Solved

Best method to prevent a single computer on home network from accessing other computers while still sharing internet access

Posted on 2006-11-16
9
195 Views
Last Modified: 2010-03-18
I'm new to networking and have a question regarding the most secure method to insure file security on a home network.

I have a roommate with a single XP Home machine connected to my D-Link DI-604 router.  Also connected to the same network are my two XP Pro machines configured with simple file sharing and accessing a couple of printers.  All computers require Internet access.  I'm using unique user names, passwords, and  workgroup identifier for my machines/network.

What is the best method to insure that he has no access to any of my computers or printers?  Currently, his computer isn't visible under the Microsoft Windows Network; however, it shows up on the DHCP Client listing on the router's configuration screen.

Should I just rely on current password authentication or can I also exclude his computer using the router or perhaps another more secure means to prevent access to my network?

Thanks for the advise!

Regards... Brian

0
Comment
Question by:bwpotter1
  • 4
  • 4
9 Comments
 

Expert Comment

by:BygRob
ID: 17962902
Enable your local firewall.  Control Panel>Firewall.  Completely block the guy; remove all incoming.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17963459
Agreed of course run firewall and strong passwords etc. on your computers.  If you can configure his computer ip settings and he won't chnage them then you could adjust his ip address and subnet mask so all he can talk to is the router.  

e.g. if the router is 192.168.0.1
if you set his IP to 192.168.0.2 and subnet mask 255.255.255.252

then he can only talk to the router..... turn off dhcp on the router if you wish and he can only get on with what you configure then - give yourself an IP higher up the range.

Again NOT a seurity fix as he can change the settings back but if he doesn't know IP it's a quick fix.

Steve
0
 

Author Comment

by:bwpotter1
ID: 17964989
OK... I'll look at setting the firewall (using ZoneAlarm instead of Windows).  But can I turn off DHCP if I'm using standard cable?  Was under the impression I couldn't.

Thanks... Brian
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965297
If you have a router then the router will be getting the real cable address I imagine and then you will all be getting your private addresses from the dhcp server on the router.  No idea what "standard cable" gives as I'm on DSL and UK cable might work differently anyway.  Don't turn the DHCP client off on the router that gets it's own address, I just mean if you turn off DHCP server then the other guy can't just set everything to automatic either.

Anyway good luck, ask if any other questions

Steve
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:bwpotter1
ID: 17965429
I think I understand now... looking at the router's control panel, I see were the DHCP server can assign static vs. dynamic client DHCP addresses.  I've also now set ZoneAlarm firewall settings on both of my computers to block his ip address.  So, if I assign a static client ip address to him (e.g. 192.168.1.103) and block that ip at the firewalls, I should be able to block his traffic, correct?

Thanks again... Brian
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17965888
Thats one way, or as I said change his IP to be next to the router and change mask then he can't even see you but can get to the router still AND change the firewalls on your machines.  If you change your firewalls he doesn't eben know you are there pretty well... if you could take away his admin rights so much the better then he can't change anything back!

Actually better off on your firewalls is to let in the specific addresses you want rather than blocking one, he could always change it to something else.

Steve
0
 

Author Comment

by:bwpotter1
ID: 17966226
Since the one computer belongs to my roomate, I can't change anything on it (admin rights, etc.).  Not sure if I understand how how to split the ip and use subnet masks?  Bur I see your point regarding firewall letting only select ip's in.

Thanks... Brian
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
ID: 17966368
A subnet mask sets what you see as local to you.... if you have a subnet mask of 255.255.255.0 which is probably what you have then a pc on 192.168.0.1 can talk to anything else on 192.168.0.0 to 192.168.0.255 directly.  Anything else goes to the default gateway (your router).

If you set the subnet mask to 255.255.255.252 for instance then this is 11111111 11111111 11111111 11111100 in binary which means only the last two bits are seen as the same network.... if your router is 192168.0.1 then all it can talk to is 192.168.0.2 and 0.3 and 0.0.  You can;t use 0.0 or 0.3 as those are reserved so his pc on 192.168.0.2 can only talk to 192.168.0.1 and get to the net...  He couldn't ping your pc for instance even because if he did it would think it was on a different network and go to your router... and go nowhere.

You'd set it so if the router is 192.168.0.1 make his PC 192.168.0.2, dns settings 192.168.0.1 and gateway 192.168.0.1 and gateway 255.255.255.252

Anyway good lukc, ask if you want any info. on this or read up on ip subnetting!

steve
0
 

Author Comment

by:bwpotter1
ID: 17966433
Got it... thanks for taking the time to resolve my questions

Regards... Brian
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now