Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Chuck <none@xxxxxxxxxxx>
- Date: 30 May 2005 00:53:02 -0500
On Mon, 30 May 2005 05:26:48 GMT, Dennis@xxxxxxxxxx wrote:
>Chuck <none@xxxxxxxxxxx> wrote:
>
>>Dennis,
>>
>>ICF/ICS should be Started and Automatic.
>>
>>With ZAP, "Trusted Zone Security = Medium" = "Access to Windows services, file
>>and printer shares is allowed.".
>>
>>Do you have a wired or wireless LAN? If a wired LAN, where YOU control the
>>network, you're safe enough setting the Trusted Zone = the subnet. From your
>>description of "a small number of laptops and desktops" I was thinking a
>>wireless LAN. If a wireless LAN, I urge you to protect yourself a bit more
>>carefully, including individual, fixed ip addresses on all computers (not just
>>wireless computers), and open ZAP only to those assigned addresses.
>><http://nitecruzr.blogspot.com/2005/05/setting-up-wifi-lan-please-protect.html>
>
>Thanks again for your help.
>
>Yes I do have a few Laptops on one wireless access point (WAP) that's connected
>to the Linksys wired router. The WAP is password protected so no outside
>wireless computers can access it.
>
>Are you suggesting that in the tcp/ip protocol on each computer, that I assign a
>IP address and subnet mask instead of using the "Obtain IP Address
>Automatically" option in TCP/IP properties?
>
>the Trusted Zone = the subnet means 255.255.255.0 ?
>
>Dennis
Dennis,
The Trusted Zone, if for the subnet, is controlled by the 255.255.255.0 yes.
Meaning that's 255 addresses you would trust. If you only have say a dozen
computers, that would include 240+ addresses open to abuse.
If you have a wireless LAN (ie can't control the physical media like with a
wired LAN), you ought to permit access thru the firewall on each computer only
to known computers that YOU own. If an intruder associated with your WAP, and
you were Trusting your subnet, he would be half in already. If you trust only
individual ip addresses, assigned by you, he would have a harder time getting
thru your personal firewalls. And if you manually assign ip addresses, he would
have to figure out your subnet before he could assign himself an address.
Do you understand how incredibly stupid Walter Nowakowski (the wardriver
mentioned in the first link from my webpage) was? Yet he was surfing away.
Imagine how smart the smart wardrivers are. If you're going to have a WLAN, you
better not make it easily available. The folks that provided service that
Walter hijacked were so lucky that he got caught, and they probably don't even
know that they were providing his service.
--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not a problem - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.
.
- Follow-Ups:
- References:
- XP Pro does not map Computer Names to Network IP addresses Why?
- From: Dennis
- Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Chuck
- Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Dennis
- Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Chuck
- Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Dennis
- Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Chuck
- Re: XP Pro does not map Computer Names to Network IP addresses Why?
- From: Dennis
- XP Pro does not map Computer Names to Network IP addresses Why?
- Prev by Date: Re: ICS problem - wrong ip address range
- Next by Date: Re: ICS problem - wrong ip address range
- Previous by thread: Re: XP Pro does not map Computer Names to Network IP addresses Why?
- Next by thread: Re: XP Pro does not map Computer Names to Network IP addresses Why?
- Index(es):
Relevant Pages
|
