PDA

View Full Version : OT Windows XP networking queston for computer gurus



icm5er
09-25-2005, 05:04 PM
For you computer gurus; I have two computers at home each connected to a port on an Ethernet Router sharing my Broadband internet connection.

What is the best way to have interconnectivity between my two computers to share printers and files without allowing access to the outside world via my ethernet router / broadband connection?

suggestions appreciated

Garlic Breath
09-25-2005, 05:16 PM
Start
My Network Places
Set up a home or small office network
and follow the steps

emw525E34
09-25-2005, 10:36 PM
Plug the printer on one of the PC. I am sure its already functioning. Then set a Share on it (Right-click, then Share). On the other PC, map printer to that printer. Find out the name, normally for home network its printer share name is //pc_name/printer_name.

Once mapped, it should work. DO a test print to find out. Let us know if you need specific assistance.

Good luck.

uscharalph
09-25-2005, 11:36 PM
Remember when networks were pretty complicated?

MontesCarlos
09-30-2005, 10:38 AM
I like to have an appliance firewall facing the Internet. Most off-the-shelf routers today like Linksys and D-Link already have built in- DHCP, NAT, Firewall and routing. I like this approach better than using the XP's firewall features alone, since I also like to connect other devices to the network that do not have built in firewalls, like my HP printer which has a built in Ehternet connection and a built in print server, I also have an old windows server acting as a storage device.

Qube
09-30-2005, 01:32 PM
Technically, your router has created a subnet for which you to play inside. Technically, you can share all you want using 'simple sharing' and be done with it without worry about the outside world. Do a search in Windows help for Simple Sharing.

emw525E34
09-30-2005, 11:04 PM
Any NAT device is actually a firewall. Though you have protection from Outside (ie Internet) , you have no protection from Inside network (ie your computer). So if you picked up a virus from email or cdrom or floppy, it will find its "mama" outside in the internet and you will be done!.

So, I suggest you use a personal firewall to protect "outbound" traffic. Things like Tiny firewall or Kerio personal fire are good.

I run two firewalls: One hardware and one software (Tiny) on my system, two virus scanners and a spyware scanner. Only Apache got breached on day, but nothing serious.

MontesCarlos
10-01-2005, 10:11 AM
Any NAT device is actually a firewall.

The problem with NAT is that all it does is change your private IP address to a Public IP address. Normally a dyanmic NAT translation will last for a certain period of time, which is normally adjustable. For example a NAT translation can last 4 hours for instance and then it is cleared from the NAT device, or router in this case. Once the NAT translation expires, you are safe again. The problem is that once there is a NAT translation it doesn't stop anyone from the outside to come into your network. For example:
If Private IP = X.X.X.X and it is NAT'ed to a Public IP = Y.Y.Y.Y, then as long as this translation is still active, then anyone can attack the internal host with IP address Y.Y.Y.Y at will. Also, the NAT translation usually only expires when there's no traffic using it (IDLE). Once an attacker takes over a session with your vulnerable device on your network, the attacker's actions keep the translation active indefinitely, until the hacker is "done" with your network. :(
There's a lot of scanning taking place on the internet looking for secruity holes just like this one depicted here. Normally dynamic Private to Public IP translation is thought of somewhat secure because not only is the internal IP NATed, but the UDP/TCP ports are translated as well. This is required so that there's no conflict when hosts use the same ports.
However, it is really not too difficult scanning for those unknown ports, after all there are only 65536 - 1024.
For the average home network there's only one shared Public IP, so all that is left is to guess the ports.
With a firewall it is much more difficult because a lot more needs to be guessed to break into an existing session established through a firewall. Like in the case of TCP, segment sequence numbers are monitored and if the sequence number don't match a FW will drop the untrusted packets.
If you have a software firewall on your PC, you can see attacks all the time when you only have a Modem/Router doing NAT.
For a $100 bucks you can protect your network much better. A cheap investment if you ask me. More and more home routers have built in firewalls, so you have lots to choose from.