Ah, so it doesn't matter how he has his trusted zone settings on McAfee. That won't affect me.
And naturally, any firewall in the router probably affects everyone. (I don't know if there is a separate firewall for wireless and wired [his cafe computer is hardwired to the router]).
So are my statements true yet?? :-)
Oops, I didn't mean to do it. I'll give you another link so you can learn more about firewalls, since you seem to be interested in them.
"marcy" hath wroth:
Right. The only thing that will affect your use is how the wireless router is configured. His desktop is completely unrelated issue.
Well, you could just ask the cafe owner for the maker and model number. Then, look it up on the web to see what it does.
Yep. The type of router is the major unknown. You're statements are correct as long as the router is a fairly simple wireless router. If it's something fancy like a Sonicwall TZ170w, with seperate "zones" for the office LAN and the public wireless LAN, or some other router that supports VLAN's, then all bets are off.
Sorry about the previous sloppy formatting. I was at the laundromat using their open wireless and Google Groups.
Thanks!
His personal firewall software runs local to his computer and protects his computer from unsolicited inbound traffic on the LAN, which your computer is on the LAN too, so he is protecting the computer from other computers on the LAN.
This LAN is in a public setting where anyone can connect to the router wired or wireless and be on the LAN. If the computer is not protected with a PFW, then other computers on the LAN can access the computer. The computer can be seen and accessed by other computers on the LAN.
You have a personal FW running on your computer that's going to stop unsolicited inbound traffic from other computers on the LAN. That unsolicited inbound traffic on the public LAN can be self populating Trojans or worms. The malware seeks out open none protected computers in this LAN situation, which can come from other computers that are infected/compromised, as an example.
There is only one NAT router setting there as the gateway device for the WAN/Internet and LAN (wired or wireless) with FW capabilities to protect the LAN from the Internet. Wired or wireless it doesn't matter as the router with its FW capabilities control access to and from the LAN.
You connect your computer to that public LAN, then you need to be concerned with what's going to happen when you do that, because other computers on that public LAN wired or wireless can see your computer and access it, and an attack can be ran against your computer in this public LAN setting, wired or wireless.
Most NAT routers don't have the ability to protect computers in a LAN situation, only from the WAN/Internet. So, if one doesn't protect the computer with a PFW solution running on the computer, then the computer most likely is going to be compromised in that kind of environment.
The other person is correct. It's very likely the connection at the deli goes out through a NAT router. All traffic goes OUT through it just fine. But nothing comes back IN through the router direct to the devices. Well, at least not without an active session being maintained by the NAT router. So they're not "on" the outside internet directly in that sense.
No it won't work unless your office network is configured to allow incoming connections of that sort. Most won't be (and with good reason). You don't want to allow any more external traffic into your network than absolutely necessary. Even with password authentication you're still faced with risks of denial of service attacks. Someone could just tie up your internal machines by repetitively attempting bogus logins. They probably won't crash outright but it can cause issues.
Thus I usually suggest using a VPN instead. That way the traffic from the travelling computers is encrypted instead of in the clear. So your travelling users just "dial" the VPN connection into the office and then use tools like remote desktop, pcAnywhere, citrix, vnc, etc. The VPN provides an encrypted 'tunnel' that blocks anyone else along the same networks from seeing what's inside the packets. Connect using unencrypted, 'open' wifi and log into a POP mailbox or non-HTTPS website (among several examples) and anyone else on the same Wifi network can quite easily see your password using any number of free tools. I *never*, *EVER* connect to anything on an open network that would require ANY sort of password. I *always* "dial" back to the office/home via VPN first.
As for firewalls, it's a foolish merchant that sets up his work computers on the same network as a free wifi hotspot. If there's any traffic going between more than one work computer it opens the chance of the free users to sniff the packets. Even with AP isolation it's possible to stage a number of attacks that can get around it. Best to keep them separate via VLANs or entirely separate networks. And for pity's sake, don't use the default IP range of 192.168.0.0 or respond to pings.
-Bill Kearney
I just got PCAW to work. I can remote in to my computer in the office and work on it as if I were there.
What is the total cost for a VPN system?? What components are required for one person to connect remotely??
I can't really be responsible for the merchant. But I'm happy to make a suggestion to him if you think I should. He knows much less than I do which tells you that I will have to keep it pretty simple. How could he have his single computer on a different network than the computers that come into the cafe??
Thanks much!!!!
Depends on what equipment is connecting to the internet at the office. Some routers have the ability to terminate a VPN on them directly. Others pass the VPN traffic to something else inside the network. Windows server software comes with Remote Access and Routing. RRAS provides VPN services. You set it up on the server and then configure the router to pass the VPN traffic to it.
So it all depends on what equipment is present.
The only server we have is a file server XP Pro machine dedicated to special software (optical stuff - glasses). The router is a Netopia 3347NWG 006. Since I am the only one that would be accessing my work station, I'm not sure I can convince them that it is important. ON the other hand, a satellite office is opening very soon that will access another workstation to enter optical data. That will be happening off and on all day.
It sounds like we would have to buy a server just for VPN service. And I'm thinking we would have to buy a special router. So the cost is going to be around $1200 to go the cheap route. I don't think they will spring for that.
Thanks for hanging with me on this!!! and for your information.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.