What You Need to Know About Desktop Networking in .NET

11 What You Need to Know About Desktop Networking
IP address network Clients requesting IP addresses will get those addresses, on a rst come rst served basis, from the range
Network Address Translation software tracks which clients send data packets to the Internet. When the packets go through, the NAT software adds a port number to the NATs IP address. When response packets return, the NAT software knows which client sent the request because the response comes addressed to that port number. Outsiders looking to cause trouble can send queries to known port numbers, like Port 80, which supports Web servers. Hackers like to nd Web servers because so many of them aren t well protected, especially those at smaller companies with small security budgets. But scanning a range of IP addresses on Port 80 won t pass the NAT lter smell test. Because no packets that left were tagged with Port 80 on the way out, no return packets have permission to go through the lter using that port number. Using Network Address Translation doesn t solve every network security problem, but it covers most attacks from the outside. It certainly protects you from hackers scanning for easy targets, because the hackers can t see any computer on the far side (for them) of your NAT barrier.
Without Network Address Translation
Most people consider their les the most critical resource on their computer or small network. If you don t have a functioning Network Address Translation barrier in place, turn off as many network shares as possible. The easiest way to do this is to stop each Windows 9x/ME computer from sharing les by turning off that switch for the complete computer. Figure 11-7 shows the small dialog box with the appropriate check boxes to stop sharing any le from this particular computer. Reach this dialog box by clicking Start Settings Control Panel Network File and Print Sharing. Click the File and Print Sharing box and you re in business. The File and Print Sharing dialog box offers you two clever options: Share Files, and/or Share Printers. One choice doesn t affect the other, and few Internet hackers are looking for printers to invade. If you have no rewall and/or NAT barriers between your computer and the Internet, you will be advertising your shared resources to the world. Remember the discussion of early cable networks and the fact you could often see the shared les and printers of your neighbors The lack of rewall and NAT lters allowed that to happen then, and it can allow that to happen today. If you have no rewall and/or NAT barrier between your computer and the Internet, turn off all resource sharing. Then look at the Inexpensive Routers with NAT Support section earlier in this chapter and go buy a router immediately.
260 Part III Moving from Stand Alone PCs to a Network
Figure 11-7: Disable le sharing by leaving these check boxes unchecked.
Closing exposed security holes
The only truly secure computer is one that is turned off, unplugged, and still in the box. You don t have that option, but you can close some security holes to make your broadband life a bit safer. I d tell you to update the security les from Microsoft for Windows 9x/ME, but because Microsoft declared Windows 98 obsolete, few, if any, changes are being made to the source code. This means security patches and safety upgrades will appear rarely if ever again. Yes, that s a hint to upgrade.
Unbind TCP/IP
Windows 9x/ME doesn t have any of the server software options that later Windows operating systems include, but it does have a relatively poor implementation of TCP/IP. Microsoft added TCP/IP support directly into Windows in Windows 95, and Windows 98 still had some growing pains in the TCP/IP area. You don t need TCP/IP to communicate between computers within your home or small business. You do need TCP/IP to communicate with the Internet. But you can turn off TCP/IP support for your local network, making it that much more secure. Figure 11-8 shows the page within TCP/IP properties to unbind (disconnect) the TCP/IP protocol from the network interface card so that protocol won t be used
