|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Isolating a computer from the networkhooked to the customers network/internet only so we can access it via PcAnywhere using TCP/IP. We want to make that one computer so that it a) cannot access anything else on the customers network and b) cannot be accessed by anything else on the customer's network. It simply terms, we want to isolate it and lock it down. The customer's local IT guy is suppose to be doing this, and they always say they do, but I have one IT guy saying it is impossible to isolate it and lock it down. I can view their entire network under My Network Places while connected via PcAnywhere, and quite honestly, don't like to have access to things that I shouldn't. I am not a network person, so any help would be apprecated. We basically are trying to help the customer's onsite IT person understand how to do this. Any URL's would be great. Thanks! Bob
Show quote
Hide quote
On Fri, 8 Sep 2006 10:40:58 -0400, "Bob Day" <Bob***@TouchTalk.net> wrote: Bob,>We install stand alone Dell XP systems with our customer software that are >hooked to the customers network/internet only so we can access it via >PcAnywhere using TCP/IP. > >We want to make that one computer so that it a) cannot access anything else >on the customers network and b) cannot be accessed by anything else on the >customer's network. It simply terms, we want to isolate it and lock it >down. > >The customer's local IT guy is suppose to be doing this, and they always say >they do, but I have one IT guy saying it is impossible to isolate it and >lock it down. I can view their entire network under My Network Places while >connected via PcAnywhere, and quite honestly, don't like to have access to >things that I shouldn't. > >I am not a network person, so any help would be apprecated. We basically >are trying to help the customer's onsite IT person understand how to do >this. Any URL's would be great. > >Thanks! >Bob If you want to only access the computer in question, have them stop and disable the server and workstation services. This will prevent Windows Networking access to and from the rest of the network. For any more robust solution, put the computer behind a dedicated firewall or NAT router. Of course then you have to setup the firewall or router, to allow your PCAW access. -- Cheers, Chuck, MS-MVP [Windows - Networking] http://nitecruzr.blogspot.com/ Paranoia is not a problem, when it's a normal response from experience. My email is AT DOT actual address pchuck mvps org. In article <#MXmNT10GHA.1***@TK2MSFTNGP03.phx.gbl>,
Bob Day <Bob***@TouchTalk.net> wrote: >We install stand alone Dell XP systems with our customer software that are Disconnect the ethernet cable. based on your description, that's what>hooked to the customers network/internet only so we can access it via >PcAnywhere using TCP/IP. > >We want to make that one computer so that it a) cannot access anything else >on the customers network and b) cannot be accessed by anything else on the >customer's network. It simply terms, we want to isolate it and lock it >down. you say want to do. What you *really* want to do depends on your risk and threat assesment and the concusion for potential dollar loss if your computer is breached. I can't answer that for you, but if your potential loss is a million bucks I could solve your problem for a tiny fraction of that amount. If your potential loss is in thousands, then a good software firewall, system lockdown, and a an ongoing audit of the system would suffice and cost little or nothing except for someone's time. -- a d y k e s @ p a n i x . c o m Harrison for Congress in NY 13CD www.harrison06.com Don't blame me. I voted for Gore. A Proud signature since 2001 Disabling the Server service will stop it from browsing the LAN, or creating
shares. It won't stop a knowledgeable user from typing 'NET USE \\server\sharename' though. But it will stop most casual attempts. A decent firewall with password-protection (e.g. Kerio) would offer close control over connections, including the ability to limit which IP addresses PC-Anywhere connections come from. Or, make the subnet-mask 255.255.255.255. This will prevent any access to the local network, because as far as it's concerned that network consists of only one host, itself. The most secure arrangement woudl be to block all local ports except one, and install secure-tunnelling software such as Zebedee or SSH to communicate over this one port. Somewhat more complex though, and possibly overkill. 
Other interesting topics
Hub, switch, router
Access Denied for some folders on one computer in network TEW-432BRP TrendNet Router issues (DHCP, etc.) vpn error 629 Cable Modems Can not see web page in a workgroup when connected to ISP with rou New PC can't join network. Problem? Linksys WRT54G Networking Problem Geo-locating incoming emails Conflict: Network Name Resolving - XP Home vs XP Professional |
|||||||||||||||||||||||
