Adding WinXP to Network

I currently have a Network with two Windows 98SE computers and one Windows
ME laptop. I want to add a Windows XP computer. I'm currently using a
Netgear RP614 router for internet access and as a switch for my LAN. I'm
also using NetBEUI as the default protocol. Everything I've read about
WinXP says that I should only use TCP/IP as my protocol. I'm concerned
about security, will using TCP/IP for my LAN compromise my security since
it's also used for the internet access, or does the router provide enough
security? What is the recommended protocol for a LAN with WinXP and other
Windows OSes? I seem to be getting so much conflicting information from
everything I read. Thanks so much.

Patty

If the router provides Network Address Translation (NAT) then it should be
all the protection you'll need. If it includes a firewall then you're
pretty much as secure as you can get in a home or small business
environment.

The only real danger to using TCP/IP in a home network is if you configure
it badly - that is, expose your network assets to the outside world. A
router will pretty much prevent you from doing that. Any passing hackers or
crackers will only see the router, they can't see the PCs behind the router.

Now I will grant that this isn't 100% secure - if you make a bad decision
like putting a PC in the DMZ (your router documentation will explain this to
you better than I can) or let a virus or trojan through the router/firewall
then all bets are off and you're pretty much in serious trouble. 99.99% of
those threats can be handled by common-sense decisions - like not opening
unexpected attachments even if you know the person who sent the attachment
to you, and by deleting unread any messages with attachments from anyone you
don't know.

You will also want to upgrade your Internet Explorer and Outlook Express to
the latest available versions so you're patched against any known exploits.
Setting OE up to read messages in the Restricted Zone will provide further
protection. Antivirus software is good to have but don't count on it for
protection since any new virus won't be detected until updated signature
files are downloaded to your PC.

--
Richard G. Harper ((E-Mail Removed)) MVP Win9x
* Please post all messages and replies in the newsgroup so that
* all may benefit. Private mail is usually not replied to.
* Help US Help YOU ... http://www.dts-l.org/goodpost.htm


"Patty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I currently have a Network with two Windows 98SE computers and one Windows
> ME laptop. I want to add a Windows XP computer. I'm currently using a
> Netgear RP614 router for internet access and as a switch for my LAN. I'm
> also using NetBEUI as the default protocol. Everything I've read about
> WinXP says that I should only use TCP/IP as my protocol. I'm concerned
> about security, will using TCP/IP for my LAN compromise my security since
> it's also used for the internet access, or does the router provide enough
> security? What is the recommended protocol for a LAN with WinXP and other
> Windows OSes? I seem to be getting so much conflicting information from
> everything I read. Thanks so much.
>
> Patty
>
>

"Richard G. Harper" <(E-Mail Removed)> wrote in message
news:#fpL#(E-Mail Removed)...
> If the router provides Network Address Translation (NAT) then it should be
> all the protection you'll need. If it includes a firewall then you're
> pretty much as secure as you can get in a home or small business
> environment.

I know my router has NAT, since it assigns IP addresses to the computers in
the Network that are different from my IP address assigned by my ISP for
accessing the web. It doesn't have a built-in firewall but came with a
sofware one that I'm currently using on two of the computers, the other one
is using ZoneAlarm Pro. The new computer will probably use ZAP or maybe
Kerio.

> Now I will grant that this isn't 100% secure - if you make a bad decision
> like putting a PC in the DMZ (your router documentation will explain this
to
> you better than I can) or let a virus or trojan through the
router/firewall
> then all bets are off and you're pretty much in serious trouble. 99.99%
of
> those threats can be handled by common-sense decisions - like not opening
> unexpected attachments even if you know the person who sent the attachment
> to you, and by deleting unread any messages with attachments from anyone
you
> don't know.

I'm not sure I understand the DMZ thing. I pretty much just let my router
configure everything, my ISP provides a dynamic address that can change
periodically so I have to have that setting set to automatically assign.
I'm careful about attachments, and update my Virus software on a regular
basis.

> You will also want to upgrade your Internet Explorer and Outlook Express
to
> the latest available versions so you're patched against any known
exploits.
> Setting OE up to read messages in the Restricted Zone will provide further
> protection. Antivirus software is good to have but don't count on it for
> protection since any new virus won't be detected until updated signature
> files are downloaded to your PC.

I don't use OE for email, I prefer Eudora and have that updated to the
latest version. My IE has been updated to the latest version on all
computers. I'm just hoping that with the TCP/IP that XP wants to use for a
protocol, everything will be secure enough. Right now I'm using NetBEUI,
which XP thinks is obsolete. <sigh>

Thanks for the information. I'll have to check out that DMZ thing so I
understand it better. I have books on Networking, but haven't done a lot of
looking on configuring routers. Guess I'll have to just brush up on that
stuff before I add the XP computer.

Patty

In brief, the DMZ allows you to place a computer OUTSIDE the firewall and
make it accessible to anyone. This is sometimes recommended when a program
or game won't run correctly inside the firewall. This is also bad advice.

--
Richard G. Harper ((E-Mail Removed)) MVP Win9x
* Please post all messages and replies in the newsgroup so that
* all may benefit. Private mail is usually not replied to.
* Help US Help YOU ... http://www.dts-l.org/goodpost.htm


"Patty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> Thanks for the information. I'll have to check out that DMZ thing so I
> understand it better. I have books on Networking, but haven't done a lot
of
> looking on configuring routers. Guess I'll have to just brush up on that
> stuff before I add the XP computer.

"Richard G. Harper" <(E-Mail Removed)> wrote in message
news:#$v$(E-Mail Removed)...
> In brief, the DMZ allows you to place a computer OUTSIDE the firewall and
> make it accessible to anyone. This is sometimes recommended when a
program
> or game won't run correctly inside the firewall. This is also bad advice.
>

I'm not sure if I understand how this could be done, would it involve
setting a particular port to be open or not monitored by the firewall? I've
never seen a DMZ setting in either of the firewall programs that I use.
Thanks for the info, much appreciated.

Patty

No, what it involves is moving the entire PC in question outside the
firewall, making it accessible to the general public, hackers, crackers, and
so on.

--
Richard G. Harper ((E-Mail Removed)) MVP Win9x
* Please post all messages and replies in the newsgroup so that
* all may benefit. Private mail is usually not replied to.
* Help US Help YOU ... http://www.dts-l.org/goodpost.htm


"Patty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Richard G. Harper" <(E-Mail Removed)> wrote in message
> news:#$v$(E-Mail Removed)...
> > In brief, the DMZ allows you to place a computer OUTSIDE the firewall
and
> > make it accessible to anyone. This is sometimes recommended when a
> program
> > or game won't run correctly inside the firewall. This is also bad
advice.
> >
>
> I'm not sure if I understand how this could be done, would it involve
> setting a particular port to be open or not monitored by the firewall?
I've
> never seen a DMZ setting in either of the firewall programs that I use.
> Thanks for the info, much appreciated.
>
> Patty
>
>

Would you do that by not having the firewall installed on that particular
computer or by having the firewall disabled? I'm still not sure how this
would be done, each computer has its software firewall installed and
enabled. Unless you're speaking of somehow setting it in the router NAT so
it's no longer protected by the router firewall? Don't want to seem like a
dunce (or overly blonde here) but I'm not sure how you can move a PC outside
the firewall. I'm trying real hard to understand this security stuff.
Thanks. )

Patty

"Richard G. Harper" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> No, what it involves is moving the entire PC in question outside the
> firewall, making it accessible to the general public, hackers, crackers,
and
> so on.
>
> --
> Richard G. Harper ((E-Mail Removed)) MVP Win9x
> * Please post all messages and replies in the newsgroup so that
> * all may benefit. Private mail is usually not replied to.
> * Help US Help YOU ... http://www.dts-l.org/goodpost.htm
>
>
> "Patty" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > "Richard G. Harper" <(E-Mail Removed)> wrote in message
> > news:#$v$(E-Mail Removed)...
> > > In brief, the DMZ allows you to place a computer OUTSIDE the firewall
> and
> > > make it accessible to anyone. This is sometimes recommended when a
> > program
> > > or game won't run correctly inside the firewall. This is also bad
> advice.
> > >
> >
> > I'm not sure if I understand how this could be done, would it involve
> > setting a particular port to be open or not monitored by the firewall?
> I've
> > never seen a DMZ setting in either of the firewall programs that I use.
> > Thanks for the info, much appreciated.
> >
> > Patty
> >
> >
>
>

Neither. The DMZ feature is built into the router or firewall software.
You specify the IP address of a single PC to be placed outside the firewall
and it is. That PC is connected directly to the Internet without the
benefit of the firewall protection.

--
Richard G. Harper ((E-Mail Removed)) MVP Win9x
* Please post all messages and replies in the newsgroup so that
* all may benefit. Private mail is usually not replied to.
* Help US Help YOU ... http://www.dts-l.org/goodpost.htm


"Patty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Would you do that by not having the firewall installed on that particular
> computer or by having the firewall disabled? I'm still not sure how this
> would be done, each computer has its software firewall installed and
> enabled. Unless you're speaking of somehow setting it in the router NAT so
> it's no longer protected by the router firewall? Don't want to seem like
a
> dunce (or overly blonde here) but I'm not sure how you can move a PC
outside
> the firewall. I'm trying real hard to understand this security stuff.
> Thanks. )
>
> Patty
>
> "Richard G. Harper" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > No, what it involves is moving the entire PC in question outside the
> > firewall, making it accessible to the general public, hackers, crackers,
> and
> > so on.
> >
> > --
> > Richard G. Harper ((E-Mail Removed)) MVP Win9x
> > * Please post all messages and replies in the newsgroup so that
> > * all may benefit. Private mail is usually not replied to.
> > * Help US Help YOU ... http://www.dts-l.org/goodpost.htm
> >
> >
> > "Patty" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > >
> > > "Richard G. Harper" <(E-Mail Removed)> wrote in message
> > > news:#$v$(E-Mail Removed)...
> > > > In brief, the DMZ allows you to place a computer OUTSIDE the
firewall
> > and
> > > > make it accessible to anyone. This is sometimes recommended when a
> > > program
> > > > or game won't run correctly inside the firewall. This is also bad
> > advice.
> > > >
> > >
> > > I'm not sure if I understand how this could be done, would it involve
> > > setting a particular port to be open or not monitored by the firewall?
> > I've
> > > never seen a DMZ setting in either of the firewall programs that I
use.
> > > Thanks for the info, much appreciated.
> > >
> > > Patty
> > >
> > >
> >
> >
>
>

"Richard G. Harper" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Neither. The DMZ feature is built into the router or firewall software.
> You specify the IP address of a single PC to be placed outside the
firewall
> and it is. That PC is connected directly to the Internet without the
> benefit of the firewall protection.
>

Ahhh, I see where that's done in my router settings. So, if I were so
inclined, I could exclude one computer's IP address from being protected by
the router NAT by putting it in there. Right now, my Netgear RP614 has
192.168.0 in that box, but no ending number. It does not allow me to take
that out, however, because when I tried to remove it, it put that info back
in there. Perhaps that's because the router is accessed from the Net.
There is also a box to click in that setting info that says something to the
effect of allowing pings to that device from the internet. Mine was
checked, I think Netgear must do that by default since I've never changed
any settings there (since I didn't understand them) but I've unchecked it
now, since in the instructions, it says to leave it unchecked for security
purposes. I'm learning more and more. Thanks so much for the discussion.
I really appreciate it.

Patty

The only way you can change the default entries for the PC in the DMZ is to
also change the entire address range that the router distributes. It will
automatically fill in most of the information in that block based on your
DHCP (Dynamic Host Configuration Protocol, the component that hands out IP
addresses) settings in the router. You don't want to change anything but
the last number, otherwise the PC you'll be exposing won't actually exist on
your network.

The ping option may or may not be necessary on your network. Some ISPs send
an occasional ping to your computer or router to see if it's still attached
to the network, if it doesn't get a response to that ping it disconnects you
from the Internet and makes your IP address available to someone else. The
reason the option exists to turn it off is to make it more difficult for
hackers to find you on the Internet - if your ISP IP address doesn't respond
to a ping they may not realize you're connected. I leave it on and don't
worry about it since the router firewall is blocking anything else they can
try to do to my network.

--
Richard G. Harper ((E-Mail Removed)) MVP Win9x
* Please post all messages and replies in the newsgroup so that
* all may benefit. Private mail is usually not replied to.
* Help US Help YOU ... http://www.dts-l.org/goodpost.htm


"Patty" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Richard G. Harper" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Neither. The DMZ feature is built into the router or firewall software.
> > You specify the IP address of a single PC to be placed outside the
> firewall
> > and it is. That PC is connected directly to the Internet without the
> > benefit of the firewall protection.
> >
>
> Ahhh, I see where that's done in my router settings. So, if I were so
> inclined, I could exclude one computer's IP address from being protected
by
> the router NAT by putting it in there. Right now, my Netgear RP614 has
> 192.168.0 in that box, but no ending number. It does not allow me to take
> that out, however, because when I tried to remove it, it put that info
back
> in there. Perhaps that's because the router is accessed from the Net.
> There is also a box to click in that setting info that says something to
the
> effect of allowing pings to that device from the internet. Mine was
> checked, I think Netgear must do that by default since I've never changed
> any settings there (since I didn't understand them) but I've unchecked it
> now, since in the instructions, it says to leave it unchecked for security
> purposes. I'm learning more and more. Thanks so much for the discussion.
> I really appreciate it.
>
> Patty
>
>