DATA CENTERS

  • 01/25/2017
    7:30 AM
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

How To Secure A Network For Free

Tony Fortunato describes how a Windows 7 machine can be turned into a VPN server to protect corporate data.

I always say that a great network troubleshooter needs to possess a wide range of skills that might be outside of his or her core competency. A good analogy would be to think of yourself as a networking MacGyver. An example would be whipping up quick perl scripts or batch files to help automate a process or to assist in troubleshooting. I believe that having some skills outside of traditional networking also gives analysts a different perspective when troubleshooting.

In this blog post, I'll describe how being a networking MacGyver helped a company protect network assets without additional costs.

A while ago, I worked with a client who set up a temporary WiFi network in order to provide attendees with WiFi access at an event the client was hosting. Employees at the company also wanted to use the attendee WiFi network to get the real end-user experience, but had some security concerns.

They knew that some of the applications they use can be easily deciphered if the packets are captured. For example, some use clear text, Telnet, and non HTTP while others use very weak hash algorithms. Usually this isn’t a concern since the employees typically use a cabled connection at their desks and the systems they access have filters to block unauthorized access.

This company allowed attendees WiFi subnet access to its systems, but wanted to know if there was anything it could do to prevent users from capturing their data. Since this event network was going to be taken down after a few days, the client didn't want to make it any more complicated than necessary or incur any extra expenses. Things like extra VLANs, SSIDs or additional access points fell into that category.

I explained that there is nothing you can do to stop people from capturing your data, but you can make it difficult for them to read it.

security.jpg

digital security
Caption Text: 

(Image: ChadoNihi/Pixabay)

The IT team was told that a VPN server is about $10K, which is out of the question for their budget. I suggested the company simply take a Windows 7 computer and set it up as a VPN server in order to encrypt the data. You can create a VPN server without purchasing any additional hardware or software in just five steps.

  1. Click "Start" or the windows Orb, and then type ncpa.cpl into the "Search" box and press Enter.
  2. In the "Network Connections" window, click the "File" menu and choose "New Incoming Connection." The "Allow Connections to This Computer" window will display.
  3. Click the check box next to each user account displayed that you wish to grant access to connect and use the VPN connection. Click the "Next" button. You can also create a new account here such as VPN.
  4. Select the "Through the internet" box and then click the "Next" button. Choose the default settings list of protocols displayed by clicking the "Allow Access" button.
  5. Click the "Allow callers to access my local area network" box, click the "Assign IP addresses automatically using DHCP" radio button and then click the "OK" button. Click the "Close" button.

The computer is now configured to receive VPN connections from Windows and Android clients. Now employees can VPN into the Windows 7 computer and all their data will be encrypted regardless of what application or server they access.

This may work with other versions of Windows, but they had spare Windows 7 computers available. In addition, Linux versions of this method also are available.


Comments

I would like more information

I would like more information as I need to practice the cyber security skills I am learning and I want to be the best.

How To Secure A Network For Free

This information will help me to integrate my servers, information, and further my training in Networking and Security

Re: How To Secure A Network For Free

thanks.

Third Time To Try To Get This Information

This is the third time I tried to preview or save the information and it will be my last if I am asked to prove I am not a robot and have to enter a new subject, another comment, or verification code. This is ridiculous.

Re: Third Time To Try To Get This Information

yikes, sorry to hear about your problems posting, but I'm just a contributor. you might want to drop a note off to Network COmputing as well.

Re: Third Time To Try To Get This Information

Sorry you're having trouble, but I don't understand what you're trying to do -- it looks like you're able to post comments?

Thank you!

I am new to this but learning fast and I've found this website to be really helpful for me, so thank you very much!