LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Home network - security and access Q's
From:	Dave Gillett <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Mon, 9 Oct 2000 03:05:30 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (84 lines)

On 7 Oct 00, at 1:05, Michael A. Wosnick wrote:

> I want to thank those that responded to my last queries regarding
> my proposed mini-network with a desktop and laptop computer at
> home. I want to share a cable modem, but also files and print
> services. My desktop is running Win98 and the laptop has Win98SE.
>
> I have a couple of additional questions. The two options I am
> considering are to buy a second IP address from my cable modem ISP,
> and use a simple hub for my mini-network, or else buy a router and
> do it that way. I would prefer the second option since I can expand
> the network to my other computers if I ever get the guts to do the
> cabling through my house etc.
>
> The questions.

> 1. If I use the simple hub approach, and have 2 IPs , I am worried
> about security for file and printer sharing. In essence, as I
> understand it, my local network services are vulnerable, even if I
> put personal firewall software on my two machines. Is this correct?
> If so, can I secure my file and print sharing by simply unbinding
> my network functions (Client for MS Windows, file and print
> sharing) from TCP/IP (where they defaulted) and binding them to
> NETBuei instead. I have been reading about this, but am not sure if
> I comprehended the nuances right. Comments/advice?

  This is only going to work if there is a TCP-only gateway/router
between your machines and the rest of the cable network.  There
probably is -- but your use of the term "router" below suggests that
you don't recognize this.
  The classic solution in this case is to have a firewall between the
hub and the cable; a combined hub/modem box may also have firewall
features that you can use.

> 2. If I use the router approach, my concern is a different one.
> Both my wife (laptop) and myself (desktop) access our workplaces
> via VPN tunnels. I use "Secure Client" from Red Creek and she uses
> Alta Vista Tunnel (although that is scheduled to be replaced but as
> yet I do not know by what). I know from a colleague who uses
> Win98SE and ICS that he cannot configure the Red Creek Secure
> Client, so there are issues there. That is one reason I want to
> avoid ICS in my set-up. My worry is that if I choose a router that
> provided good firewall protection (desirable), will it also
> interfere with my ability to use both of our VPNs. If I were to buy
> a router and find that the VPNs would not work, then essentially I
> will have purchased a doorstop, since it will be useless to me. Are
> my fears groundless, or are there issues with routers and VPN
> software. If so, how easily are they likely to be resolved, if at
> all. I noted that some routers say that they have support for
> VPNs, but is this a particular one, or is there some kind of
> generic support that makes it all work? This could be an expensive
> experiment if I am not careful. Advice?

  There are a couple of kinds of *gateway* boxes, used to connect
multiple networks.  A router passes packets by rewriting lower-level
headers.  A proxy looks like a single machine to each network, with
mappings defined statically or through some kind of protocol
encapsulation.
  A NAT box looks like a router from one side ("inside") and a static-
mapped proxy from the other side ("outside").  Some routers and
firewalls offer this as an optional mode of operation.

  Most VPN clients should run across standard routers just fine.
What they don't handle is NAT or proxying, because these usually mean
that the "inside" end knows itself by a different (local) IP address
than the far end of the VPN tunnel needs to connect with.
  A few specific VPN clients may be able to deal with NAT, but unless
*both* of you can use this, it's not an option.  [And the fact that a
client *can* be configured to work with NAT doesn't guarantee that
your company's IT staff is prepared to support that configuration....]

  So I have to come down on the multiple IP addresses and a hub side,
recommending a packet-filtering firewall between you and the cable.
I've never managed to unbind NetBIOS from TCP/IP on Win 9x, so unless
you're both using NT/2K, I'm not sure I'd bother with NetBEUI.
[Also, running NetBIOS over NetBEUI will preclude using it over the
VPN tunnels....]

David G

         PCBUILD maintains hundreds of useful files for download
                     visit our download web page at:
                     http://nospin.com/pc/files.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG