Hi,
I've got a network of 2 computers (WinXP) that access the internet through a wireless router. These 2 computers share some resources, such as folders.
Are those resources visible to the outside (internet)? Should I close some port on the router's firewall?
I've set mac address restriction and WPA encryption.
PS I apologize for my ignorance... O:-)
"Fernando" wrote in news:1123444688.685097.291410 @g43g2000cwa.googlegroups.com:
The router is going to have the Windows Networking ports closed by default and the machines will be protected behind the router from the Internet while networking.
The link discusses the ports.
That's good and you might want to disable the DHCP server on the router and only use static IP(s).
"Fernando" wrote in news:1123444688.685097.291410 @g43g2000cwa.googlegroups.com:
I also like to use the Authenticated Users group on shares.
Why?
Why not?
Because it only makes local config more effort yet doesn't provide anything useful. If you're thinking it adds security, just run kismet and note the ip address range.
David.
The next door neighbor who has wireless and taps into someone's wireless network by happenstance is not going to know that. So I think it provides a little protection from those type of potential intruders.
Right but if you've configured even WEP with a 64 bit key, that automatic association isn't going to happen hence the ip addressing scheme is irrelevant.
However, to the script kiddy that breaks that WEP key in under half an hour (he needs a drink and pee break), then kismet to reveal the IP scheme isn't going to take more than a few extra minutes if any if he was already running kismet.
David.
That's why one gets a router that provides logging and a logviewer so one can see the remote IP(s) being connected to and from what LAN IP(s) are doing it.
But DHCP or not, is irrelevant in that case. In fact, arguably it's favourable if logging is your intention because an ip address have been given out and there's a log of it.
If the client comes in with a static address then there's no logged entry.
Like I said, turning off DHCP does nothing for security and only increases the admin burden.
David.
David Taylor wrote in news: snipped-for-privacy@news.cable.ntlworld.com:
Seeing that one of my machines is using a static IP on the FW appliance and I see the traffic to the remote IP from the static LAN/IP/machine while the log is being broadcast to the machine that's running Wallwatcher, I just don't understand what you're talking about here.
As I recall even the little old Linksys BefW11S4 V1 router with Wallwatcher and a machine using a static IP on the router, the traffic to the remote IP and from the static IP/machine pn the was being logged.
So I don't see how someone could not see that something was wrong if all of a sudden some LAN IP(s) start showing in the logs DHCP or static IP(s) that are not accounted for on the LAN.
You have two damn machines setting there using static IP(s) and somehow that increases Admin burden.
Of course, you're right. ;-)
I have a feeling that you're about to go off on anothe deep-ender session and take this in a whole different level and I am just not in the mood for it.
Post away David the show is yours.
:)
Duane :)
Ok, so what you have is a network with a machine running some software watching a log file. That's not typical Joe user who just wants to run an AP and a laptop or two.
Same thing, adding a machine or service just to watch a log and there's no point logging anything unless someone is going to review it.
What I'm saying is that if DHCP is enabled, NO logging has to be performed, there's nothing to watch other than looking at the DHCP leases off the AP.
Quite, DHCP nothing for the user to do other than look. Set static IP's and you then also need to have some logging software running and the logs need to be reviewed.
Yes I am.
DHCP ON, Admin burden from assigning addresses = 0
DHCP OFF, Admin burden for assigning any number of addresses > 0
That is an increase is it not?
No need, this post should be enough to demonstrate that turning off DHCP introduces nothing from a security point of view and whatever the admin, whether it's one machine or many, there is additional work to be done to configure clients. It might seem trivial to many of us but either way you look at it, adding an IP address, mask, gateway, dns addresses introduces margin for error and further troubleshooting as well as going into configuration that the user might be unfamiliar with as well as dealing with IP addressing that the user might be unfamiliar with.
I'm just curious Duane, when you fill your car with petrol, do you drive the car to the petrol pump or do you fill lots of cans and carry them home to the car?
David.
Hey, you're right on the money.
Hey I agree with you that someone must review the log.
Hey, that's a possibility and one can also look at the syslog too. But of course, you're the *God* so I guess it's your way or hit the highway.
?????????????
Yes, lunatics are always correct. And I'll have to say that you're high on the lunatic list. ;-)
Hey, it's only two machines the OP was talking about. However, you're the God on this so what you say is holly.
OK you're the *God* I cannot dispute your hollyness as you come flying out of the holly bleachers like King Kong with a 10 ton slug hammer. ;-)
I'll let a Hollyness like you either carry the cans to the car for me one day or I'll drive the car to you. It makes no difference to me. I just want to keep a lunatic like you happy. ;-)
Like I said, I just knew that you were going to pull thunderbolts out of your ass and sling them. ;-)
You're such a lunatic with *God* like mentality.
It's a nice show let's get it put on the TV.
You're such a lunatic God Dave such a lunatic.
Like I told another person on the otherside of the Big Pond, there is something in the water you're drinking over there. :)
Duane
Duane, you instantly lose credibility when you do this. If you can't back your technical side up, you resort to just being a plonker. If that works for you, please continue. Until then, try discussing something from a technical standpoint eh?
Like I said, for a user who is already clueless about configuring stuff, no matter how many machines, configuring anything manually will lose out to automatic.
You still didn't answer why you thought turning off DHCP is worthwhile, care to address that one instead of just saying "why not" and then just sinking into drivel?
David.
When was this suppose to be a technical discussion? I am not here to debate anything with anyone.
I said to the user you *might* want to disable the DHCP server on the router. That's all I said. I then provided a link as to why one may want to disable it on the router. I didn't think it needed to go any further than that. But of course, you deemed otherwise and decided you needed give all the other tech babble.
In addition to this, the Internet with something like Google, Dogpile.com or the manufacturer's site itself with support Knowledge Base provide detail information on the how to(s) on many things. It doesn't take a rocket scientist to pick things up and apply them.
You post all this what I consider unnecessary crap about this, that and the other about a DHCP server. You know things like a static IP not being being kept in the DHCP table like it's done for a DHCP IP etc, etc, which I really didn't need to hear about all that. Just like your entire post I didn't want to hear about.
All I did was post a simple solution, which was backed up by a simple link, that could be a simple deterrent, for a simple hacker (the next door neighbor that doesn't know anything either but has discovered another wireless network in his or her area and has obtained an IP from the other person's wireless network and is using it to surf the Internet. That's all it was about to me no more or no less. But of course, you needed to beat your chest and play King Kong.
Then you went off about logging for some reason and went way off about in some other direction.
The OP asked a couple of simple things and I gave a couple of simple answers or something he could try in addition to what he was already doing.
And then you come with the *WHY?* foaming at the mouth and I knew you were just itching for a confortation, which I could have avoided by not responding. But I just wanted to see where you were going to go with it. ;)
You're damn straight I was going to dog you out on this whole thing. ;-)
There you go Dave my take on it.
So post man I got nothing else to say on the matter and will leave you to yourself in this thread and in the future.
Duane
Then don't post insubstantiated stuff without the spine to back it up!
It has no value, from a security standpoint which is where you've finally come out of the closet.
Yes, it lets the OP know that there's no value in turning off DHCP. That's how newsgroups work, other people can read it and deduce from it what they choose, especially when they see alternate view with supporting evidence.
No but someone who wants to understand why DHCP on or off can read it an get it.
It's not a solution.
Like I said, with 40 bit WEP, that neighbour isn't going to accidentally connect thus turning off DHCP to prevent them getting an IP address has no value.
I'm sorry if you didn't understand the technical stuff there. You should have asked. :)
Yep and the nature of newsgroups are inherently discussive.
As ever, I bet you don't stick to that.
David.
I'll leave you to yourself.
Duane
As predicted, you failed that time. :)
It must have been something in your last worthless post to me that was not read that lead you to your conclusion Dave the Holly-One. ;-)
Thought you said you were through?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.