Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan


25 Mar 2014   #1

Windows 7 Pro 64bit
 
 
want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan

Have XP Home as file server to Windows 7 boxes on a lan. One Windows 7 box also uses XP Mode. IIRC, if I change tcp/ip default gateway to 1.1.1.1, that blocks outgoing web access for XP & XP Mode. Using router with NAT. Am I missing something here to prevent web access to/from the XP & XP Mode boxes?

For the XP shared folder, disabled inheritance and added NTFS security with Full Control for the XP (Admin-level) user. Then tried to map that folder on Windows 7 box using XP user password, but that didn't work. Been too long since I've messed with security & I've forgotten SO much. Not concerned with security within the LAN, just from the web, so maybe the NTFS stuff isn't needed.


My System SpecsSystem Spec
.

26 Mar 2014   #2

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Hopefully I understand you correctly. If I am on the wrong track please disregard this. I also am unsure of your level of expertise. So again, if I'm getting too technical or vice versa, please forgive me.

To gain access to the internet a PC simply needs to know where the gateway (router) is. Often routers have default addresses of 192.168.0.1 or 192.168.1.1. Pointing the default gateway of a PC to almost any other address will mean the PC can't find it's way to the Internet.

This generally means having to configure static IP addresses in your LAN.

192.168.x.x are class C addresses, meaning they are private and not routable on the internet. Your router translates addresses on your LAN to the WAN (Internet facing), IP address.

You could also change the default DNS server to a fake address (I use 192.168.1.253 when I want to block access). If however you do it this way, your PC still knows the correct route to the router (expecially if using DHCP), and you would still be able to access the Internet for things that don't require a DNS lookup.

To prevent that, I then block that address in my router with a rule that says that address is not allowed to send or receive data from the internet. Most routers support such rule configurations.

Regards the NTFS permissions, People can access from the web, if you have provided access through Web, RDC or ftp services. When setting permissions try to avoid using Everyone(full). I know it is more work, but setting specific permissions for specific users can save you a lot of security concerns later.

There are other highly experienced networking gurus here who will probably chime in with more info.

hth
Tanya
My System SpecsSystem Spec
27 Mar 2014   #3

Windows 7 Pro 64bit
 
 

I have a static address and set gateway to 1.1.1.1, so that does seem to block access TO the web. I'm thinking that being behind a NAT router should block access FROM the web unless one of the Windows 7 boxes is hacked via web. Just trying to verify that I'm not missing something here.
My System SpecsSystem Spec
.


27 Mar 2014   #4

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Setting fake gateway addresses does NOT restrict access from the Internet into your computer. It is a common misconception that NAT is a secure form of protection. It is not.

That's why you still need a firewall, and virus/malware software.

If a hacker found an open port, and you were using a cheap router (or set your router to "Allow" all traffic inbound by default, he could direct traffic at your WAN IP. The router then translates those packets into an internal address (192.168.x.x), and forwards them to the relevant computer.

Quality routers use a Deny-All security strategy (Eg Billion). Cheap routers use an Allow-All strategy.

Most decent routers have NAT and SPI (Stateful Packet Inspection), and other security (Such as Denial of Service, Xmas attacks etc).. By default all ports are closed, or you specifically open them, unless as I said, you have a cheap router.

For example, if you ran a torrent client, that port would be open.

One way to see if your safe-ish is to go to Gibson Research Center (https://www.grc.com/x/ne.dll?bh0bkyd2) and run the Shields Up scanner there. You want a result of Stealth on all your ports.

Here's an example of a vulnerable PC..


Attached Thumbnails
want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan-sf2.jpg  
My System SpecsSystem Spec
27 Mar 2014   #5

Windows 7 Pro 64bit
 
 

Quote:
Setting fake gateway addresses does NOT restrict access from the Internet into your computer. It is a common misconception that NAT is a secure form of protection. It is not.
That's what I was afraid would be the case. Had a nagging feeling that NAT was only "fair". The router in question is a cheapie & I'm sure it wouldn't be replaced.

Quote:
still need a firewall, and virus/malware software.
Almost funny in a way - the XP box can't "get out" to the web, so updates would be a pain. D if you do & D if you don't. As always, weigh the risks.
My System SpecsSystem Spec
Reply

 want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan




Thread Tools



Similar help and support threads for2: want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan
Thread Forum
Installed XP Mode English, Need to install Japanese XP mode Win7 Ult Virtualization
Win7, DVD-RW stuck in PIO mode Hardware & Devices
XP Mode In Win7 Ultimate Virtualization
Win7 w XP Mode vs SCSI Drivers
Virtual Win XP mode in Win7 Virtualization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:34 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33