Previous posts
Adding Firewall ProtectionConfiguring a Broadband Connection
Using Direct Internet Connections on a LAN
Connecting Your Network to the Internet
Sharing an Internet Connection
Managing Passwords
Using Other Methods for Recovering Lost Passwords
Using a Password Reset Disk
Recovering a Lost Password
Establishing and Enforcing Password Policies
Friends
mercredi 30 janvier 2008
Adding a Direct Internet Connection to Your LAN
Safely sharing an Internet connection requires at least a slight investment in extra hardware. Routers and residential gateways cost more than simple network hubs or switches. The less expensive Internet Connection Sharing option requires that you install a second Ethernet adapter on the computer that will serve as the ICS host. Windows users with a broadband connection and a very tight budget might be tempted to cut corners by plugging a cable or DSL modem directly into the network hub or switch. In this configuration, every user acquires an IP address directly from the ISP and uses the same Ethernet adapter to communicate over the Internet and across the local network.
Without additional precautions, this configuration is horrendously insecure. An intruder who breaks in to any computer on the network has access to the entire network. In Windows XP, the Network Setup Wizard first delivers a warning message (shown in Figure 15-4, earlier in this chapter) and then enables the Internet Connection Firewall. This solution eliminates the threat of outside attack; unfortunately, it also blocks communication with other computers on your LAN. If you insist on using this configuration, you should employ one of the following options to protect yourself:
Disable ICF and install a third-party firewall. (You'll find a list of firewall programs in "Choosing a Third-Party Personal Firewall".) Unlike the bare-bones ICF, a full-featured firewall product typically allows you to define security zones. Configured properly, the firewall should allow you to freely exchange data among computers on the local network while blocking all unsolicited inbound traffic on the Internet connection.
Disable file and printer sharing on the TCP/IP protocol for each computer on your network and instead enable sharing over the NetBEUI or IPX/SPX protocol. (This procedure is documented fully in Protocols and Other Software Components.) By using a protocol other than TCP/IP for local network traffic, you can leave ICF enabled, keeping your Internet connection protected while still sharing files and other resources.
Safely sharing an Internet connection requires at least a slight investment in extra hardware. Routers and residential gateways cost more than simple network hubs or switches. The less expensive Internet Connection Sharing option requires that you install a second Ethernet adapter on the computer that will serve as the ICS host. Windows users with a broadband connection and a very tight budget might be tempted to cut corners by plugging a cable or DSL modem directly into the network hub or switch. In this configuration, every user acquires an IP address directly from the ISP and uses the same Ethernet adapter to communicate over the Internet and across the local network.
Without additional precautions, this configuration is horrendously insecure. An intruder who breaks in to any computer on the network has access to the entire network. In Windows XP, the Network Setup Wizard first delivers a warning message (shown in Figure 15-4, earlier in this chapter) and then enables the Internet Connection Firewall. This solution eliminates the threat of outside attack; unfortunately, it also blocks communication with other computers on your LAN. If you insist on using this configuration, you should employ one of the following options to protect yourself:
Disable ICF and install a third-party firewall. (You'll find a list of firewall programs in "Choosing a Third-Party Personal Firewall".) Unlike the bare-bones ICF, a full-featured firewall product typically allows you to define security zones. Configured properly, the firewall should allow you to freely exchange data among computers on the local network while blocking all unsolicited inbound traffic on the Internet connection.
Disable file and printer sharing on the TCP/IP protocol for each computer on your network and instead enable sharing over the NetBEUI or IPX/SPX protocol. (This procedure is documented fully in Protocols and Other Software Components.) By using a protocol other than TCP/IP for local network traffic, you can leave ICF enabled, keeping your Internet connection protected while still sharing files and other resources.
Libellés : Adding, Connection, Direct, Internet, LAN
0 Comments:
Funny Blogs
Blogger Roll
Free Software
