1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security in the Network

Discussion in 'Networks' started by pingo0000, Jul 17, 2007.

  1. pingo0000

    pingo0000 Bit Poster

    16
    0
    12
    Hi all!

    I've connected 2 pcs with no internet connection allowed. That worked.

    But now I want to enable one of the PCs to connect on the intenet. Is there any security concern that I should be aware of for the other pc that is not connected on the internet but is connected to the other one that is.

    On both of them Win XP Pro is installed and firewall enabled.

    Should I ve be concerned?

    Thanx.
     
    Certifications: Network+
    WIP: MCDST, CCNA
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    It all depends on exactly how you are doing this.

    Whether or not routing is enabled on the machine connected to the Internet will also affect things.

    But - yes - you should be concerned. If some nasty gets onto the Internet connected machine it could then infect the other, as many of these trojans and the like know all about different networking methods.

    And if it is the WinXP firewall you won't *know* this has happened, as it won't tell you.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. pingo0000

    pingo0000 Bit Poster

    16
    0
    12
    That's true :)

    Thanx for the answer.

    Sorry about leaving just few details wich is a bit irresponsible from me, but posting from work is somewhat tense :)

    My plan in overall is this:

    One PC (PC1)goes on the internet and I want to enable port forwarding if its not too risky (have to do more research on this)

    The other PC (PC2) will only have permission to one folder on PC1 but no connection to the internet.

    At the end, I want to connect PC2 to Mac (and vice versa, but that will be hard without using special application, which is not free, at least I think) to transfer files and burn them on Mac.
    (I know that buying a DVD burner for PC1 will save me from all this, but in that way I wont feel any joy of networkiing :)

    Internet connection is established through D-Link DSL-504T router (with firewall) and all computers are connected through it.

    Both PCs use Win XP Pro, have ZoneAlarm, and AVG antivirus. I will install Spybot as well.

    Mac has it's own firewall (Mac OS X 10.4) and ClamxAV antivirus.

    My goal is to leave PC1 exposed on the internet and download, PC2 with no internet connection but to be able to share files with PC1, and Mac to be most secure as possible and only to share files with PC2.

    My questions are:

    1. Is my solution (firewalls, antivirus, spybot on PCs) the most possible secure solution, in regards that, Mac will be with no threat from any kind of virus/trojan threat coming from the PC2? And if there is, any solutions?

    2. I will leave open only the required ports. Is that enough to stay reasonably secure?

    3. If I enable port forwarding on the router, then the only way of controlling what is coming in/out is left to the software firewalls on all 3 computers? Am I right?

    Any help is most welcome.

    Thanx!
     
    Certifications: Network+
    WIP: MCDST, CCNA
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Port forwarding on which box? And why? You *normaly* only need this for P2P apps, and if you are running those then you are at severe risk. There are other reasons why you might want port forwarding, but you will need to specify!

    See later on...

    Trivial and free. Start with Putty and WinSCP, both free.

    This means that any machine connected to the router will have Internet access by default. This is what most people want, so the system defaults that way.

    One way of doing this is to see if that router has a DMZ. If so then PC1 goes there. Set the router to block all access in either direction to the rest of the internal network.

    If it *doesn't* have a DMZ then either special settings will be needed in the router, or tighten Zone alarm on PC2 to only talk to the local network. Preferably both.

    In addition, to avoid any infection on PC1 getting to PC2 you will need to block *all* inbound on PC2 with ZA.

    It still isn't foolproof even like this, but that is just off the top of my head.

    I'd have to think in more detail with more time. However, Macs are largly immune to PC viruses and Trojans.

    The set of ports open on each box will be specific to that box.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. pingo0000

    pingo0000 Bit Poster

    16
    0
    12
    Thanks a lot for the answers Harry :)

    Port forwarding for PC1. Do I have to open port on the router?

    Yes, I was thinking of P2P :( And World of Warcraft, also.

    Yes, I have DMZ on the router, so I will try this. But that way, Mac cannot go on the internet. Am I wrong?

    If I block all inbound on PC2 from PC1 with ZA, that way I won't be able to share files between these two. Am I wrong?

    Thanks again.

    Sasha
     
    Certifications: Network+
    WIP: MCDST, CCNA
  6. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Depends on how the router does DMZ. And how/why WoW needs port forwarding. In some cases if you put PC1 in the DMZ you would only have to forward the inbound ports, as otherwise NAT would not know what to do with them.

    If only PC1 is in the DMZ and you block the rest of your internal network, then yes - the Mac won't be able to access the Internet. Your original message didn't actualy spell out if the Mac needed access.

    Not so. You would be able to share files by using PC2 to do the connection to PC1. You block *inbound* connections on PC2, not outbound.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  7. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    ...good luck with that. :rolleyes:

    By the way, be sure to keep a good backup, and don't lose your installation disks. :thumbleft
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  8. pingo0000

    pingo0000 Bit Poster

    16
    0
    12
    Thanx for the advice to both.

    I will try what you suggested Harry. Its true that P2P is very risky so I'll think about it.

    Or will connect to the Mac only when I need to transfer files and will disconnect when finished.

    Will scan them before the transfer though.

    Thanx a lot again.

    Cheers! :)

    Sasha
     
    Certifications: Network+
    WIP: MCDST, CCNA

Share This Page

Loading...