RSS

Networking

09.05.09


More and more home computer users are networking computers (connecting them to share files, printers, internet connections and playing games). This is common with broadband connections because the speed of the internet connection is so great there is little effect of multiple computers sharing the connection. Sharing a phone connection to the internet is frustratingly slow. So there are different ways to network computers. The most common ways are by WiFi (a wireless method) or Ethernet (wired). If you choose to use WIFI it is critical to further secure your wireless network. It's almost like each computer is a radio station broadcasting all the information that travels between them. Therefore your need to scramble the broadcast. You can learn more on my Wireless Networking Page. Ethernet does not broadcast anything. The signals travel safely through the cables connecting the computers. The cables are the one disadvantage. If the computers are in different rooms, you need to run the wiring through the house.

Which ever method of networking you choose, you need to protect your network. Since the purpose of networking is sharing between computers, communication must be open between the computers on your network. However, opening computers to each other can open them to hackers on the internet unless you secure your network. The best way is to use a hardware firewall or hardware router with firewall capability. A router is placed between a broad band connection and the network. For example between the cable or DSL modem and the computers. The router separates your network from the internet. In fact your computers will be invisible to the internet. All a hacker would be able to see, if anything, is the router. But the router does not contain any of your personal files. It does not have a hard drive for hackers to infiltrate. Your internet provider will only see the router too so you wouldn't have to pay for extra connections. Then, depending on the router, you could either connect several computers to the router, or connect the computers through a hub/switch to the router. An important step for routers, like your operating system, is to update the router's Firmware. Firmware is like software except not as accessible. Another way of securing the computers is using a software firewall as discussed on my Firewall page.

The router's firmware can be configured. You can make changes to make it more secure. When I tested my router at Shields Up, I discovered a couple of open ports. Now the router should still protect the computers, but you never know what vulnerabilities a hacker can exploit. So I updated the firmware and the open ports were then stealthed. Yet another port now showed to be closed instead of stealthed. I had to make a change to the router's configuration. I had to forward that port to an IP address on my network that didn't exist. Let me explain. Your computers each get an address from the router. The router can potentially serve many computers and provide an address to each with in a range. So you can specify that the vulnerable port will be forwarded to an address in that range that no computer is using. Each router has similar firmware so I can probably help you do it no matter which one you have.

So you network your computers to share files right. Ok, there are good ways to share files and bad ways to share files. You don't want to share files between computers with out firewall protection, we've covered that. If you do not use a router there is also the issue of which protocol on which your share your files. If ports (discussed above) are the lanes of the high way of information passing through the internet, different protocols are like different highways. Your computer connects to the internet on the TCP/IP protocol. So, if you share files on your network using the TCP/IP protocol, you may be exposing your shared files to the entire internet. So, it's a better idea to share your files on another protocol, the NetBEUI protocol. You can share files on the NetBEUI protocol rather than the internet's TCP/IP protocol. This can be a little difficult to do with Windows XP as the NetBEUI protocol does not come installed with Windows XP. You can however find the necessary files on the WinXP CD. You need to find the following files on your WinXP CD: nbf.sys and netnbf.inf. They should be in the "VALUEADD\MSFT\NET\NETBEUI" folder. Here's what you do next:

1. Copy nbf.sys into the %SYSTEMROOT%\SYSTEM32\DRIVERS\ directory. (%SYSTEMROOT% should be your C:\Windows folder)
2. Copy netnbf.inf into the %SYSTEMROOT%\INF\ directory
3. Open Network Connection Properties under Control Panel
4. Click the Install... button to add the NetBEUI protocol

You may have to right click the icon for your network connection (Could appear as "Network Bridge" or "Local Connection") and select properties to get that "Install..." button. After clicking "Install..." select "Protocol" and then NetBEUI. After doing this, you need to go back to the Network Connections and click the Advanced button at the top of the Network Connections window. From that menu click on Advanced Settings. A window will pop up. In the bottom half of that window you should see the "Bindings" for your File Sharing. Remove the check mark from TCP/IP and check the box for NetBEUI. Don't forget to do this with all the other computers on your network.
This process is much simpler on previous versions of windows. NetBEUI can be easily selected as an available protocol with out manually digging any files up from the Operating Systems CD. I believe Win98, ME, and 2000 all have similar methods of installing NetBEUI. I know Win98 so I'll list the steps below.

1. Right click on the Network Neighborhood icon on the desktop and select Properties from the menu.
2. Click the Add... button near the middle of the menu. Select Protocol from the list and click Add... button next to that list.
3. This opens the Select Network Protocol window. In the left portion select Microsoft, then scroll down in the right portion and select NetBEUI.
4. Click OK. Now that you have added the NetBEUI Protocol, you need to configure the bindings for file sharing on that protocol and remove the file sharing binding from the TCP/IP protocol.
5. The last step should have brought you back to the configuration tab of the Network Properties. In the list there, select the NetBEUI Protocol and click Properties. This should bring you to the Bindings tab of the NetBEUI Protocol.
6. On the Bindings Tab, make sure the box next to File and Printer Sharing for Microsoft Networks is checked and click OK.
7. Now select the TCP/IP Protocol from the configuration tab of the Network Properties and click the Properties button again. Here you'll probably need to select the Bindings Tab in the TCP/IP properties window and uncheck the box for File and Printer Sharing for Microsoft Networks. Then click OK.
8. Again this brings you back to the Network Properties window. Click OK again. It may ask you to insert the operating system CD for installation. It will find the files you need, unlike WinXP. It will probably ask you to reboot your computer as well. Once you reboot, the computer will be sharing files on the NetBEUI protocol.

This may seem a little complicated, but it makes your network file and printer sharing safer because that sharing is no longer done on the same "highway" as the rest of your internet traffic. The sharing is now done on your own highway, separated from the hackers.

Another note about Networking and routers -- I recently heard a new tip about routers. This tip involves using the router's DMZ (De-Militarized Zone). It's not recommended to use the DMZ for one of your computers because this will remove the router's protection from that computer (only do that if you really know what you're doing). OK so what good is the DMZ? Well, if you put an computer IP address in the DMZ that isn't used on your network then any unwanted information packets from the internet will get forwarded to this non-existant computer and will not harm your network. This is kind of like port forwarding (discussed above in this section) but it covers more than individual ports. So if your router is set to assign IP addresses starting at 192.168.1.100 (default for Linksys) you put an address in the DMZ like 192.168.1.10. Since 10 is less than 100, your computers will never be assigned that address and it's safe for use in the DMZ. If you're having trouble stealthing your ports, and you have a DMZ capable router, give this tip a try.


After talking with a friend I realized there is another important thing to remember when using a router. Your broad band internet service provider (Cable or DSL) may be configured to work with the MAC address of the network card in your computer. If this is the case you'll need to call them and tell them the MAC address has changed to that of your router. New routers allow you to clone the MAC address so you can make appear the same as the MAC address of your network card. If you don't clone the MAC address or tell your provider about the change you will most likely not be able to connect to the internet. Good luck and as always feel free to send me questions.