Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 011417.html (Request Expert securityfocus.com Support)

RE: Making a W2K with Internet Connection Sharing secure

From: Sarbjit Singh Gill <ssgill(at)gilltechnologies.com>
Date: Wed Jan 15 2003 - 10:47:31 EST


Thanks Harold.

Done pretty much what you mentioned. I mean it is good so far as least until the *nix firewall is setup or we get some hardware firewall sponsored to us.

Kind Regards
Gill

ps - just wondering how soon would a new release of Windows (e.g. Windows .NET Server 2003 RC2) get compromised if it was plugged into the internet, let's say using Cable. I mean when it is a new OS, not a lot of folks would know how to hack in it just yet.

-----Original Message-----
From: Harold McMurtry [mailto:h.mcmurtry@ergogroup.com] Sent: Wednesday, January 15, 2003 1:57 AM To: security-basics@securityfocus.com
Subject: RE: Making a W2K with Internet Connection Sharing secure

I just recently set up internet connection sharing on a windows 2000 server similar to what you're asking to do. When I set up ICS windows changed the IP address of that nic to something like 169.0.0.1. If you create a DHCP scope to assign all your clients addresses starting at 169.0.0.2 ( or whatever your nic address is), that's the first step. Second step is set the gateway to 169.0.0.1 in the scope (again this is whatever the ip address is on your nic), finally, set either the dns server to be the ISP dns server in your DHCP scope, or configure your windows 2000 server to resolve dns queries for the clients and configure the dhcp scope for the dns server to be your windows 2000 server address 169.0.0.1.
You'll get some protection here because your systems are being natted but your windows 2000 server is open. You can remove two services from the internet nic- file and print sharing and Microsoft client to increase security somewhat. The last thing to do would be to start filtering packets like someone previously pointed out.

Btw. I agree with the others that setting up a linux firewall is more secure and easier in the long run to manage. Harold

-----Original Message-----
From: dave [mailto:dave@REMOVETHIS.netmedic.net] Sent: Saturday, January 11, 2003 6:40 PM To: mike@moorecomputing.net; ssgill@gilltechnologies.com; security-basics@securityfocus.com
Subject: RE: Making a W2K with Internet Connection Sharing secure

Do you need help?X

Sarbjit,

Actually you could use TCP/IP Filtering it is only turned on or off for all
adapters, the settings per-adapter is unique to that adapter.

For more granular control you can download PktFilter from http://www.hsc.fr/ressources/outils/index.html.en You can thank Jean-Baptiste Marchand for that free tool it is fairly easy to
set up and use.

Dave Kleiman
dave@netmedic.net
www.netmedic.net

-----Original Message-----
From: Mike Moore [mailto:mike@moorecomputing.net] Sent: Thursday, January 09, 2003 22:04
To: ssgill@gilltechnologies.com; security-basics@securityfocus.com Subject: RE: Making a W2K with Internet Connection Sharing secure

If you can come up with a very low end pc take a look at www.ipcop.org . It's a free Linux firewall that is very good in my opinion. They have a great mailing list for support. Then go here http://www.ipcop.org/cgi-bin/twiki/view/IPCop/IPCopDGHowto for Dan's Guardian a URL filtering application that works with IPCop. Then the W2K server and all workstations are protected. Just a thought.

Mike

> -----Original Message----- 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
http://www.grisoft.com).
Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003
Received on Wed Jan 15 16:33:36 2003
Do you need more help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:35 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library