PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP

PicoSearch

 

HOME

START HERE

BE SAFE

ROUTERS

SIGNUP INFO

DIAGRAMS

TROUBLECITY

DEBUGGING

SPYING

WIRELESS

NETWORKING

ENCRYPTION

INTRUDERS

SPYWARE

ADD DISK

ANTIVIRUS

CLEANUP

FIREWALL

REMOTE

LINUX

UPGRADE

WPA!!

SWITCHES/HUBS

PC STUFF

CABLING

BACKUP

ETHERNET

TCP/IP INFO

PC INFO

ADSL INFO

WIRELESS INFO

 

HAVE I HELPED?

 

ARE FIREWALLS NECESSARY ON ALL INSTALLS NOW.....?

If you are running XP, and you need to turn on ICF NOW, do this:

Click on start -> Control Panel -> double click network connections -> right click the Ethernet adapter under LAN -> properties -> advanced tab -> select "protect my computer."  Whew.... I hope you did that before you were hanging naked out there on the Internet too long...   Return....

If you have installed XP SP2, then it should pester you relentlessly about turning on that firewall.  Please go and do this, and then you can disable it for specific instances...  Open up Network connections, select your NIC, right click to bring up properties, and then dive into advanced where you will find the firewall settings.  This page has some info about SP2.

On with the show...

Because of the coming flood of wireless interconnectivity, especially in the space of XP installations, the use of ICF, or the Windows firewall, is becoming a necessity, even behind a NAT/router.  This is because the hackers are now coming at you on the wireless access you are providing behind your NAT/router!  ........On your wireless service you have so gleefully installed to simplify your home networking.  All those precautions we have been talking about in this website will come to nothing once you install that little wireless NAT/router, or you add a wireless Access Point (AP).  Unless you take all the wireless precautions when you install your wireless network, your internal network is now wide open to the wily hacker.  And it seems the vast majority of wireless installations are done by clueless people [hey, we have all been there.....], and the default wireless installs provide absolutely no security at all!  Absolutely distressing.....  Wireless was bad enough in its ability to provide unfettered Internet access, now it is providing brand new opportunities to hack your network.  We have spent all this time trying to protect your Internet connection from the wily hacker by padlocking the front door - your (wired) NAT/router.  Now the wily hacker is coming at your network from inside your house - your wireless network. 

Even if you valiantly try to implement all the wireless security precautions, the initial implementations of wireless security possible in 802.11a/b/g are simply incapable of protecting you from determined hackers.  The prevention of casual access is possible by following all the wireless security precautions.  If I were a business I would not be providing wireless access that can get anyplace close to my company network right now.  If you are a simple homeowner, you better be aware that your neighbor across the street now has the capability to see into your home network. 

For maximum protection, you better go and install zonealarm or kerio on each PC, or turn on ICF, or the Windows firewall (post SP2) , on the XP PCs behind that wireless NAT/router.  This includes ALL the PCs, the wired, and the wireless ones!  Of course this will disable all of your home networking on that PC.  Now this is a catch 22 situation if I ever heard of one.  Of course that means none of your home networking will work now.  So what I suggest is that you better have good wireless security precautions in place to deny the casual user access to your network, and that you in addition turn on the ICF, or the Windows firewall (post SP2) on the wireless NIC when you do have the occasion to use the wireless access in the cold cruel world outside your ....supposedly.... friendly home environs.  So you better learn how to enable/disable that wireless connection, depending on your current situation.  The Firewall setting in SP2 has a nice feature to enable the firewall, set exceptions, and then an extra button to turn off the exceptions for those situations where you want to be extra cautious, like airport lounges, or university dormitories....

For XP, here is what you have to do.  Go into control panel -> network connections.  Right click on the wireless icon, go into properties and make sure the "show icon in notification area when connected" is checked.  This will let you manage your wireless connection much easier.  Right click on the Network icon in the system tray area [the two PCs in the lower right area].  There will be two since you (hopefully) have both ethernet and wireless NICs in your PC.  Find the wireless one, or just "open network connections."  Go into the advanced tab, and check the "enable firewall for this connection" setting.  You have now turned on ICF/Windows Firewall for this network adapter.  The settings are much the same for SP2.  SP2 even has a nice "Windows network setup wizard" to help you setup your security settings on the wireless network.  You can find this in the control panel, among other places. 

This still doesn't address all our concerns we have with our home network.  I see two possible approaches to counter the problems.  One approach is to install a more capable personal firewall like zonealarm or kerio, and setup trusted zones, and specify the individual user computers on your network.  In this case of course you would have to run static IPs, instead of DHCP.  You can then run your home network and use the wireless connected PCs without having to run ICF, or the Windows firewall.  The firewall will limit access to those PCs that you specify as being in the trusted zone.  ICF does not have this capability! Windows firewall has a limited capability for doing this.

Another option is to install your wireless NAT/router behind your normal wired NAT/router.  Now you need to go into that wireless NAT/router and make sure it provides a network that differs from your wired network.  This is usually on the DHCP server settings somewhere.  Just assign a different network than the one your home network uses.  You will actually be doing "double NAT-ing" behind the wireless NAT/router, but most simple applications like browsing and emailing work OK in this setup.  This is my current setup as I investigate various wireless NAT/routers and the wireless options available.  Whenever you bring your wireless laptop home, you are actually not connecting to your home network, but to a second network, thus making your actual home network more secure.  Be advised that VPN will likely not work thru two NAT/routers! See this page for some more info.  This looks like the best alternative for adding wireless to your wired network!

This entire subject is an ongoing battle in the war for safe computing and home networking.  Stay tuned for more information.

 

TCP/IP STUFF

WIRELESS STUFF

PC STUFF

ADSL/CABLE MODEM STUFF

 

Copyright John D Loop Wednesday October 26, 2005