tcpipguide.com/free/index.htm
(the free version is organised in an annoying way, he charges for the
pdf which is structured in a way that makes it easier to jump around).
That link is deep and broad. I found it quite useful for the OSI
layers, and sometimes, filling in some blanks. Mostly I don't find it
so well written, but it's very comprehensive - deep and very broad.

I found some " delmar " links very useful, this I just rediscovered via
google
http://www.delmar.edu/Courses/ITNW2313/internet.htm

this was a nice little link
http://duxcw.com/faq/network/hubsw.htm

there are of course RFCs - amongst those that i've looked at are
791,1122,1123, 1812
But maybe i'm more fanatical than you.