LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Home network - security and access Q's
From:	"Michael A. Wosnick" <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Mon, 9 Oct 2000 11:42:07 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (69 lines)

David,

Thanks (again) for your detailed answers. I did not understand all of what
you wrote :) but will digest it over time...

As for your comments about using 2 IPs and a hub (below), let me tell you
that at the moment I am running a personal Firewall on my desktop PC
(ZoneAlarm) and am very happy with it. I intend to run this on my wife's
notebook as well. So I feel I will be protected in that regard.

As for file and print sharing, I have (rather easily) managed (at least it
appears so) to unbind Client for Microsoft Networks fully from TCP/IP. Right
now, TCP/IP is only attached to my Ethernet adapter and to my VPN and to my
Dial-up Adapter. Client for MS Windows is only bound to NetBEUI, NOT at all
to TCP/IP. NetBEUI is in turn attached only to my dial-up adapter (just to
anchor it somewhere), but not to my Ethernet adapter or my VPN adapter.

Of course I am NOT yet running a network, but I have tested the security of
this set-up on my desktop machine by turning OFF the firewall, going to
Steve Gibson's Shields up site and having it probe my machine. With Client
for MS Networks bound to NetBEUI, SheildsUp found all ports CLOSED,
including the NetBios port 139, and could gather no information from my
machine. I did try to use my VPN in this situation. The tunnel was
established with no problem. As well, I could access my workplace exchange
server and see all my e-mail etc. However, if O clicked on Network
Neighborhood, I never did see any other workstations. I can't tell if there
is a server problem at work (a frequent occurrence) or if my new "set-up"
precludes the VPN tunnel being used to access my other servers and
workstations beyond just the Exchange server. .

So, if I proceed with my network, with 2 separate IPs, individual personal
firewalls for each machine, and Client for Microsoft Networks (and
presumably my file and print sharing functions) bound only to NetBEUI, will
I indeed have achieved the level of protection and security that I have now
before the networking exercise? Will my VPN still work? (I will test this
again of course...)

If I have to re-enable the binding of Client for MS Networks to the TCP/IP
to see my workplace network over my VPN, will the firewalls on each
independent machine be protection enough? Frankly I didn't understand your
point about putting a firewall "between the hub and the cable". Assuming
that the cable modem is plugged directly into the hub, how would one
accomplish this? Can you elaborate?

Many thanks.

Michael

 -----Original Message-----

 [snipped]

The classic solution in this case is to have a firewall between the
hub and the cable; a combined hub/modem box may also have firewall
features that you can use.

        [snipped]

So I have to come down on the multiple IP addresses and a hub side,
recommending a packet-filtering firewall between you and the cable.
I've never managed to unbind NetBIOS from TCP/IP on Win 9x, so unless
you're both using NT/2K, I'm not sure I'd bother with NetBEUI.
[Also, running NetBIOS over NetBEUI will preclude using it over the
VPN tunnels....]

         PCBUILD maintains hundreds of useful files for download
                     visit our download web page at:
                     http://nospin.com/pc/files.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG