Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan

25 Mar 2014   #1
dianedebuda

Windows 7 Pro 64bit
 
 
want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan

Have XP Home as file server to Win7 boxes on a lan. One Win7 box also uses XP Mode. IIRC, if I change tcp/ip default gateway to 1.1.1.1, that blocks outgoing web access for XP & XP Mode. Using router with NAT. Am I missing something here to prevent web access to/from the XP & XP Mode boxes?

For the XP shared folder, disabled inheritance and added NTFS security with Full Control for the XP (Admin-level) user. Then tried to map that folder on Win7 box using XP user password, but that didn't work. Been too long since I've messed with security & I've forgotten SO much. Not concerned with security within the LAN, just from the web, so maybe the NTFS stuff isn't needed.


My System SpecsSystem Spec
.

26 Mar 2014   #2
TanyaC

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Hopefully I understand you correctly. If I am on the wrong track please disregard this. I also am unsure of your level of expertise. So again, if I'm getting too technical or vice versa, please forgive me.

To gain access to the internet a PC simply needs to know where the gateway (router) is. Often routers have default addresses of 192.168.0.1 or 192.168.1.1. Pointing the default gateway of a PC to almost any other address will mean the PC can't find it's way to the Internet.

This generally means having to configure static IP addresses in your LAN.

192.168.x.x are class C addresses, meaning they are private and not routable on the internet. Your router translates addresses on your LAN to the WAN (Internet facing), IP address.

You could also change the default DNS server to a fake address (I use 192.168.1.253 when I want to block access). If however you do it this way, your PC still knows the correct route to the router (expecially if using DHCP), and you would still be able to access the Internet for things that don't require a DNS lookup.

To prevent that, I then block that address in my router with a rule that says that address is not allowed to send or receive data from the internet. Most routers support such rule configurations.

Regards the NTFS permissions, People can access from the web, if you have provided access through Web, RDC or ftp services. When setting permissions try to avoid using Everyone(full). I know it is more work, but setting specific permissions for specific users can save you a lot of security concerns later.

There are other highly experienced networking gurus here who will probably chime in with more info.

hth
Tanya
My System SpecsSystem Spec
27 Mar 2014   #3
dianedebuda

Windows 7 Pro 64bit
 
 

I have a static address and set gateway to 1.1.1.1, so that does seem to block access TO the web. I'm thinking that being behind a NAT router should block access FROM the web unless one of the Win7 boxes is hacked via web. Just trying to verify that I'm not missing something here.
My System SpecsSystem Spec
.


27 Mar 2014   #4
TanyaC

Linux Mint 17 Cinnamon | Win 7 Ult x64
 
 

Setting fake gateway addresses does NOT restrict access from the Internet into your computer. It is a common misconception that NAT is a secure form of protection. It is not.

That's why you still need a firewall, and virus/malware software.

If a hacker found an open port, and you were using a cheap router (or set your router to "Allow" all traffic inbound by default, he could direct traffic at your WAN IP. The router then translates those packets into an internal address (192.168.x.x), and forwards them to the relevant computer.

Quality routers use a Deny-All security strategy (Eg Billion). Cheap routers use an Allow-All strategy.

Most decent routers have NAT and SPI (Stateful Packet Inspection), and other security (Such as Denial of Service, Xmas attacks etc).. By default all ports are closed, or you specifically open them, unless as I said, you have a cheap router.

For example, if you ran a torrent client, that port would be open.

One way to see if your safe-ish is to go to Gibson Research Center (https://www.grc.com/x/ne.dll?bh0bkyd2) and run the Shields Up scanner there. You want a result of Stealth on all your ports.

Here's an example of a vulnerable PC..


Attached Thumbnails
-sf2.jpg  
My System SpecsSystem Spec
27 Mar 2014   #5
dianedebuda

Windows 7 Pro 64bit
 
 

Quote:
Setting fake gateway addresses does NOT restrict access from the Internet into your computer. It is a common misconception that NAT is a secure form of protection. It is not.
That's what I was afraid would be the case. Had a nagging feeling that NAT was only "fair". The router in question is a cheapie & I'm sure it wouldn't be replaced.

Quote:
still need a firewall, and virus/malware software.
Almost funny in a way - the XP box can't "get out" to the web, so updates would be a pain. D if you do & D if you don't. As always, weigh the risks.
My System SpecsSystem Spec
Reply

 want no Web for XP & (Win7) XP Mode, but Web for Win7 all on same lan




Thread Tools





Similar help and support threads
Thread Forum
Win7 Prof no desktop or icons in normal mode; safe mode okay
Lenovo Laptop Windows starts normally, but after login displays a black screen with only cursor showing. Mouse is okay, ctrl-alt-del opens a window and task manager works okay. Safe mode with networking works normally. Restored from to a restore point prior to an install of "proformax...
General Discussion
Installed XP Mode English, Need to install Japanese XP mode Win7 Ult
Okay here's the deal I installed VM ware installed XP mode English thinking I could change locale well no dice So I was wondering can I install another XP mode but this time in Japanese I don't have to worry about licenses since I have like 12 copies of XP Reason is that I have programs...
Virtualization
Win7, DVD-RW stuck in PIO mode
Hi, thanks in advance to anybody that can help me, i'm stumped. Running windows 7 ultimate x86 on my Inspiron 6000 laptop (see specs) My optical drive recently stopped working, it was a CDRW/DVD-ROM drive that came stock with the computer. I removed the drive, thinking i could replace it with...
Hardware & Devices
XP Mode In Win7 Ultimate
Hi...i have a strange problem that I hope someone can help with. I have installed Virtual-PC and XP mode from the Microsoft website, and it has installed fine. Except when I click on anything to open in the XP Mode window, it flashes up briefly then disappears and nothing opens. This can be a...
Virtualization
Win7 w XP Mode vs SCSI
Despite exhaustive exploration & testing, I have not been able to get Win7 RTM to properly run my SCSI hard drives. Though my XP OS & hardware passed MS's WIN7 compatible test and my actual 32bit Win7 RTM install, recognizes my Adaptec 2940U2W PCI SCSI Host AND successfully installs latest...
Drivers
Virtual Win XP mode in Win7
Anyone have any news on how this is supposed to work for gaming? Is it going to be based more on the Virtual PC tech they had which didn't support 3D acceleration or more on the Hyper-V stuff?
Virtualization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App