Network security - small business

mushtafa · 5 Mar 2016 at 17:53

Thanks for all the input.

I've got a lot of reading to do this weekend. I'll double check on Monday which standards need to be met.

Sin_Chase · 5 Mar 2016 at 21:21

Hyburnate said:
Ubiquiti Edge Router Lite
Ubiquiti Edge Switch Lite (24 Port)
Ubiquiti UAP-AC-Lite

This is what I would be using.

I'm not going to suggest how you should be doing it, because (with all due respect) I am not sure you are best placed to do it. 1 Firewall configuration mess up and what appears to work may well have just exposed your internal network to the internet. Of particular concern is that you consider the wireless portion of your network to be insecure, why? Whilst you are using a HUB your wired network is also completely insecure against packet sniffing.

mushtafa · 6 Mar 2016 at 08:44

I consider the wireless side to be insecure because of the outdated hardware/software connected to it. And like you say, this exposes the entire network.

mushtafa · 6 Mar 2016 at 08:45

While I'm here, does anyone know of a rugged AP? The AP will be in the workshop which gets cold, sometimes damp, and very dusty.

Caged · 6 Mar 2016 at 09:46

Most AP product ranges will have a version with extended operating temperatures and a level of moisture resistance. Pick the Wi-Fi product you're going to deploy and then pick the relevant model from the range, don't just buy a single AP to fulfil the workshop requirements.

If you're going with Meraki the the MR72 can operate from -40 to +60 degrees and is IP67 rated. Ubiquiti claim the UAP-AC-PRO can operate in damp / semi-outdoor environments but there's nothing on the spec sheet to back this up. However you could just consider them a sacrificial item and use the cheapest UAP-AC-LITE and just replace it annually when the antennas rust away.

Xclaim is a nice balance of enterprise quality and budget pricing. They're made by Ruckus and can be cloud or app-managed. The Xo-1 is an IP67 unit for a decent price:

http://xclaim.s3.amazonaws.com/pdfs/datasheets/ds-xo-1.pdf

randal · 6 Mar 2016 at 09:53

zoomee said:
This isn't for PCI-DSS compliance is it?
If it is, I highly recommend keeping the PDQ on its on phone line.

Otherwise I can guarantee its too complicated for you to segregate the data etc in a manner that's fully compliant - you also have to ensure machines are all patched etc for example.

That popped into my mind as soon as payments were mentioned. If so then a quick glimpse of the SAQ and the OP would be posting something very different.

To expand on that you'll need anti-virus, segregation of duties and access, segregation of traffic, firewall/IDS, monitoring... the list goes on.

Steveocee · 6 Mar 2016 at 10:29

Ubiquiti also do an outdoor unifi AP which may be worth thinking about, at least if it's a dedicated outdoor product it will weather the damp and cold better.
https://www.ubnt.com/unifi/unifi-ap-outdoor/

Caged · 6 Mar 2016 at 13:21

^ I thought about that but the AC units are based on the square AC models as far as I know, which were pretty poor. It's also priced in line with those models - I wouldn't spend £300+VAT on an Ubiquiti AP.