want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan


  1. dianedebuda
    Posts : 73
    Windows 7 Pro 64bit
       New #1

    want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan


    Have XP Home as file server to Win7 boxes on a lan. One Win7 box also uses XP Mode. IIRC, if I change tcp/ip default gateway to 1.1.1.1, that blocks outgoing web access for XP & XP Mode. Using router with NAT. Am I missing something here to prevent web access to/from the XP & XP Mode boxes?

    For the XP shared folder, disabled inheritance and added NTFS security with Full Control for the XP (Admin-level) user. Then tried to map that folder on Win7 box using XP user password, but that didn't work. Been too long since I've messed with security & I've forgotten SO much. Not concerned with security within the LAN, just from the web, so maybe the NTFS stuff isn't needed.
      My Computer
    Quote Quote

  3. TanyaC
    Posts : 784
    Linux Mint 17 Cinnamon | Win 7 Ult x64
       New #2

    Hopefully I understand you correctly. If I am on the wrong track please disregard this. I also am unsure of your level of expertise. So again, if I'm getting too technical or vice versa, please forgive me.

    To gain access to the internet a PC simply needs to know where the gateway (router) is. Often routers have default addresses of 192.168.0.1 or 192.168.1.1. Pointing the default gateway of a PC to almost any other address will mean the PC can't find it's way to the Internet.

    This generally means having to configure static IP addresses in your LAN.

    192.168.x.x are class C addresses, meaning they are private and not routable on the internet. Your router translates addresses on your LAN to the WAN (Internet facing), IP address.

    You could also change the default DNS server to a fake address (I use 192.168.1.253 when I want to block access). If however you do it this way, your PC still knows the correct route to the router (expecially if using DHCP), and you would still be able to access the Internet for things that don't require a DNS lookup.

    To prevent that, I then block that address in my router with a rule that says that address is not allowed to send or receive data from the internet. Most routers support such rule configurations.

    Regards the NTFS permissions, People can access from the web, if you have provided access through Web, RDC or ftp services. When setting permissions try to avoid using Everyone(full). I know it is more work, but setting specific permissions for specific users can save you a lot of security concerns later.

    There are other highly experienced networking gurus here who will probably chime in with more info.

    hth
    Tanya
      My Computer
    Quote Quote

  4. dianedebuda
    Posts : 73
    Windows 7 Pro 64bit
    Thread Starter
       New #3

    I have a static address and set gateway to 1.1.1.1, so that does seem to block access TO the web. I'm thinking that being behind a NAT router should block access FROM the web unless one of the Win7 boxes is hacked via web. Just trying to verify that I'm not missing something here.
      My Computer
    Quote Quote

  6. TanyaC
    Posts : 784
    Linux Mint 17 Cinnamon | Win 7 Ult x64
       New #4

    Setting fake gateway addresses does NOT restrict access from the Internet into your computer. It is a common misconception that NAT is a secure form of protection. It is not.

    That's why you still need a firewall, and virus/malware software.

    If a hacker found an open port, and you were using a cheap router (or set your router to "Allow" all traffic inbound by default, he could direct traffic at your WAN IP. The router then translates those packets into an internal address (192.168.x.x), and forwards them to the relevant computer.

    Quality routers use a Deny-All security strategy (Eg Billion). Cheap routers use an Allow-All strategy.

    Most decent routers have NAT and SPI (Stateful Packet Inspection), and other security (Such as Denial of Service, Xmas attacks etc).. By default all ports are closed, or you specifically open them, unless as I said, you have a cheap router.

    For example, if you ran a torrent client, that port would be open.

    One way to see if your safe-ish is to go to Gibson Research Center (https://www.grc.com/x/ne.dll?bh0bkyd2) and run the Shields Up scanner there. You want a result of Stealth on all your ports.

    Here's an example of a vulnerable PC..
    Attached Thumbnails Attached Thumbnails want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan-sf2.jpg  
      My Computer
    Quote Quote

  7. dianedebuda
    Posts : 73
    Windows 7 Pro 64bit
    Thread Starter
       New #5

    Setting fake gateway addresses does NOT restrict access from the Internet into your computer. It is a common misconception that NAT is a secure form of protection. It is not.
    That's what I was afraid would be the case. Had a nagging feeling that NAT was only "fair". The router in question is a cheapie & I'm sure it wouldn't be replaced.

    still need a firewall, and virus/malware software.
    Almost funny in a way - the XP box can't "get out" to the web, so updates would be a pain. D if you do & D if you don't. As always, weigh the risks.
      My Computer
    Quote Quote

 

  Related Discussions
Lenovo Laptop Windows starts normally, but after login displays a black screen with only cursor showing. Mouse is okay, ctrl-alt-del opens a window and task manager works okay. Safe mode with networking works normally. Restored from to a restore point prior to an install of "proformax...
Okay here's the deal I installed VM ware installed XP mode English thinking I could change locale well no dice So I was wondering can I install another XP mode but this time in Japanese I don't have to worry about licenses since I have like 12 copies of XP Reason is that I have programs...
XP Mode In Win7 Ultimate
in Virtualization

Hi...i have a strange problem that I hope someone can help with. I have installed Virtual-PC and XP mode from the Microsoft website, and it has installed fine. Except when I click on anything to open in the XP Mode window, it flashes up briefly then disappears and nothing opens. This can be a...
Despite exhaustive exploration & testing, I have not been able to get Win7 RTM to properly run my SCSI hard drives. Though my XP OS & hardware passed MS's WIN7 compatible test and my actual 32bit Win7 RTM install, recognizes my Adaptec 2940U2W PCI SCSI Host AND successfully installs latest...
Virtual Win XP mode in Win7
in Virtualization

Anyone have any news on how this is supposed to work for gaming? Is it going to be based more on the Virtual PC tech they had which didn't support 3D acceleration or more on the Hyper-V stuff?
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:48.
Find Us