As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
Some help understanding small business networking/security
august
where you come from is goneRegistered User regular
where you come from is goneRegistered User regular
Hey guys -
I've been working at a small café for some time and have some concerns about our current setup while also seeing as it an opportunity to learn some new skills.
We have Verizon FIOS and contract out to a third party to do support and I'm assuming they also handle our credit card and gift card transactions. We have a single POS terminal - an XP machine with a touchscreen running Dinerware. It sits behind a big blue slab of a Netgear firewall/VPN which the connects to Verizon's modem. My immediate concern is the Windows 7 pc we have in the basement - it's not behind the firewall, and our stocking manager does all her ordering from it and there's probably other sensitive information there that we want to keep safe. Could this machine be vulnerable to external threats as well as to our café customers using our wi-fi?
It's entirely possible that our contractor and the Verizon techs who installed our service have everything under control but I'd like to understand every layer of our networking setup - I'm competent enough to buy a router plug it in and change up the default passwords on it but I don't know anything about the proper use and operation of hardware firewalls or how small businesses protect themselves against possible bad actors while simultaneously offering free wifi to customers.
Any help would be appreciated, or a point in the right direction!
I've been working at a small café for some time and have some concerns about our current setup while also seeing as it an opportunity to learn some new skills.
We have Verizon FIOS and contract out to a third party to do support and I'm assuming they also handle our credit card and gift card transactions. We have a single POS terminal - an XP machine with a touchscreen running Dinerware. It sits behind a big blue slab of a Netgear firewall/VPN which the connects to Verizon's modem. My immediate concern is the Windows 7 pc we have in the basement - it's not behind the firewall, and our stocking manager does all her ordering from it and there's probably other sensitive information there that we want to keep safe. Could this machine be vulnerable to external threats as well as to our café customers using our wi-fi?
It's entirely possible that our contractor and the Verizon techs who installed our service have everything under control but I'd like to understand every layer of our networking setup - I'm competent enough to buy a router plug it in and change up the default passwords on it but I don't know anything about the proper use and operation of hardware firewalls or how small businesses protect themselves against possible bad actors while simultaneously offering free wifi to customers.
Any help would be appreciated, or a point in the right direction!
0
This discussion has been closed.
Posts
Just so I'm understanding...
{FIOS Modem}<----->{Netgear Firewall}<----->{POS Terminal}?And your Win 7 pc is a direct connect to... the FIOS modem?
Completely depends on where it resides within your network architecture, as well as where your wifi device is.
If I'm generally understanding your setup correctly, you should be able to put all your business devices in your existing netgear firewall, and then have your wireless access device directly connected to the FIOS modem. That would, broadly, keep your business and customer wifi traffic segregated.
[Internet] /\ | \/ [FIOS Modem]<----->[Netgear Firewall]<----->[POS Terminal] /\ /\ | | \/ \/ [Wifi Access] [Win 7 PC]Clear as mud?
The biggest risk, though, is really how much the PC is exposed to the Internet. You should have some degree of built-in "security" being behind the FiOS router. The router, either by virtue of NAT or a very basic firewall, should stop connections being initiated to your PC from the outside (which should really never happen for what you're using the PC for -- your PC should always be the one initiating connections to the outside). For most use cases, this security as well as a firewall/AV solution on the local PC is sufficient as long as the user doesn't do anything stupid. Whether or not I would feel this setup is sufficient is entirely dependent on the sorts of things stored on that PC.
I was worried that the router might have some sort of default password but I see that there's a nicely random password printed on it. Right now I'm trying to determine where all the outgoings cables are headed - the one to the VPN is obvious but there are two cables headed through holes. One should be to the basement pc but the other I have no idea what its purpose might be.
The basement PC's wired connection is set to Public and it has MSE running. I'd like to put it behind the VPN but I also want to make sure that when I do so I don't create some sort of conflict with our POS system - if I have to make an emergency call to our contractor to get our register working it could cost my boss money.
Since the only thing on the firewall is a POS system, it's not unlikely that the device has been locked down to only allow payment processing traffic and not general internet access. If that is not the case, consider doing so since XP has reached end of life and is not receiving security updates from Microsoft any more. That means it is no longer PCI compliant.
Leave it alone. If you really want to learn about networking go buy a router, a couple switches, and some books. Don't risk the setup of an actual functioning business for the sake of concerns that any even slightly competent network support person will have addressed at the time of installation.