How To Secure A Network For Free

Tony Fortunato describes how a Windows 7 machine can be turned into a VPN server to protect corporate data.

Tony Fortunato

January 25, 2017

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

I always say that a great network troubleshooter needs to possess a wide range of skills that might be outside of his or her core competency. A good analogy would be to think of yourself as a networking MacGyver. An example would be whipping up quick perl scripts or batch files to help automate a process or to assist in troubleshooting. I believe that having some skills outside of traditional networking also gives analysts a different perspective when troubleshooting.

In this blog post, I'll describe how being a networking MacGyver helped a company protect network assets without additional costs.

A while ago, I worked with a client who set up a temporary WiFi network in order to provide attendees with WiFi access at an event the client was hosting. Employees at the company also wanted to use the attendee WiFi network to get the real end-user experience, but had some security concerns.

They knew that some of the applications they use can be easily deciphered if the packets are captured. For example, some use clear text, Telnet, and non HTTP while others use very weak hash algorithms. Usually this isn’t a concern since the employees typically use a cabled connection at their desks and the systems they access have filters to block unauthorized access.

This company allowed attendees WiFi subnet access to its systems, but wanted to know if there was anything it could do to prevent users from capturing their data. Since this event network was going to be taken down after a few days, the client didn't want to make it any more complicated than necessary or incur any extra expenses. Things like extra VLANs, SSIDs or additional access points fell into that category.

I explained that there is nothing you can do to stop people from capturing your data, but you can make it difficult for them to read it.

digital security

security.jpg

The IT team was told that a VPN server is about $10K, which is out of the question for their budget. I suggested the company simply take a Windows 7 computer and set it up as a VPN server in order to encrypt the data. You can create a VPN server without purchasing any additional hardware or software in just five steps.

  1. Click "Start" or the windows Orb, and then type ncpa.cpl into the "Search" box and press Enter.

  2. In the "Network Connections" window, click the "File" menu and choose "New Incoming Connection." The "Allow Connections to This Computer" window will display.

  3. Click the check box next to each user account displayed that you wish to grant access to connect and use the VPN connection. Click the "Next" button. You can also create a new account here such as VPN.

  4. Select the "Through the internet" box and then click the "Next" button. Choose the default settings list of protocols displayed by clicking the "Allow Access" button.

  5. Click the "Allow callers to access my local area network" box, click the "Assign IP addresses automatically using DHCP" radio button and then click the "OK" button. Click the "Close" button.

The computer is now configured to receive VPN connections from Windows and Android clients. Now employees can VPN into the Windows 7 computer and all their data will be encrypted regardless of what application or server they access.

This may work with other versions of Windows, but they had spare Windows 7 computers available. In addition, Linux versions of this method also are available.

About the Author

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights