edgargad83 Posted September 23, 2009 Share Posted September 23, 2009 Hello everyone, I have recently installed windows server 2003 standard on my PC1 and I wanted to create a domain controller (active directory) for all the other PCs in my network. The only thing is I wanted to keep my server behind my d-link router with all my others PC. Here is a list of all my PCs and there configuration: D-Link Router IP = 192.168.0.1 DHCP: PC1 = 192.168.0.100 (static) PC2 = 192.168.0.101 (static) PC3 = 192.168.0.102 (static) PC4 = 192.168.0.103 (static) MAC Control on all static IPs in the DHCP PC1 Windows Server 2003 IP = 192.168.0.100 DG = 192.168.0.1 DNS = 192.168.0.1 PC2 Windows XP Pro SP2 Default setting PC3 Windows XP Pro SP2 Default setting PC4 Windows XP Pro SP2 Default setting At this point, I have successfully created domain controller with active directory on the server (PC1) and by default a DNS was also created on the server. Furthermore, I have also created a user\password on the server and I have logged that user on PC2. At this point, I’ve tried to share a folder in PC2 but couldn’t see the domain or any user in the active directory in the security tab for sharing. So I have tried modifying the TCP\IP settings in PC2 to PC4 : PC2 Windows XP Pro SP2 IP = 192.168.0.101 DG = 192.168.0.1 DNS = 192.168.0.100 Windows Firewall = OFF PC3 Windows XP Pro SP2 IP = 192.168.0.102 DG = 192.168.0.1 DNS = 192.168.0.100 Windows Firewall = OFF PC4 Windows XP Pro SP2 IP = 192.168.0.103 DG = 192.168.0.1 DNS = 192.168.0.100 Windows Firewall = OFF This has resolved my problem of sharing a folder on the network but it seems extreme. Can someone tell me if this secure? Or is there a better way of doing this? Also what is your opinion of the settings that works (DG? DNS?)? Link to comment Share on other sites More sharing options...
Tripredacus Posted September 23, 2009 Share Posted September 23, 2009 As far as security goes, your weakness points are only the Internet modem and your router, from the outside world. Otherwise, you have no real security between the clients on the private side of the router. Do you really need to protect the computers from each other?It may be overkill but at least it is a learning experience for you. Link to comment Share on other sites More sharing options...
edgargad83 Posted September 24, 2009 Author Share Posted September 24, 2009 Hello Tripredacus,First, thank you for answering me.Secondly, what kind of weekness does my internet modem and router possess?Lastly, what do you mean I'm protecting the computers from each other? Are you talking about the windows firewall?My sinceres salutations,Edgar Link to comment Share on other sites More sharing options...
Tripredacus Posted September 24, 2009 Share Posted September 24, 2009 I'll try to explain this the best I can. Basically, you are using a private network that has your 3 clients and 1 server. This network only has 1 point of entry, your modem. Then it goes to your router. Some modems have firewalls inside, or block certain ports (ISP perogative) but some are straight up pass through devices. We are not really going to get a good answer on what your modem is doing inside, so we will presume that it is a pass-through and doesn't block anything, and we will pretend that it doesn't exist.Now your point of entry into your LAN is your router. All security concerns are directed to that device ONLY. The reason for this is because your clients have a direct connection to the router AND the server, as opposed to your standard enterprise layouts. There are many different things you can do with your router to make it more or less secure. Another factor in the security of the router is, unfortunately, the price. A D-Link may well be fine for home use, but you wouldn't put one in a business.Using Windows ICF (Internet Connection Firewall) is fine for the clients (and the server if possible) on the LAN, but its use is only to protect the clients from each other. In almost all cases (configured properly) the router will block more ports than the ICF does, but it only blocks it on the outside edge, or the port that connects to the internet. Say for example your router is blocking port 21 (FTP), but ICF was set to allow port 21 on your clients. The following would then be true:1. If you were on the road you could NOT connect to your server (at home) via FTP2. If you were at home you COULD connect to your server via FTPSo your standard setup will allow computers to talk freely on your private LAN, but restrict data coming in, and (sometimes) will restrict data going out. Link to comment Share on other sites More sharing options...
Nolo Posted September 24, 2009 Share Posted September 24, 2009 (edited) Hi,1) regarding the decision for your three clients to point their DNS requests to the router dns service in your case (home environment) it is normal easier and fast.2) if you want to use your server as DNS server too then you need to proper configure the service. 3) For your win firewall, well with a bit of work you should configure any firewall without the need to switch it off.4) the router protect already your lan from external intrusion (thanks to the NAT service and a firewall if is provided) but there are common technique to bypass those protections. The most common issue can be a Trojan horse that can silently open many ports from the inside of your lan.... so in this case a simple soft firewall better then the Ms win one, can detect those types of attempts. But at home level it really depend how do you use the PC especially surfing on the internet and how much experience do you have with IT stuffs.I say as less experience do you have with computer as much better is to raise common home defenses. Especially against viruses then hackers.regards,nolo Edited September 24, 2009 by Nolo Link to comment Share on other sites More sharing options...
edgargad83 Posted September 24, 2009 Author Share Posted September 24, 2009 I just want to say thank you both (Tripredacus and Nolo).This is what I was looking : two great answers/explanations.have a great day guys! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now