Previous posts
Sharing an Internet ConnectionManaging Passwords
Using Other Methods for Recovering Lost Passwords
Using a Password Reset Disk
Recovering a Lost Password
Establishing and Enforcing Password Policies
Generate strong passwords automatically
Windows Creating Strong Passwords
Windows Using Passwords Effectively
saved passwords and form data in Internet Explorer
Friends
mercredi 30 janvier 2008
Connecting Your Network to the Internet
When bringing the Internet into your network, you can choose any of the following configurations:
Each computer has its own physical connection to the Internet. If you're limited to dial-up speeds and each computer has its own modem and access to a telephone line, this option is simple, direct, and quite inexpensive. With broadband connections such as a cable modem or a digital subscriber line (DSL), the cost of multiple physical connections (including hardware for each computer) can be prohibitive, and the task of installing multiple connections can be daunting. In either case, you need to take extra steps to ensure that outsiders are blocked from accessing your network, as we explain in Using Direct Internet Connections on a LAN.
Each computer has a direct connection to the Internet through a network hub or switch. In this configuration, your external DSL or cable modem is plugged into a hub or switch, as are all computers on the network. Microsoft strongly recommends against using this setup, and so do we. For starters, it will work only if your Internet service provider is willing and able to supply separate IP addresses to each computer. (Some ISPs limit customers to a single IP address or charge extra for each additional address.) Because each computer is communicating with the Internet and the local network using the same TCP/IP connection, this configuration has the potential to leave your network wide open to outside attackers. If you understand the risks and choose this configuration anyway, be sure to tighten security by using the techniques we outline in Adding a Direct Internet Connection to Your LAN.
All computers on the network are connected to a router or residential gateway. This configuration is probably the most secure you can choose for a small business or home network and is the one we strongly recommend. The hardware router serves as your gateway to the Internet, using Network Address Translation (NAT) to supply private IP addresses to computers on the local network. The router distributes all TCP/IP traffic from the network to the outside world and then routes the returning packets to their correct destination. To the outside world, your entire network appears as a single computer with its own IP address. We explain the best strategies for securing this network configuration in Sharing an Internet Connection Through Hardware.
All computers on the network are connected to a single computer running Internet Connection Sharing (ICS). ICS, which has been a part of every version of Windows since Windows 98 Second Edition, transforms the computer that is running ICS into the functional equivalent of a hardware router. Like a router, ICS uses NAT to assign private IP addresses to every computer on the network and then manages the flow of TCP/IP traffic to and from the Internet. Using ICS requires that you accept a few compromises, most notably that you leave the ICS host machine turned on at all times. In Windows XP, ICS is tightly integrated with the Internet Connection Firewall (ICF); we explain the configuration do's and don'ts in Sharing an Internet Connection Through Software.
How Network Address Translation Works
--------------------------------------------------------------------------------
When you connect to the Internet directly, using a dial-up modem or broadband connection, your ISP typically assigns you an IP address from a pool of addresses that it owns. These addresses are public; their location is listed in routing tables that are freely available on the Internet to guide packets of data as they move from point to point. When you click on a link to a Web page or check for new messages on your email server, the outgoing packet includes your IP address; the server on the other end of the connection sends the data to that address, and the Internet sees to it that those packets are routed to your computer properly.
On a home or small office network, having a unique public IP address for every computer is unnecessary and possibly dangerous. By sharing an Internet connection instead, you can get by with a single public IP address assigned to a single hardware device (a computer running ICS or a router or residential gateway). Each of the computers on the local network has a private IP address that is not reachable from the outside world but is known to other computers on the local network. To communicate with Web sites, email servers, and other Internet hosts, computers on the network funnel their requests through the computer or router on the edge of the network—the one with a public IP address. As each packet goes out onto the Internet, the gateway machine makes a note of where it came from. When the return packets arrive, the gateway machine uses a technology known as Network Address Translation (NAT) to pass those packets back to the correct private IP address on the network.
The Internet Assigned Numbers Authority (IANA) has reserved three blocks of the IP address space for use on private networks that are not directly connected to the Internet:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Routers, switches, and residential gateways that use NAT almost always assign addresses from these private ranges. The Internet Connection Sharing feature in Windows XP (as in previous versions of Windows), for instance, assigns private IP addresses in the 192.168.0.x range (where x is a randomly assigned number between 1 and 255). The RG-1000 residential gateway from Agere Systems assigns addresses in the 10.0.0.x range, and Linksys routers typically assign addresses starting with 192.168.1.x. Unlike public IP addresses, which must be unique across the entire Internet, private IP addresses need be unique only on your local network.
Using private IP addresses offers a significant security advantage because the computer or router that is managing the connection via NAT can inspect each incoming packet and decide whether to forward it or drop it. If a computer on the local network requested the connection, the NAT gateway will forward it; on the other hand, if a computer outside the network is trying to make a hostile (or at least unwanted) connection, the gateway assumes that the traffic is unsolicited and discards it.
Troubleshooting
--------------------------------------------------------------------------------
When you check your IP address, it appears in the range 169.254.x.y and you can't access the Internet.
This range of addresses is assigned by your computer using a feature called Automatic Private IP Addressing (APIPA). APIPA kicks in only when no DHCP server is available. If you're using Internet Connection Sharing or a router or residential gateway that automatically assigns IP addresses, your computer is unable to acquire an IP address from the gateway. This problem is often caused by a faulty network connection or a firewall that is configured incorrectly. Start the Windows Help And Support Center (in Windows 2000, use Windows Help) and run through the troubleshooter to repair your network connection.
If you use Windows 2000, you must set all security and sharing options for your network manually; in Windows XP, the Network Setup Wizard does the grunt work of configuring TCP/IP settings, installing and configuring Internet connections, setting up Internet Connection Sharing (if your network doesn't include a router or residential gateway), and enabling ICF on Internet connections. In most cases, the wizard's default settings are correct and you should avoid tampering with them. In a few unusual configurations, however, you might need to tweak connection settings to achieve the result you want.
34
When bringing the Internet into your network, you can choose any of the following configurations:
Each computer has its own physical connection to the Internet. If you're limited to dial-up speeds and each computer has its own modem and access to a telephone line, this option is simple, direct, and quite inexpensive. With broadband connections such as a cable modem or a digital subscriber line (DSL), the cost of multiple physical connections (including hardware for each computer) can be prohibitive, and the task of installing multiple connections can be daunting. In either case, you need to take extra steps to ensure that outsiders are blocked from accessing your network, as we explain in Using Direct Internet Connections on a LAN.
Each computer has a direct connection to the Internet through a network hub or switch. In this configuration, your external DSL or cable modem is plugged into a hub or switch, as are all computers on the network. Microsoft strongly recommends against using this setup, and so do we. For starters, it will work only if your Internet service provider is willing and able to supply separate IP addresses to each computer. (Some ISPs limit customers to a single IP address or charge extra for each additional address.) Because each computer is communicating with the Internet and the local network using the same TCP/IP connection, this configuration has the potential to leave your network wide open to outside attackers. If you understand the risks and choose this configuration anyway, be sure to tighten security by using the techniques we outline in Adding a Direct Internet Connection to Your LAN.
All computers on the network are connected to a router or residential gateway. This configuration is probably the most secure you can choose for a small business or home network and is the one we strongly recommend. The hardware router serves as your gateway to the Internet, using Network Address Translation (NAT) to supply private IP addresses to computers on the local network. The router distributes all TCP/IP traffic from the network to the outside world and then routes the returning packets to their correct destination. To the outside world, your entire network appears as a single computer with its own IP address. We explain the best strategies for securing this network configuration in Sharing an Internet Connection Through Hardware.
All computers on the network are connected to a single computer running Internet Connection Sharing (ICS). ICS, which has been a part of every version of Windows since Windows 98 Second Edition, transforms the computer that is running ICS into the functional equivalent of a hardware router. Like a router, ICS uses NAT to assign private IP addresses to every computer on the network and then manages the flow of TCP/IP traffic to and from the Internet. Using ICS requires that you accept a few compromises, most notably that you leave the ICS host machine turned on at all times. In Windows XP, ICS is tightly integrated with the Internet Connection Firewall (ICF); we explain the configuration do's and don'ts in Sharing an Internet Connection Through Software.
How Network Address Translation Works
--------------------------------------------------------------------------------
When you connect to the Internet directly, using a dial-up modem or broadband connection, your ISP typically assigns you an IP address from a pool of addresses that it owns. These addresses are public; their location is listed in routing tables that are freely available on the Internet to guide packets of data as they move from point to point. When you click on a link to a Web page or check for new messages on your email server, the outgoing packet includes your IP address; the server on the other end of the connection sends the data to that address, and the Internet sees to it that those packets are routed to your computer properly.
On a home or small office network, having a unique public IP address for every computer is unnecessary and possibly dangerous. By sharing an Internet connection instead, you can get by with a single public IP address assigned to a single hardware device (a computer running ICS or a router or residential gateway). Each of the computers on the local network has a private IP address that is not reachable from the outside world but is known to other computers on the local network. To communicate with Web sites, email servers, and other Internet hosts, computers on the network funnel their requests through the computer or router on the edge of the network—the one with a public IP address. As each packet goes out onto the Internet, the gateway machine makes a note of where it came from. When the return packets arrive, the gateway machine uses a technology known as Network Address Translation (NAT) to pass those packets back to the correct private IP address on the network.
The Internet Assigned Numbers Authority (IANA) has reserved three blocks of the IP address space for use on private networks that are not directly connected to the Internet:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Routers, switches, and residential gateways that use NAT almost always assign addresses from these private ranges. The Internet Connection Sharing feature in Windows XP (as in previous versions of Windows), for instance, assigns private IP addresses in the 192.168.0.x range (where x is a randomly assigned number between 1 and 255). The RG-1000 residential gateway from Agere Systems assigns addresses in the 10.0.0.x range, and Linksys routers typically assign addresses starting with 192.168.1.x. Unlike public IP addresses, which must be unique across the entire Internet, private IP addresses need be unique only on your local network.
Using private IP addresses offers a significant security advantage because the computer or router that is managing the connection via NAT can inspect each incoming packet and decide whether to forward it or drop it. If a computer on the local network requested the connection, the NAT gateway will forward it; on the other hand, if a computer outside the network is trying to make a hostile (or at least unwanted) connection, the gateway assumes that the traffic is unsolicited and discards it.
Troubleshooting
--------------------------------------------------------------------------------
When you check your IP address, it appears in the range 169.254.x.y and you can't access the Internet.
This range of addresses is assigned by your computer using a feature called Automatic Private IP Addressing (APIPA). APIPA kicks in only when no DHCP server is available. If you're using Internet Connection Sharing or a router or residential gateway that automatically assigns IP addresses, your computer is unable to acquire an IP address from the gateway. This problem is often caused by a faulty network connection or a firewall that is configured incorrectly. Start the Windows Help And Support Center (in Windows 2000, use Windows Help) and run through the troubleshooter to repair your network connection.
If you use Windows 2000, you must set all security and sharing options for your network manually; in Windows XP, the Network Setup Wizard does the grunt work of configuring TCP/IP settings, installing and configuring Internet connections, setting up Internet Connection Sharing (if your network doesn't include a router or residential gateway), and enabling ICF on Internet connections. In most cases, the wizard's default settings are correct and you should avoid tampering with them. In a few unusual configurations, however, you might need to tweak connection settings to achieve the result you want.
34
Libellés : Connecting, Internet, Network
0 Comments:
Funny Blogs
Blogger Roll
Free Software
