Hi,

Can someone advise me on how to set up a small office network of about 5 PCs, and a printer, with a broadband Internet connection.
My initial thoughts are to use a simple plug n play router, and get one of the PCs to share out the printer.

I hope someone can advise me on how to connect the PCs together (whether to use a workgroup or domain - what's the difference anyway?)

Also, what is the security risk of such a network? I plan to run AV softwares on the PCs, but don't know if I should/how to run a firewall.

Can someone please kindly advise?
Cheers.

What is the network for?

Yes, always run a firewall.

I think what Variable is asking is what type of information/applications are being used?
Many businesses are now required to protect certain types of data by regulation, and the security required depends on the type of data the business is handling.

In a Workgroup you have Peer to Peer security, meaning that any security is handled on each PC in the group.

In Domains, you have a Server which handles security policies and permissions.

thank you, appreciate your replies.

The network is actually for an overseas business office, with a view to connect via VPN to the "main office".
I am not planning to run a server, so how do I install a firewall?

Sorry, I am such a newbie at this.

If you are as you say, a complete newbie, do you think you will be able to set up the network overseas, network them together for sharing files securely, secure them from internet threats and create the VPN connection to the network via this forum? or is someone else proposing ideas and you want to understand the process and maybe what they are talking about?

i've got a Managing Director who is even more IT savvy then me. He bounces off his ideas to me and expects me to carry it out. Normally I outsource the job to some other guys but this time I thought I'd try it out myself.

I think your biting off a big chunk. I understand wanting to take a trip but if your going to do it then you should get a book on networking and read it. You can do a network fast and open or you can have one that is secure but it takes more understanding of the processes. I would start with http://www.practicallynetworked.com/networking/

A few things to keep in mind for a business workgroup:

A workgroup using XP Pro should use NTFS permissions for sharing files.

Each computer authenticates every connection itself. This means that if Bob connects to Sally's computer, Sally's computer will have to have a username and password that matches what Bob uses.

A static IP on the internet router will help you and the Sys Admin you are connecting to over the VPN have a more secure networking strategy, it also makes it easier to use things like Remote Desktop. A static IP is a nice feather in the cap when doing any kind of secure networking. It is not required for the VPN but can make other unforseen problems disappear.

Think about buying a hardware based security solution for AV,Spam and exploits. Many devices out will protect your network without having to worry about AV and Spyware software on the individual machines. The problem with software side solutions is they rely heavily on updates and subscriptions and can be turned off by the client if they get annoying. If you protect the network at a higher level you have more control and you also can remote into the devices with a static IP and reconfigure, test, update them. Setting up each PC with a host of software and then leaving the country is simply asking for problems in a few months. Since you will not be using a server you basically give each user complete control of their own machine. This is generally a bad idea.

http://dmoz.org/Computers/Security/Firewalls/Products/Appliances/

Do a few hours of reading about them. Spyware,AV and firewalling all in one package.

Set up each pc and use NTBackups to copy a backup to a USB2.0 drive. schedule the backup to run as often as you would like. If you have a static IP you can have encrypted nightly backups done remotely to the states. We do this at work for a fee, we use a IBM product called tivoli storage manager. This ensures that if a fire,theft happens no data is lost. You can backup system state or just business critical data. Again, more control and separate from the users intervention.

Always rename the Administrator account and give it a password you know. Think about creating the clients computers and giving them limited access to their own machines i.e. the Users group. Install all applicaitons they will need as the administrator. Create a user, add them only to the Users group. See if they can do their job at this security level. It will give you more control and make it harder for them to break the machine.

Document everything you do. This is critical.

MASTER Variable.

I cannot thank you enough. Am already headed to the library to heed your advise.
You do not know how I appreciate your and PrntRhd's advise.
This forum really rocks!

Your welcome. If you get stuck on a topic post back.