Securing Your Stand Alone Or Network Node Machine
NB. At several points in the following procedure you may be asked to restart your machine. This is in order. Also, bear in mind that all machines on a network must be running the same protocol to see each other and that there is a delay in re-starting machines and them being visible on the network due to browser elections and other technical matters. See below for details.
If you are running a local area network I suggest you use the relatively safe NetBEUI protocol to operate your network sharing of disks and printers, etc. To do this bind your network card to the NetBEUI protocol, (See 'Aspects of computer security' link on the main page for details) and your Dial-Up Adapter (modem) to TCP/IP. This is achieved by selecting 'Start - Settings - Control Panel - Network' You will be presented with a screen detailing your network settings. These will probably include some TCP/IP bindings as follows:-
The diagram above tells us that
the the TCP/IP protocol is logically bound (connected) to the Dial-Up
Adapter (required for Internet connection) but is also connected to
the network card (NIC), which probably isn't required. We are going
to a.) disconnect the network card from the TCP/IP protocol and b.)
disconnect the NetBEUI from the Dial-Up Adapter. To do this we must
make sure that the NetBEUI protocol is first installed. If NetBEUI
doesn't appear in the list of protocols
then click the 'Add' button at the bottom of the Network Properties
page. Select 'Protocol - Microsoft - NetBEUI' and click 'OK'. Then
double-click the Dial-Up Adapter and select bindings - you will be
presented with a screen something like this:-
As you can see the Dial-Up Adapter is bound to both TCP/IP and NetBEUI. To disconnect it from NetBEUI click the NetBEUI entry to remove the tick in the box and press OK. Do the opposite with the Network card adapter by removing the tick for TCP/IP. Restart your computer and you should have removed the ability to transmit your local area network information over the Internet. What we are doing here is to connect (bind) the adapter only to the protocol that's needed for it to do it's job and no more. So TCP/IP is connected to the Dial-Up Adapter because it needs to be to connect to the Internet and NetBEUI is connected to the Network card because that's what it needs - No more, no less.
It is perfectly possible for computers connected on a network to be running different protocols, i.e. NetBEUI and TCP/IP on the same adapter. The NetBEUI machines will be able to see each other (but see point 2 below) but not the TCP/IP machines and visa versa.
When computers on a network start up they will each attempt to generate a browse list. This is the list of computers that appear in your network neighbourhood. The decision as to which computer is going to generate the data is called a 'browse election'. Computers with later revisions of the operating system will have higher browse list generation election values so Windows NT will have priority over Windows 98 which will have priority over Windows 95. These browse lists are only updated every so often - DON'T ASSUME, THEREFORE, THAT YOUR COMPUTER WILL APPEAR IMMEDIATELY IN ANYONE ELSE'S BROWSE LIST. Click 'View - Refresh' in the network neighbourhood to update the data. It may take a few minutes. DON'T KEEP STOPPING AND STARTING MACHINES OTHERWISE IT'LL NEVER WORK.
If you have problems seeing other machines on your network use a checklist including such items as:-
Are you sure the hardware, cables, etc. work
Are all machines running the same protocol on the same adapter
Are all other settings the same, i.e. advanced tabs in TCP/IP, NetBEUI, etc.
Have all machines been running long enough to appear in the network neighbourhood. Usually around 10-12 minutes to be sure.
I don't know if I've mentioned it before (sic) but USE A PERSONAL FIREWALL such as ZoneLabs ZoneAlarm available from www.zonelabs.com. This program monitors connections to and from your computer. There is a free version available that is functional but misses some nice features available in the Pro version. When it is first run it keeps asking you if you wish to allow such and such a connection but you can tell it to remember your answer and it won't ask that question again. Have a look at the example below:-
This box appeared after I tried to 'ping' (a type of network test) a local machine. Of course, if I didn't try and send a ping to a local network machine I should answer no because it appears that someone has instructed my machine to carry out an action I haven't requested. Of course, I did issue the Ping command so I clicked 'Yes'. If this was something I was intending to do repeatedly I could also have put a tick in the 'Remember the answer each time I use this program' box. Typical questions to which you should answer yes include most area network commands, i.e. to print a file, etc. assuming you have set up shared printers on your local area network and the same thing with disk sharing. When a question is asked take your time in answering and think about what the question means.
NB. There is no valid reason to allow your computer to act as a server to the Internet. Note I am referring to the internet - the same can't be said for your local area network where you commonly want your machine to act as a server for file and print sharing. If ZoneAlarm asks 'Do you want your machine to act as a server to the internet for Blah, Blah. Blah, whatever' when you're connected to the internet say No. The only reason anyone would want this is to allow services like Napster or other file sharing programs to serve files up to the Internet. I strongly recommend that you DON'T allow these services access to your hard disk.
Virus Protection < Previous - Next > Protection Whilst Downloading Web Pages/Reading E-Mail
© Copyright Andrew Bennett 2006