In news:ttOUh.3852$2v1.255@newssvr14.news.prodigy.net the killer robot Dave Mazza <dave.mEATSPAM@sbcglobal.net> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... > Say a wireless router or access point were added. What's > the easiest way to allow Internet access through the > wireless connection, but prevent access to other computers > on the network? Is adding start-up log-ins and passwords to > all the computers the simplest way? > > Alternately, what if you wanted to still allow each machine > to automatically boot to a default desktop, but prevent > access from other computers on the network? In that case, > does each shared folder on every machine need to be > protected w/ a log-in/password? What's the ultimate goal? If you didn't have anything shared on the LAN, then everybody would boot to their own desktops, have internet access, but not be able to access anything on any other computer. Putting machines into different workgroups will inhibit easy browsing to another machine's shares, but not prevent it if you know the network names of the machines and their shares. Firewall software like Zone Alarm can be configured to deny access to machines outside a "trusted" range. There's a bunch of ways to prevent access, but knowing what your ultimate goal is will play into which way is the best. On my home network, I have all primary drives shared as read only on all computers. I can *pull* data from any machine to the one I'm currently on, but I cannot *push* data onto a remote machine. This makes my drives pretty safe from being altered by a virus or outside attack, but doesn't prevent me from grabbing stuff from one machine and moving it to another. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:pQOUh.3856$2v1.2877@newssvr14.news.prodigy.net the killer robot Dave Mazza <dave.mEATSPAM@sbcglobal.net> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... > In this case, the ultimate goal is for the computers that > are connected to the network via cables to have > easy-as-possible read/write access to each other, but > computers connecting wirelessly would only have Internet access. What firewall software are you using on the wired machines? If it's Zonalarm, you could configure ZA to allow a range of IPs to be in the "Trusted" zone, and then give the wireless machines static IP addresses that are just outside the trusted range. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:mgPUh.3857$2v1.3348@newssvr14.news.prodigy.net the killer robot Dave Mazza <dave.mEATSPAM@sbcglobal.net> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... >> What firewall software are you using on the wired machines? If it's >> Zonalarm, you could configure ZA to allow a range of IPs to be in the >> "Trusted" zone, and then give the wireless machines static IP addresses >> that are just outside the trusted range. > > Yes, I am using ZA. But would that mean that any wireless > box is automatically kept out, or only one that's configured > w/ a static IP address? IOW, what happens if a wireless > computer (that's not setup w/ a static IP address) gets > close enough to access the wireless connection? Would it > have total access to everything? The idea is to allow ready > Internet access to wireless computers, but deny them access > to any of the other machines on the network. On all of the wired machines you would setup a trusted zone that consists of a range of IPs. (Something like 192.168.1.100 - 192.168.1.110) On the wireless machines, you could give them static IPs like 192.168.1.111 or greater. This would prevent them from seeing the machines that are in the trusted zone. For the wireless machines to have net access, you would only need to set the default gateway to the IP of your router, which would normally be 192.168.1.1 -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:YBPUh.3861$2v1.2622@newssvr14.news.prodigy.net the killer robot Dave Mazza <dave.mEATSPAM@sbcglobal.net> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... >> On all of the wired machines you would setup a trusted zone that >> consists of a range of IPs. (Something like 192.168.1.100 - >> 192.168.1.110) On the wireless machines, you could give them static >> IPs like 192.168.1.111 or greater. This would prevent them from >> seeing the machines that are in the trusted zone. For the wireless >> machines to have net access, you would only need to set the default >> gateway to the IP of your router, which would normally be 192.168.1.1 > > OK, but how about if, for example, a neighbor has a wireless > machine that hasn't been configured w/ a static IP address. > Won't that machine see the entire network and have access > to everything? First of all, if you are setting up a wireless router, you should disable the SSID beacon, so that you aren't announcing to the world that your router is there. Secondly, you should use MAC address filtering at the router, so that only the MAC addresses (which are printed right on the network adapters) in your list of authorized adapters can connect to your router. Third, you should use some kind of encryption on the data flying in and out of your router, so that any data that could possibly be intercepted out of the air, isn't readable without an encryption key. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:_2RUh.6574$5e2.6282@newssvr11.news.prodigy.net the killer robot Dave Mazza <dave.mEATSPAM@sbcglobal.net> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... >> First of all, if you are setting up a wireless router, you should >> disable the SSID beacon, so that you aren't announcing to the world >> that your router is there. Secondly, you should use MAC address >> filtering at the router, so that only the MAC addresses (which are >> printed right on the network adapters) in your list of authorized >> adapters can connect to your router. Third, you should use some >> kind of encryption on the data flying in and out of your router, so >> that any data that could possibly be intercepted out of the air, >> isn't readable without an encryption key. > > OK, but I'm new to this wireless stuff. How do you create > the kind of situation like in offices, Internet cafes, etc > w/ wireless setups in which anyone w/ a wireless machine can > connect to the Internet, but not to the business' network? If I were trying to make a business network and a hotspot at the business, I'd probably have two separate networks running on two separate routers. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

Dave Mazza <dave.mEATSPAM@sbcglobal.net> wrote in news:pQOUh.3856$2v1.2877@newssvr14.news.prodigy.net: > In this case, the ultimate goal is for the computers that > are connected to the network via cables to have > easy-as-possible read/write access to each other, but > computers connecting wirelessly would only have Internet access. > > I think you can do that in Windows File sharing. You can set permissions.

In news:Xns9914B8A2C8D8Dkitekrazy@207.115.17.102 the killer robot kitekrazy <kitekrazy@kitekrazy.> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... >> In this case, the ultimate goal is for the computers that >> are connected to the network via cables to have >> easy-as-possible read/write access to each other, but >> computers connecting wirelessly would only have Internet access. > > I think you can do that in Windows File sharing. You can set > permissions. Permissions is the last way you wanna go though if you can avoid it. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:f01f9f$vrh$3@aioe.org the killer robot dick <dick.jonez@gmail.com> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... >> IOW, if you had a machine named SERVER, and had shared it's C drive >> with the share name "C", and I knew all of that, then even if I were >> in a different workgroup, I could get to your drive. If I didn't >> know the network names, I wouldn't be able to browse to your machine >> or drive, but if I do know them then I can type them in and they are >> valid. >> > Not without a valid user ID and password identity. > If set up properly you need the name of the workgroup, a valid user ID > and a password for that workgroup. If you want the extra hassle of turning off simple file sharing. Vista installs with simple file sharing disabled, and one of the first things I did with it was to turn that shit off! It was making me have to setup additional user accounts and set access levels on all computers on the LAN. I don't allow anonymous connections to my networks, so I don't need security that requires me to jump through a lot of hoops. If I were to offer anonymous connections, I'd prolly try doing it with a second router, on a different subnet that had no visibility to the other router. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:f01kuq$vrh$4@aioe.org the killer robot dick <dick.jonez@gmail.com> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... > - Adding routers and subnets will have the advantage, however, of > removing any trace of a possibility of someone guessing your workgroup, > userid and password. :-D No guessing is required with the right ha><or tools. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms

In news:4K8Vh.118$ns5.56@newssvr17.news.prodigy.net the killer robot Dave Mazza <dave.mEATSPAM@sbcglobal.net> grabbed the controls of the spaceship cakewalk.coffeehouse and pressed these buttons... >> IOW, if you had a machine named SERVER, and had shared it's C drive >> with the share name "C", and I knew all of that, then even if I were >> in a different workgroup, I could get to your drive. If I didn't >> know the network names, I wouldn't be able to browse to your machine >> or drive, but if I do know them then I can type them in and they are >> valid. > > Yes, yes...of course! I knew that! A computer has to be a > member of a workgroup in order to see the computers w/in any > given workgroup. Otherwise, when the user goes to "My > Network Places| Computers Near Me" all he sees is the > computer he's on (and then only if NetBEUI is installed). > Right? Pretty much. -- Remove YourHeadFromYourAss to Reply by email ________ ____ / ____/ /__ ____ ____ / __ )____ / / __/ / _ \/ __ \/ __ \/ __ / __ \ / /_/ / / __/ / / / / / / /_/ / /_/ / \____/_/\___/_/ /_/_/ /_/_____/\____/ --------------------------------------------------------------------- Glennbo http://www.soundclick.com/glennbo Non-Linear Sound http://www.soundclick.com/jambits Hear My Music http://www.soundclick.com/ThePseudonyms