Introduction: - A small business network design will of course be a function of the

number of users, and the programs that make it up. For most small businesses a peer
to peer network with a file server, a router, and a few workstations will be adequate.
Your file server can basically be a standard PC that you consider to be your file
server.

Small Office Network

Internet ISP
Modem
Router

Wire to office
Translates electronic data
Disperses electronic data

Network Adaptor Required for each Computer

Wired

Wireless

NIC (network interface card) or Ethernet card

Wireless Adaptor

With this configuration you can use the file server as locker for all of your data and
set up online backup software to back it up continually. The costs for these services
are negligible when considering the frustration and lost time that comes from losing
your data.
I would like to suggest use static IP addresses to each work station not DHCP. What
this means is that the IP address of each machine will remain the same at all times.
Removing the variability that is associated with DHCP makes trouble shoots much
easier if you have any problems or need to add equipment to the network.
What you will need to get started;
cat 5 Ethernet Cable (purchase lengths accordingly)
cable/dsl modem (the box the cable supplying the internet plugs into)
Router (Wired or Wi-Fi. If using Wi-Fi stick with 802.11n)
Two workstation and two laptop
File server (another computer)
Modem
Printer
Network: - One or more devices connected together
To the Internet with a router
To each other in order to share Resources:
Internet Connections
Sharing Files
Sharing Printers
WAN, LAN, WLAN, PAN
WAN Wide Area Network many computers, locations
LAN Local Area Network few computers, 1 location

PAN Personal Area Network home network

WLAN Wireless Local Area Network
Note :- Cross-over cable can be confusing. Hold them side by side and the colors should be
the same, otherwise orange and blue are switched
Wireless
Wireless Networking Standards
802.11 a, b, and g
configuration specifications to insure compatibility
Different speed/range capabilities
Equipment conforming to g is most popular/available
Good for 100-400 feet in a house
General rule dont mix equipment made to different standards
Bluetooth
Standard which is often used for peripheral devices
Printers, scanners, cell phones, etc
Short range (10 ft), high speed
What is a Cable/DSL Modem
Modem (modulator/demodulator)
encodes/decodes information transmitted to the internet
Usually provided and controlled by your ISP
Connects your home to the Internet.
This is the device that gets your public IP (internet protocol) address
Normally has no firewall protection

What is a Router
Connects one network to another Sometimes called a Gateway
Connects your computer to the internet (cable modem or DSL Line) keeps LAN traffic
local
Routers keep track of IP addresses and physical (MAC) addresses of hosts
IP (Internet Protocol) address your computers internet address
MAC (Media Access Control) id for each physical communication device
What is an Access Point
A point where computers access a network
Device which links wireless users to network
Transmits and receives data (Transceiver)
Bridge between wireless and wired networks
Can be linked together to cover broad area
No security or firewall implemented
What is a Firewall
A device that filters packets of data or traffic
Its job is to be a traffic cop
You configure the firewall:
What will allow to pass
What will it block
Hides your home network from the outside world
Can be either in hardware or software

Most popular routers for home have built in firewall protection

What Does a Firewall do?
They:
Protect your home computer from the bad guys
Keep your information private
Make you less of a target
By:
Stopping viruses
Hiding your computer from the world
Making the bad guys work harder to get your info
Firewall Protection

Hardware Firewall Routers

The idea is layers of protection

Examples of home combo units include

Belkin (we will demo tonight)
Dlink
Linksys
Netgear
Software Firewalls

Adding a second level of protection

Controlling what leaves your computer

By being aware of application level attacks
By allow you to schedule
Usage of the internet by time (control access at night)
By location (block content for young children)
Software Firewalls for Home Use
Examples
Zone Alarm (Free)
McAfee Firewall
Symantecs Norton Personal Firewall
Computer Associates with Firewall (free)
Windows Firewall in XP Service Pack 2 (free)
Configure Wireless Firewall/router Overview
Basic Settings name, ip address, etc
Check for firmware updates

Set Account name and password

Change name and password dont used default
Wireless Settings
SSID broadcast
make sure that remote computers are set to automatically connect
Do not enable DMZ
Do enable ping blocking
Security - Blocking and Filtering
Wireless Security encryption
MAC filtering
Back up settings
Basic Settings and Info
Run Install CD that comes with router
Basic info will be automatically entered or requested
To change info:
For Belkin the default IP address is 192.168.2.1
Other manufacturers use different ip addresses (later slide)
Enter this into address bar
Setup page will be displayed
Firmware firmware that is embedded in a hardware device
Updated occasionally by manufactures
Check whenever you access router
Account Name

Change name
Default name is set by manufacturer eg, Belkin54
Bad guys know defaults and default administrative passwords
Create Administrative Password
Use Strong Password
Record your password where you can find it so you can make changes
Default Info
Router default info is easily available on internet for consumers
So Change Name and Password
Mfg

Default IP

Password

192.168.2.1

User
Name
admin

Belkin
D-link

192.168.0.1

admin

blank

Linksys

192.168.1.1

blank

admin

Netgear

192.168.0.1

admin

password

blank

Wireless Settings
SSID - service set identifier
name given to your wireless network
Broadcasting this ID makes network visible to PCs in area
can be turned off so it will not be detected by other PCs in area
Be sure to set up your own pc to automatically detect and logon to your
WLAN

DMZ
allows you to select a PC to access WLAN outside the firewall
do not enable unless firewall interferes with some activity
Ping Blocking troubleshooting tool
Signal sent and echo received indicates valid ip address
Used by hackers to find active computers
Enable ping blocking wont send echo back
Security Blocking and Filtering
Encryption coding transmissions
Multiple variations. 2 most common:
WPA-PSK Wireless Protected Access (Pre-shared key)
Use same password for all computers
Preferred Choice
WEP Wired equivalent privacy
64 or 128 bit encryption doesnt matter
Enter Password converts to hex code
Must enter hex code
2nd Choice (if WPA not supported)
MAC Filtering
MAC address Media Access Control address
Unique ID permanently attached to each communication device by manufacturer
hardware id
Can find MAC address: run cmd ipconfig/all

Enter MAC addresses of acceptable network clients

If address is not on filter list, access to network will be denied
Very effective security method
RECAP
Steps to protect your wireless network

Change the default password on your router

Enable WPA(PSK) or WEP on router and wireless workstation
Use MAC address filtering
SSID broadcast off
Prohibit Peer-to-peer (Ad Hoc) networking
5. Keep current on hardware bios upgrades
Print and File Sharing
Overview
Print and File Sharing:
Useful, but Risky if all computers are not secure
Setting up Network for Printer and File sharing
Interface card
Set Interface card to allow
Each computer in network
Make sure each computer is part of network

Printer
Make sure that Print sharing is allowed for printer
Load appropriate print drivers on each computer
Firewall Settings
Reset network IP range to trusted zone
Place files to share in Shared Documents folder
Print and File Sharing
Details (1)
Be sure WLAN is working and secure
Interface card
Start connect to NIC or WLAN card properties
Check File and Printer sharing on Microsoft Networks
Repeat for all PCs on Network
Printer
Start Printers and Faxes shared printer
Select properties sharing check share this Printer)
Print and File Sharing
Details (2)
Firewall
Be sure WLAN IPs are allowed in Firewall for all PCs
Zone Alarm
Firewall zones add IP range <enter appropriate range>
Network ID for each computer
Under My Computer Properties Computer name

Click Change and add WLAN name as Workgroup

Shared Documents Folder for each computer
Any files in the Shared Documents folder will be accessible from all computers
www.lccug.com

Set Up Your Router

If you are using a new router it should work right away with your computers. It may come with
software that will set up your initial configurations.
Security for small business wireless network
If you choose to go with a wireless/ Wi-Fi network a few precautions can be taken to minimize
the threat of an intruder.
1. Change your routers SSID. This is simply what you call your router. A name like Joe the
plumbers small business wireless network could potentially draw some attention so stick
with something that promotes anonymity.
2. Dont broadcast. Some router have a broadcast setting that you want to make sure is turned
off.
3. Use a password. Set up 128-bit WEP encryption. This is a straight forward process that
varies depending on your router. Once you set the password write it down and file it away.
4. Enable firewall. If your wireless router has one enable the firewall.
5. Set up a work group. The last measure is simply naming the workgroup of your network.
This will have to be done on each workstation. To do this, go to Control Panel, then
System Properties, then Computer Name. Click the Change button and type in a
new workgroup name.
What can one expect to pay for the above solution? Well, I recently reviewed a proposal from a
mom and pop computer repair and consulting company and the price for a new server, one
workstation, the router, and setting it all up was right around $1760.00.
Copyright SHYEntrepreneur.com. All Rights Reserved.

How to set up a TCP/IP network

You may want set up a local network for the Internet protocol TCP/IP (in addition to IPX) to
allow use of applications which use TCP/IP on your network. In addition you may want to set up

TCP/IP to allow computers on your LAN to access the Internet as described below. To do this set
up the TCP/IP protocol in Windows 98/XP networking and bind it to your Ethernet adapter. Each
computer on the LAN needs to have its own address. The addresses in the ranges 10.10.10.0 to
10.10.10.255 and 192.168.0.0 to 192.168.0.255 have been reserved for local networks so no site
on the Internet will have addresses in these ranges. Therefore you should give each computer on
your LAN a different address within this range such as 10.10.10.1, 10.10.10.2, etc. Doesnt use
10.10.10.0 or 10.10.10.255 as these have special uses. Set the network mask to 255.255.255.0 on
each computer. You may be able to use the network connection wizard to automatically set up
your network.
Connecting your local network to the Internet
You can set up a modem on one of your computers under dial up networking to access an
Internet Service Provider (ISP) such as IBM.net or sprynet.com even though you have a local
TCP/IP network set up. The computer will automatically go to your local network for addresses
in the 10.10.10.X range and to your dial up network for other addresses. But what if you want
employees on any of your computers to have access to the Internet for email and other
applications? This can be done as follows:
ISPs generally provide a single Internet Protocol (IP) address to their low-cost dial-up customers.
This IP address is usually assigned dynamically at logon time so that it can be reassigned to
someone else when you log off. ISPs also usually only allow one person to log on at a time under
a single account so even if you have multiple phone lines and modems you would need multiple
ISP accounts to allow two or more people simultaneous internet access. There are a number of
software products such as Trumpet Firesock ( see "connectivity products" at www.tucows.com
or www.cws.com ) which allow multiple computers on a LAN to use a single ISP account
simultaneously. These programs use "IP spoofing" to make multiple users look like a single user
to your ISP. The modem and connectivity product are installed on one of your computers. The
TCP protocol in all the computers is set so that the address of the connectivity computer (eg
10.10.10.1) is set as the gateway. All the computers are set to use the Domain Name Server
address (DNS) specified by the ISP. The connectivity product can be set to automatically dial
and connect to the ISP whenever anyone tries to access any internet service outside your LAN
and disconnect after a predetermined time elapses with no access. The "connectivity computer"
would need to be left on whenever anyone might need access. Alternately a stand-alone "router"
can be used to connect between your LAN and the internet via dial-up modem, high speed
access, or ISDN line.
You can usually connect multiple computers to a network that also includes a cable modem or
DSL modem to allow all the computers Internet access. However, cable and DSL accounts also
typically charge more for multiple computer access to the Internet. If you have two NIC cards in
a connectivity computer you can connect one to your cable modem and the other to your inhouse network linking to other computers. Windows XP will nearly automatically set up both
sides of this arrangement (no additional connectivity product needed) such that the cable or DSL
modem thinks it is only talking to one user. You only pay the single user charge while your other
computers can access the Internet via the connectivity computer. You may also be able to use a
single NIC to connect to your internal network and use a USB cable to connect to the cable or

DSL modem, avoiding a second NIC. Inexpensive router boxes can be used to connect a single
modem to multiple computers.
Cable and DSL "always on" services normally semi-permanently assign an IP address and name
to your account.
Voice Over IP Services
Inexpensive router boxes are now available to support voice over IP (VOIP) services provided by
Vonage or other Internet based telephone service. These units connect to the Internet via RJ-45
cable connecting to your cable or DSL modem and typically provide two RJ-11 phone
connectors and three RJ-45 ethernet connectors. The ethernet connectors can be connected
directly to up to three computers. The phone connectors can be connected to ordinary phones to
provide up to two lines of phone service. The phone lines can be routed to many phones via
standard building phone lines. However, these small VOIP boxes may not be able to drive as
many ringers as a typical telephone company line. If you are using more than one phone on each
line, check with the box vendor to see how many phones each line can handle. A major
advantage of Vonage or other non-locality based VOIP provider is that by taking the little box
with you and plugging it in to local Internet, you can be reached on your local number wherever
you go. Callers have no way of knowing you are not in your office. Careful, if someone should
happen to dial 911 while in the remote location, the fire trucks are going to go to the wrong
address!
The quality of the VOIP service is mostly dependent on the quality of the underlying Internet
service. For example, if you are having problems with Vonage it is more likely that the actual
problem is with your cable or DSL supplier. If you are using a separate router (e.g. wireless
router) the VOIP box should be connected to the modem and the router connected to the VOIP
box. This way the VOIP box will have priority over the computer's access and voice quality will
be better during times when your computers are accessing the Internet.
Be advised that fax machines typically do not work well with VOIP. This is because any
momentary delay, slowdown, or dropped packets, which do not cause any problem with the
computer Internet connection, and only cause a click on the voice line, can interfere with the
operation of the analog modem in the fax causing a dropped fax error. If you are having
problems faxing, try setting the fax's modem to operate at a slower speed (2400 baud) instead of
the normal 14,400 baud. If the fax's instruction manual does not say how to do this (they
frequently do not), try searching on the Internet. Unfortunately, if it works today it still might not
work tomorrow when if the Internet is busier.
Many people report they are totally unable to obtain reliable fax operation through VOIP. It is
futile to look to the VOIP service for a solution and your Internet provider is likely to blame the
VOIP provider. An obvious solution that eliminates the need to even have a fax machine is to
have capability for receiving faxes as an email attachment and for sending faxes from a scanned
or PDF document file uploaded to the VOIP provider. This would allow you to send and receive
faxes at your laptop in the field as well as at your SOHO and also allows you to store faxes on
your hard drive as opposed to paper file. For some unknown reason, Vonage does not provide

this capability although they do provide the capability for receiving voice mail messages as email
attached audio files. You may obtain fax capability from myfax.com, which allows faxes to be
sent by sending an email with or without attachment to 13015552525@myfax.com, allows
receipt of faxes by email, and provides incoming fax numbers matching your area code. They
have a cheaper service in which you cannot specify area code for your incoming fax number.
Dynamic Host Configuration Protocol (DHCP)
All the participating devices (computers, routers, etc) in an Internet network need certain
configuration data to operate including the Internet Protocol (IP) address to be used by the
device, IP address of the upstream gateway, mask defining the size of the local network, and
nameserver addresses. Modern software and hardware can use DHCP to get this information
automatically from the upstream side at startup and avoid the need for manual entry. However,
you need to initialize the boxes in a particular order for this to work. If you first turn on the cable
or DSL modem, the modem will get its information from the company. Then you can turn on
your router box, which will get its information from the modem. Then turn on computers so they
can get their configuration data from the router box. If power fails frequently in your area you
may want to use a small uninterruptible power supply (UPS). to power the modem and router
boxes to avoid having to go through this sequence later.
Using ISDN with a local network
If you live in an area which provides Integrated Services Digital Network (ISDN) at reasonable
rates such as the Southern part of Bell Atlantics service area you may want to consider using
ISDN vs a modem and analog line to provide Internet connectivity to a LAN.ISDN is being
replaced with DSL or cable high speed Internet access.
Wireless
Inexpensive wireless routers are now available that connect to a cable or DSL modem and
provide a local wireless Internet "hot spot" in addition to providing typically three RJ-45
connections for wired service. Modern laptops,, netbooks, and smart phones typically come with
built-in wireless capability. Small wireless adapters that plug into a USB port can be used to
connect a desktop machine to the wireless network. Wireless typically has more "glitches" than
wired and may be somewhat slower, so if a computer is semi-permanently in the same room as
the router, use a wired connection.
Typical Small Office Network with Internet Capability
Here is a description of a typical Internet enabled small office network for a small company
"SmallCo":
Five PC type computers running Windows or MacOS are connected via NICs to an Ethernet
using 10-base-T RJ-45 wiring and an 8 port hub. PCs are configured to use TCP/IP protocol and
to use file and printer sharing over the IPX/SPX protocol so all employees can use all the printers
and can use a common file areas or drives on the PCs. A stand-alone router is used to connect to

the Internet via DSL, cable, or analog modem using an Internet access provider and single user
account. The company has a web site at www.xyz.com hosted elsewhere by an ISP or web site
developer. (Some DSL and cable providers object to users running web sites from their DSL or
cable accounts.) Each employee has an email address such as aaa@xyz.com , bbb@xyz.com etc.
The web site provider furnishes POP email mail boxes for each employee. Alternately, the web
site provider can supply aliases to route mail from "aaa@xyz.com to an access provider mail
box. Email clients on the employee computers access the POP mail boxes to receive mail and
send mail via an access provider SMTP server.
Managing Modems and Routers
Cable modems, DSL modems, and routers usually have a built-in web server that displays
administrative pages. By entering the proper numerical IP address in your browser, you can
contact this web server and configure the operation of the device. Modems also usually display
diagnostic information including incoming signal strength, etc. This information is very useful
when talking to your provider about any problem. Modems, routers, and your individual
computers all can be configured to act as firewalls. This can cause confusion if, for example, you
are trying to alter the firewall to allow some new service. Also see DHCP above.
Copyright 1997 - 2010 Azinet LLC