Set up simple network and ensure security

balm · 19 Jan 2011

thank you golden,

im just trying to "understand", why i shouldnt disable some of the outbounds, and why is netbios the only disabled (outbound/inbound)?

thanks (as you can see im new to this)

wilywombat · 19 Jan 2011

Hi, been out of town for a couple of days. Personally I would disable any of the outbound that I wouldnt be using eg If you don't use telnet or IRC then disable these and any others from your list that you dont use. Make sure you don't disable HTTPS or HTTP though!! (You need HTTPS to carry out any secure comms such as bank accounting, Paypal etc. :))

balm · 19 Jan 2011

welcome back , thank you.
so if i use basic home applications, ms office, windows live mail, gmail, IE8, & home network, i will basically keep ONLY https, http, smtp, imap, pop, enabled

wilywombat · 20 Jan 2011

Thats correct, go ahead and fill your boots!!!

balm · 20 Jan 2011

Whats going on,

all of sudden i cant connect to windows live mail gmail account on the laptop and cannot SEND emails.

It says cannot connect to IMAP server xxx.xxx.x.x:143 (routers IP address), error 10061...configuration IMAP...Port 143...code 800ccc0f...etc

ive tried everything, including disabling avast antivirus, rebuild email account, restart router, all settings are identical on both the desktop and laptop, (i think).

the desktop email works no problem.

the only things that changed since this problem started is i reset windows firewall to default rules (inbound blocks all except corenetworking / outbound all is allowed)...

any idea whats blocked my sent gmail WLM emails from my wirelss laptop only???

The isp Bell sympatico could not solve it!

thanks

edit: after redoing the account here is the latest message:

An unknown error has occurred.
Subject 'weeee'
Server Error: 421
Server Response: 421 Cannot connect to SMTP server 74.125.157.109 (74.125.157.109:25), connect error 10060
Server: 'smtp.gmail.com'
Windows Live Mail Error ID: 0x800CCC67
Protocol: SMTP
Port: 25
Secure(SSL): No

wilywombat · 21 Jan 2011

Suggest you retrace your steps and do a sytem restore to before you disabled any of the windows firewall settings as it appears that you have stopped something essential from getting through the firewall. Personally, I use Comodo Firewall Pro which is free rather than the windows firewall, its easy to setup and there is plenty of reporting what is going through your firewall. The only thing about Comodo is that it works so well that sometimes you may feel nagged when it asks you if you want to allow such and such program to change your settings. But hey, at least your sure its doing its job and it does get very high ratings for security.

balm · 21 Jan 2011

willy, thank you....

1. can you take another look at my post #17, because you had mentionned to change the IP range to 5+- numbers, whats best for security purposes i can do on my router...?

2. re. my windows firewall, i understand some people just block all outbound traffic also (even behind a NAT router), so if i do this, i assume i need to open exceptions for web, email, etc...etc...otherwise ill end end up with problems, correct?

3. also configuring windows defender, in options, default actions, i left all items as "recommended action based on definition", then i did NOT enable "apply recommended actions"...is this ok as is...(BTW, i have never received any message warnings, even though avast picks up on issues) ?

thanks

wilywombat · 23 Jan 2011

Hi Balm,

balm said:

thank you,

my router/modem:

in "edit advanced home network settings" tab,

Sets the IP address range used by the home network. You can choose from three standard configuration options (the default is 192.168.1.0/255.255.255.0), or configure the network settings manually.

"settings - private network" section, Sets the IP address range used by the home network. You can choose from three standard configuration options (the default is 192.168.1.0/255.255.255.0), or configure the network settings manually.

"configure manually" radio button is on, "enable dhcp" is checked (and shows 1st and last dhcp address), also has "default dhcp pool" radio button on,

...in "current settings - device list" section, it shows the two computers with the 1st, & 2nd addresses from the dhcp range

in "edit adress allocation", "settings", "Specify Device Addressing and Public/WAN IP Address Mapping",
it shows each computer with "current address"m (1st, & 2nd address), and under "address assignment" there is drop down list with first item "private from pool: xxx.xxx.x.x" and all sequencial "private fixed: xxx.xxx.x.x" adresses (in dhcp range) following....

1. does the router use dhcp to assign static ips...?

2. if wanting more security what defaults need to be changed and to what?

3. if these addresses arent static, is it better to assign static addresses to the computers and if so how?

thank you

In answer to your latest q's:-

1. The bestyou can do for security is to set the number of available i/ps in you DHCP pool to the number of computers on your network + 1 i.e. using the default setting you have (192.168.1.0/255.255.255.0), assuming you have 2 computers on the network, you would set the highest available i/p to 192.168.1.2. This gives 3 addresses available from 192.168.1.0 to 192.168.1.2. The first, 192.168.0.1 is used as the i/p for the router and the other 2 are used for the networked computers. The router allocates the available pool of addresses to computers as they log onto the network and will only use the available range that you set up previously. Using the example settings, this means that if you have 2 computers that have logged in, then a friend comes to visit, they cannot use your network as there is no available DHCP address available until one of the 2 computers leaves the network. This is why I suggested having a spare address or 2 to allow for visitors, smartphones or ipods to connect to the network. As long as you setup to use WPA2 security, having the extra addresses available should not increase your security risk.

2. Yes that is correct, but if you are unfamiliar with setting up firewalls it could be better to get a well known commercial firewall such as Zonealarm or Comodo as these are easier to setup. If you do go this way, you should disable your windows firewall as the 2 firewall (windows and the one you install) may clash and cause you problems...look at it like 2 siblings trying to agree!!

3. Yes, its OK but you will get any alerts notified to you and be asked for a response. Again, personaly I use Microsoft Security Essentials(free) as my anti-virus and Malwarebytes Anti-Malware instead of Windows Defender. Im not saying that this would be best for you but both are worth investigating as they are the ones most recommended here in the forums...

balm · 25 Jan 2011

thanks wily, youve been very generous, i appreciate your input....

1. so reducing the pool to the number of computers, removes the "room" for the bad guys, but doesnt this increase the odds of them spoofing the addresses used (is that even doable)? - im just trying to really wrap my head around this....

2. doing this, is it essentially the same as assigning a static IP to the computers, since it will only ever be one of two usable addresses?

3. i read a security tip is to also change the routers default ip address....?

thanks

wilywombat · 26 Jan 2011

Hi Balm,

Its been my pleasure to help you...Knowledge is a luxury best shared!!

In answer:-

1. You are correct in your description re the"room" for bad guys, but don't forget that the addresses are "inside" your router. I guess the best analogy for a router is a doorway with a signpost inside the door that points the way. If you use the inbuilt hardware firewall then this is like having a security guard on the door. Remember the signpost I mentioned? well that contains the addresses in your DHCP pool, so you need to have been allowed "inside" the door to read the signpost!

2. DHCP or Dynamic Host Control Protocol is a means where your router assigns the pool of addresses as and when needed. Remember the signpost earlier? DHCP is the bit that says on the sign this way to get to this ip address and there you will find computer "x". The greater the number of pool adressses you have, the greater the number of blank signpost pointers available. Also, when you shutdown your computer, the router clears the connection of ip address to computer "x" on the signpost and makes the address available to somebody else that is allowed to pass through the door.

3. Yes, changing the routers default ip address is good. Just remember to keep the address recorded somewhere safe such as on a piece of paper stuck to the bottom of the router. This is advised as it is all too easy to forget the ip address and lock yourself out of the router. (This can be overcome but you would have to reset your router and put all your settings back in)