When not scraping, sanding, painting, and generally following orders from Management, my time is backfilled and my bank account is padded by doing help desk work on the side, usually cleaning up Windows boxes that have been neglected and abused as well as the occasional hardware upgrade for the tech phobic, but the best work are the small offices that I maintain as these are the places where the dollars need to be stretched for the greatest return.

At the moment I have one client with a very small office that when set up was configured like a home network with an emphasis on ease of use over security. The result is two Windows 2000 PCs and one Windows XP laptop joined by a password free Workgroup and connected to a cable modem through an aging Linksys router. The PCs themselves are getting long in the tooth having been purchased some six years ago and to add insult to injury he has been battling virus outbreaks with increasing regularity. I make sure that he stays on top of definitions and patches but the network itself is inherently insecure and added to that both machines are logged into as local admins.

He has given me a list of things he would like to see implemented when or if he proceeds with upgrading or reconfiguring the existing network including somethings I would file under necessity: automated backup plan, network firewall solution, and centralized and secure file sharing. While 2000 is still a serviceable OS, I’m leaning towards recommending that he purchase two machines to replace those boxes and to go with XP Professional, skipping Vista for now. Surprisingly, I’m not recommending he deploy Ubuntu, SUSE, or Fedora for the simple fact that it might be too much change for him and his employees and XP, when configured properly, is a fairly rock-solid OS.

The first possible configuration maintains the general layout of the network but would allow for remote administrative access as well as centralized file sharing and automated backups by redeploying one box to act as an SSH and file server.

The purple lines represent an SSH tunnel, the red is vnc, and the blue for file sharing and backups, and you can plainly see what my choice for the server OS. This configuration is most likely the one he will sign off on as the topology closely resembles what he has grown accustomed to but I do have a second configuration in mind to further enhance security.

The inclusion of the Smoothwall appliance will go a long way in enhancing security, particularly if I shift tactics and push that they log into their PCs as regular users and reserve the admin account for special cases. The Smoothwall appliance can also be deployed on the remaining 2000 PC to make better use of the hardware with the only cost being replacing the router with a switch.

All things considered, I think that the two options make the best use of his money and could go a long way in enhancing the security of his network as well as functionality. We’ll see what he goes with.