Hi there, i would like to set up a home network that is almost or fully virus proof.
I would like to have the following things as part of it:
- Printing (Connect to the printer)
- Set storage
- Software Deployment Portal (Recommend Free Software For Family)
- Extremely High Security
- WAN/LAN Gaming Connection
- The ability to only add certain computers to the network, and at any time (might buy more)
- All of the above wireless.
I also need to know the following fairly shortly:
- What I need to buy and an approximate price. (if you can't be bothered just tell me the item i'll get the price)
- What antivirus on the host computer (Yes i'm willing to pay, and i have a copy of symantec (unlimited) (Not endpoint))
That is a tall order for a home network. From my experience here is what I hope will help you out.
- home network that is almost or fully virus proof. - Nothing is secure against anything. If it wants in bad enough it will gain access.
- Printing (Connect to the printer) - If your printer already has Ethernet / Wireless capabilites your done, just configure to work on the network. If not you are going to need a USB/LPT1 (which ever you printer uses) Adapter with a built in Wireless/Wired Print server.
- Set storage - NAS or if you have a spare computer FreeNAS is more than likely what your looking for here.
- Software Deployment Portal (Recommend Free Software For Family) - Purpose??? Are you going to be installing software on every computer every day? That and if someone comes to your house more than likely they will not want to install software on their computer just to use your internet (See point further down for additional details). If you just don't want to run multiple installers look at this site for a list of supported programs that can be built into a single installer -> http://ninite.com/
- Extremely High Security - Don't use wireless, use static IP's if your network is small enough. On every computer setup GPO correctly and limit users interactions with the network and the computer itself.
- Chat - What type of chat? AIM? MSN? etc? or personal chat between computers, need more details on this.
- WAN/LAN Gaming Connection - If it is just one device, set it as a DMZ and limit data stored on it that is personal. If it is an Xbox 360 just DMZ it and call it a day
- The ability to only add certain computers to the network, and at any time (might buy more) - Using DHCP will allow further expansion, but you will still have to configure the devices security to your own wishes.
- All of the above wireless - Wireless or High Security? One or the other. Wireless can be broken in a matter of time.
Note One Wireless and High Security - Use a strong WPA2 encryption, with MAC ID Filtering. Change the encryption key once a week/month (your preference). If you have visitors that come over that wish to use your internet it may be a good idea to have a router on hand that you can add to your network when they visit. This way when they connect they will not be on your network persay but be on a separate network. Then when they leave remove the device from use.
Also to increase security it may be an Idea to invest in a computer system that can handle Windows 2k8 Server. And configure the server as an Active Domain Controller, then you can utilize the features of the DC for limiting user accounts and pushing out GPOs to new computers that come in and join the domain. Using that will also allow you to manage certain software installs that have a compatible .msi install package.
For hardware if you where going to go with a basic setup all you would need is the following. A wireless capable router, USB/LPT1 Print server for your printer if not supported, Wireless to Wired Bridge or Wireless adapter for your game console, and wireless adapters for all computers you wish to make wireless and cat5e wires for all the computers you wish to make wired. For your file server look up a NAS box that meets your needs.
Since your looking at a more advanced approach then this is what I would suggest to handle what your looking for.
- A server computer with 2 NICs (Can be an older desktop computer that has the ability to run Windows 2008 Server. No more than 2-3 Years old)
- Wireless Access Point (I use a LinkSys WAP54G)
- 10/100 switch (or 10/100/1000 if you wish to implement a GB network)
- A NAS Box or spare computer with FreeNAS installed
- USB/LPT1 Print server adapter if your printer is not Ethernet (wired) or Wireless compatible.
- Wireless Bridge / Wireless adapter for external devices such as an xbox 360 that you wish to connect to the network.
- Time and Patience.
Going the second route is considerably more expensive as some of the hardware can be quite pricey (A good USED server is going to cost in the range of $500-$1000, new well over $2000). Also on getting older equipment you have to make sure that it will handle todays and tomorrows load. Meaning that Old P4 MAY
run Windows 2008 Server but it may struggle when pushing out apps or loading the profiles from disk over the network.
Going the second route is going to be difficult, and will take some time to properly setup, diagnose and repair any issues. Honestly your best bet would be to use a standard router and use a wired connection for most of your devices. It is more than secure enough in that manor for the average home user.
In terms of A/V software, I currently use Norton Internet Security 360 4.0 It works well for me so I haven't had a need to use a Server/Client based version. But if that is what you truly want look for Symantec Corporate if they still make it for newer versions of Windows.