Re: Allow intranet, but intermittently allow/disallow Internet

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In article <#EThh2JMGHA.3408@xxxxxxxxxxxxxxxxxxxx>, "Gary Richtmeyer"
<glricht-RemoveMe-5@xxxxxxxxxxxx> wrote:
"Steve Winograd [MVP]" <bcmaven@xxxxxxxx> wrote in message
news:sjf0v156krp1o97asgffovebb65i0a463l@xxxxxxxxxx
In article <#MVS#dGMGHA.3460@xxxxxxxxxxxxxxxxxxxx>, "Gary Richtmeyer"
<glricht-RemoveMe-5@xxxxxxxxxxxx> wrote:
I have a small-business CPA customer with multiple Win XP Home (SP2) PCs
networked together via the usual router/switch configuration to allow file
&
print sharing. Until recently, only 1 PC could access the Internet and
that
was via dial, but they've "taken the plunge" and ordered DSL.

The owner is absolutely paranoid about security and is convinced that
while
a PC is connected to the Internet, people could hack in and steal customer
financial and identity-type info. The longer the time the PC was
connected,
the higher the risk. With dial, he felt he could control that by
restricting dial access to a single PC (with no customer data on the PC)
and
allowing the dial session to last only as long as absolutely necessary.
Given this mindset, DSL has him real worried. I've explained about
firewalls (both hw & sw) and all the other ways of protection and he's
reluctantly agreed to allow all of his PCs to be able to access the
Internet.

However (and here's the problem), he still wants to limit the time the PC
has Internet access. He wants to have some kind of "switch" that a user
would turn ON or OFF to allow their PC to be able to access the Internet.
In other words, if the user is doing internal office work (which requires
access to other PCs or printers on the LAN), the "Internet switch" should
be
OFF to not allow Internet access. When the user needs to do email or
access
a web site, they would turn the switch ON, do the online activities, then
turn the switch OFF again. But the PC needs LAN access at all times.

I've tried to explain the folly of his "solution" and that keeping the
switch OFF by default would stop all Windows and anti-virus automatic
updates, but he wants to give it a try.

So does anybody know a technique or program that could do this? Since
turning the switch ON/OFF will happen multiple times per day on each PC,
the
solution has to be something simple. I envision having to setup some sort
of BAT file that would issue the appropriate commands to turn the switch
ON
or OFF. Just not sure if the "switch" is within TCP/IP, the router, or
what.

I done a lot of Googling and found some solutions for permanent
restrictions, but nothing that can be easily turned off and on. I'm
looking
for help!

Create two batch files. The first one creates a default route using
the router's LAN address (w.x.y.z), enabling Internet access:

route add 0.0.0.0 mask 0.0.0.0 w.x.y.z

The second one deletes the default route, disabling Internet access:

route delete 0.0.0.0 mask 0.0.0.0

You can create desktop shortcuts to the batch files and configure the
shortcut properties to run minimized so that they work invisibly.

The files will have no effect on LAN access.

Steve, exactly what I was looking for! I've tested on one of my office PCs
and it works like a champ.

Thanks so much!

Gary Richtmeyer

You're welcome, Gary. I'm glad to help you and your nervous customer.
:-)
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
.

Relevant Pages

  • RE: Protecting the enterprise wireless network
    ... They way we set a similar wifi network is using 2Wire wifi access points ... connected to a Foundry switch, ... connection, ... You probably have several Mbs in Internet access, ...
    (Security-Basics)
  • Re: Allow intranet, but intermittently allow/disallow Internet
    ... networked together via the usual router/switch configuration to allow file ... a PC is connected to the Internet, people could hack in and steal customer ... He wants to have some kind of "switch" that a user ... The files will have no effect on LAN access. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Internet remote monitoring/switching
    ... I found the website and the internet relay switches are ... Sounds like an inexpensive way to reset the ... low voltage reset switch and pulled them out to the outside of the case ...
    (sci.electronics.misc)
  • Re: Two nic setup right / How do see if it is secure
    ... Yes external nic directly connected to ADSL ... internal LAN clients all connected to the same switch. ... but I can go out to the internet. ...
    (microsoft.public.windows.server.sbs)
  • Re: Trouble obtaining IP address
    ... I have an old computer connected to internet via DSL modem which used to ... ipconfig deal with Verizon tech support, but could not make it work. ... said I cannot switch Ethernet cable from one computer to another and expect ... My guess is the amount of time that it took you to run the Winsock repair was ...
    (microsoft.public.windowsxp.network_web)