Example of small-business insecure network configuration

[RaidoR]

Hello,

I need an example of a insecure network configuration that is may occur in small-business.

For example insecure devices that can be used or how they are connected with each other. Also router/nas/pc configurations. With wireless network it is easy, but i am not familiar with wired networks. Specially I need weak points of a router configurations and weakly designed connections between different devices. Or can anyone refer some publications where these topics are discussed?

I need to design a insecure small-business network configuration for my school project. For example 2 workstations, 1 laptop, NAS, network printer, VoIP telephone etc. After that I need to analyse these weak points.

 

[bill001g]

It is the pretty standard how do I control what can be plugged into the network which comes down to both a physical security issue as well as ensuring devices meet corporate standards. You have everything from ensuring machines have proper patch levels to preventing people from bringing their wireless router from home and plugging it in,

Then after you have made sure only authorized devices are on the network you have to control the access between the devices. Seldom do all users in a network need access to the same devices so you must find a way to restrict them.

Wireless only seems easy because you assume something like knowing a preshared encryption key is valid way to protect a network. Once you worry about how you would change that when you fire a employee or a device is stolen you start to see why wireless is actually much harder than wired. Same reason no company uses keys on the doors anymore, much easier to turn a badge off than worry if they made a copy.

 

[RaidoR]

What about router configurations. Some services turned on or some ports forwarder or something like that?

 

[bill001g]

If you are referring to internet connectivity then that is a different question.

It really doesn't matter the size of the business the best practices are the same. You can easily find those listed. Bottom line is you try to allow as little as possible between the networks and strictly control and log everything you do allow.