How do I securely share my network?
June 19, 2004 7:33 PM Subscribe
Networkimpairedfilter; Inspired by this thread http://ask.metafilter.com/mefi/8071 , I would like to make some portion of my bandwidth available to others. My question is not how do I make the internet access available, but how do I prevent someone from getting to my files? My access point is connected to a switch and then to my modem, which is behind a NAT (not sure exactly what that means, but I thought I would throw it in.) My desktop is connected to the switch and while I wouldn’t mind people using bandwidth, I do not want them snooping through my hard drive. While I'm here how do you guys make regular words links?
You should be able to just turn off Windows filesharing. Go to Start -> Settings -> Network Connections (in XP), double click on your wireless interface, and make sure that "Client for Microsoft Networks" and "File and Print Sharing" are not checked.
Also, right click on the C:\ drive in My Computer, and verify that your not sharing it under the "Sharing" tab.
posted by cmonkey at 9:24 PM on June 19, 2004
Also, right click on the C:\ drive in My Computer, and verify that your not sharing it under the "Sharing" tab.
posted by cmonkey at 9:24 PM on June 19, 2004
how do you guys make regular words links?
Standard HTML. e.g.
Regarding the network:
posted by nakedcodemonkey at 9:40 PM on June 19, 2004
Standard HTML. e.g.
<a href="INSERT_A_URL_HERE">INSERT LINKED WORDS HERE</a>Regarding the network:
- Make sure all login accounts on your computer have strong passwords
- Get/turn on a software firewall
- Turn off filesharing if you can live without it. (There's probably a bunch more things, but that's a start. And on preview, some of this has already been covered.)
posted by nakedcodemonkey at 9:40 PM on June 19, 2004
if i understand your setup correctly, you may be safe anyway. the cable modem is connected to a hub that lets you plug several ethernet cables in, right (what you called a switch)? in that case, your cable modem is probably supplying dhcp addresses to the things that are connected. let's call those addresses network A.
one thing connected to network A is your desktop. another is your wireless access point.
now, if you wireless access point is also configured to assign dhcp addresses (and i think it would be, by default), then anything that connects to that access point is assigned a dhcp address on a new network. call that network B.
incidentally, i would also suggest setting your SSID (the broadcast name of your network) to something that clearly shows it's for public access. that would encourage people to use it, imho.
if i have a wireless connection on network B then i can see other machines on B - so i can try hacking other machines connected via wireless. i can also see the "gateway" - the address that i connect to to get to the internet. that's the address of the access point, which does NAT across network A, to the cable modem. the cable modem then does a second NAT onto the internet. because of the way NAT works, that means that anything on network B cannot see anything on network A.
if that's correct, then someone connecting via wireless, on network B, cannot see your desktop on network A. you should still make sure that your wireless access point is configured with a password so that people who connect can't alter it - otherwise there may be a way to get through and access your desktop machine.
however, i'm only guessing here. i have something similar, but it's more complicated and done explicitly using iptables on a linux machine to manage the different networks. someone more experienced with this kind of thing might be able to confirm/deny my suspicions.
posted by andrew cooke at 6:32 AM on June 20, 2004
one thing connected to network A is your desktop. another is your wireless access point.
now, if you wireless access point is also configured to assign dhcp addresses (and i think it would be, by default), then anything that connects to that access point is assigned a dhcp address on a new network. call that network B.
incidentally, i would also suggest setting your SSID (the broadcast name of your network) to something that clearly shows it's for public access. that would encourage people to use it, imho.
if i have a wireless connection on network B then i can see other machines on B - so i can try hacking other machines connected via wireless. i can also see the "gateway" - the address that i connect to to get to the internet. that's the address of the access point, which does NAT across network A, to the cable modem. the cable modem then does a second NAT onto the internet. because of the way NAT works, that means that anything on network B cannot see anything on network A.
if that's correct, then someone connecting via wireless, on network B, cannot see your desktop on network A. you should still make sure that your wireless access point is configured with a password so that people who connect can't alter it - otherwise there may be a way to get through and access your desktop machine.
however, i'm only guessing here. i have something similar, but it's more complicated and done explicitly using iptables on a linux machine to manage the different networks. someone more experienced with this kind of thing might be able to confirm/deny my suspicions.
posted by andrew cooke at 6:32 AM on June 20, 2004
Response by poster: andrew; that is pretty much my setup. hub/switch (I'm sure there's some sort of difference, but yes that is how I'm set up and this is what I have.) I do not have a cable modem, it is a satellite modem if that makes any difference.
I appreciate all of the input.
posted by busboy789 at 7:31 AM on June 20, 2004
I appreciate all of the input.
posted by busboy789 at 7:31 AM on June 20, 2004
afaik (from perlman, iirc) a switch controls traffic, a hub merely relays it, but usage is pretty sloppy. but the important thing for my argument, really, is what your wireless gateway is doing. what make/model is it?
posted by andrew cooke at 8:18 AM on June 20, 2004
posted by andrew cooke at 8:18 AM on June 20, 2004
A hub broadcasts all traffic to all ports. A switch remembers which MAC address belongs to which port, and can direct traffic solely to that port, which frees up bandwidth.
posted by cmonkey at 10:16 AM on June 20, 2004
posted by cmonkey at 10:16 AM on June 20, 2004
Response by poster: This is my WAP. As to the what it is doing; I marked the settings to no encryption and changed the name to reflect that it is meant to be shared. I have tried to "see" my desktop from the wireless connection and am unable to find it, I'm taking that as a good thing. My only concern now, ignorance is bliss, is that you are able to get to some of the settings on my satellite modem from the wireless connection. This concerns me a bit. Is there a way to block access to the modem settings pages and still allow internet use? My satellite modem is here.
posted by busboy789 at 10:29 AM on June 21, 2004
posted by busboy789 at 10:29 AM on June 21, 2004
This thread is closed to new comments.
You make those by highlighting a word and clicking "Link" below the text box. (Works in IE and Firefox.) If that fails, use HTML:
(a href="http://www.google.com/")this(/a)?
Replace the parentheses with angled brackets <>
posted by ALongDecember at 9:22 PM on June 19, 2004