Michael Sharkey
Posted 11 years ago
Joined: 12 years, 5 months ago
I am about to network three Win98 machines in a home network. The intention is to share files, peripherals and a broadband cable Internet connection.
I read in one of the Microsoft bulletins that if your Internet connection is via an Ethernet card (which mine is) that it is necessary (for security reasons) to install a second network card for the home network. Presumably this is because file sharing would have to be enabled for networking. However, I am not sure how a second network card would help. My understanding is that you cannot selectively enable file sharing. Once chosen for one network adaptor it applies to all. What am I missing here?
Any comments would be gratefully received!
Michael Sharkey
Anonymous
Posted 11 years ago
Joined: N/A
Re: Ensuring network security
If you have the cable modem plugged directly into a PC, then you'll need to share that internet connection with the rest of the PCs in the network.
When you set up Internet connection sharing, it routes network traffic between your internal network and the Internet connection. This means that the PC doing the sharing will need to have an external IP address (for the cable modem) and an internal IP address (for your internal network). The only way it can do this is by having two network cards - you can't have the same network card using two IP addresses at the same time.
It's theoretically possible to plug the cable modem into the hub, rather than directly into the PC, but this will only work as long as the cable modem has the same IP address. Unfortunately, the IP address changes from time to time. The first time that happens, the rest of the network won't be able to see the cable modem or connect to the Internet.
Perhaps an easier solution would be to buy a cable modem router. This plugs into the cable modem at one end, and is a network hub/switch for your PCs at the other end. It also acts as a basic firewall.
Bruce Adams
Posted 11 years ago
Joined: 12 years, 5 months ago
Re: Ensuring network security
You would use one NIC to connect to the internet, and have File & Printer sharing disabled on that card, and you would use another NIC to connect to your local network, and have File & Printer sharing enabled on that card. You would also need to investigate some internet connection sharing software, and some sort of firewall.
www.sygate.com or
www.zonelabs.com
Andrew Kennedy
Posted 11 years ago
Joined: 12 years, 5 months ago
Re: Ensuring network security
What they are getting at is that you do not use the same network for each use - IE only the home network card will have a relevant IP Address for your home network (use one of the specific numbering systems only used for home networks ie the 168.192.???.??? series) data from one of these IP adresses is not shareable outside its home network.
You could probably do something similar by running your home network on IPX rather than TCP, as long as you did not configure TCP, the other computers should not be visible, mind you, you could not share your cable internet access either.
Your simplest solution is to use one network card, only allow shared drives etc with passwords, and all of your machines should be reasonably secure.
NOT that any one would want to do this, being a violation of your cable agreement, they expect you to pay the extra 20 a month for the second connector!
Chris
Posted 11 years ago
Joined: 12 years, 5 months ago
Re: Ensuring network security
This is true. The idea is to separate your home LAN from the "LAN" represented by your Internet connection. Your cable internet is actually your connection to a much larger network, and you don't want people on that network looking into your home network. The separation is achieved by the correct bindings to the correct network cards.
I recommend you do some research on the net and read up about home networks. Look at practicallynetworked.com the information there is very good.
Internet Connection Sharing that comes with Win98 works but some cable ISPs don't work well with it.
I use analog proxy from analogx.com which its free and has an excellent readme file that provides some very good and easy to follow information.
You will also want to run a firewall, Zonealarm works well but the security may need to be set to medium so that your cable ISP can see that you are on the network.
Other options are available to you for security, one more expensive one is a hardware router and if you decide to go this way the setup is slightly different.
Good luck,
Chris.
Geoff Farrell
Posted 11 years ago
Joined: 12 years, 5 months ago
Re: Ensuring network security
While Josh's answer is spot on, there is one extra thing you must do to ensure security. In Network Properties (right-click Network Neighbourhood on the desktop, select Properties) select the TCP/IP->MyBroadbandEthernetCard protocol and select Properties; click on the Bindings tab and de-select 'File and printer sharing for Microsoft Networks'. If you don't do this, then even with a second Ethernet card, your files are potentially accessible from the internet. With that binding checked, you are basically saying that you want to share your files with that network (in this case, the Internet!).
It's best to de-select ALL bindings in this tab. They should only be checked on the network card that connects to your local network.
Hope this helps, Geoff Farrell.
Michael Sharkey
Posted 11 years ago
Joined: 12 years, 5 months ago
Re: Ensuring network security
My thanks to Josh, Bruce, Andrew, Chris and Geoff for taking the time to respond to my question on Network Security. Your advice was excellent and has helped me enormously.
This is the first time I have used HelpScreen and it certainly won’t be the last.
I am very impressed!
Thanks again,
Michael Sharkey
warren griffiths
Posted 10 years, 11 months ago
Joined: 12 years, 5 months ago
Re: Ensuring network security
You have probably got plenty of info to work with but this is my bit anyway. My home setup uses the following.
1. File and Print sharing are across the LAN card only (not the dial-up connection.)
2. I use reserved IP addresses on my LAN which are not recognised over the internet.
3. My LAN connects to the internet via a proxy server (in this case Jana server) that allows access to be restricted to a certain IP range (The one I use internally only).
Finally go to a site called http://grc.com (I think). This is a site that will "Test your Shields" in other words this site will probe your computer for any security weaknesses and issue with a report.
Hopes this works. wg
