Allow intranet, but intermittently allow/disallow Internet

G

Gary Richtmeyer

I have a small-business CPA customer with multiple Win XP Home (SP2) PCs
networked together via the usual router/switch configuration to allow file &
print sharing. Until recently, only 1 PC could access the Internet and that
was via dial, but they've "taken the plunge" and ordered DSL.

The owner is absolutely paranoid about security and is convinced that while
a PC is connected to the Internet, people could hack in and steal customer
financial and identity-type info. The longer the time the PC was connected,
the higher the risk. With dial, he felt he could control that by
restricting dial access to a single PC (with no customer data on the PC) and
allowing the dial session to last only as long as absolutely necessary.
Given this mindset, DSL has him real worried. I've explained about
firewalls (both hw & sw) and all the other ways of protection and he's
reluctantly agreed to allow all of his PCs to be able to access the
Internet.

However (and here's the problem), he still wants to limit the time the PC
has Internet access. He wants to have some kind of "switch" that a user
would turn ON or OFF to allow their PC to be able to access the Internet.
In other words, if the user is doing internal office work (which requires
access to other PCs or printers on the LAN), the "Internet switch" should be
OFF to not allow Internet access. When the user needs to do email or access
a web site, they would turn the switch ON, do the online activities, then
turn the switch OFF again. But the PC needs LAN access at all times.

I've tried to explain the folly of his "solution" and that keeping the
switch OFF by default would stop all Windows and anti-virus automatic
updates, but he wants to give it a try.

So does anybody know a technique or program that could do this? Since
turning the switch ON/OFF will happen multiple times per day on each PC, the
solution has to be something simple. I envision having to setup some sort
of BAT file that would issue the appropriate commands to turn the switch ON
or OFF. Just not sure if the "switch" is within TCP/IP, the router, or
what.

I done a lot of Googling and found some solutions for permanent
restrictions, but nothing that can be easily turned off and on. I'm looking
for help!


Gary Richtmeyer
 
S

Steve Winograd [MVP]

"Gary Richtmeyer" said:
I have a small-business CPA customer with multiple Win XP Home (SP2) PCs
networked together via the usual router/switch configuration to allow file &
print sharing. Until recently, only 1 PC could access the Internet and that
was via dial, but they've "taken the plunge" and ordered DSL.

The owner is absolutely paranoid about security and is convinced that while
a PC is connected to the Internet, people could hack in and steal customer
financial and identity-type info. The longer the time the PC was connected,
the higher the risk. With dial, he felt he could control that by
restricting dial access to a single PC (with no customer data on the PC) and
allowing the dial session to last only as long as absolutely necessary.
Given this mindset, DSL has him real worried. I've explained about
firewalls (both hw & sw) and all the other ways of protection and he's
reluctantly agreed to allow all of his PCs to be able to access the
Internet.

However (and here's the problem), he still wants to limit the time the PC
has Internet access. He wants to have some kind of "switch" that a user
would turn ON or OFF to allow their PC to be able to access the Internet.
In other words, if the user is doing internal office work (which requires
access to other PCs or printers on the LAN), the "Internet switch" should be
OFF to not allow Internet access. When the user needs to do email or access
a web site, they would turn the switch ON, do the online activities, then
turn the switch OFF again. But the PC needs LAN access at all times.

I've tried to explain the folly of his "solution" and that keeping the
switch OFF by default would stop all Windows and anti-virus automatic
updates, but he wants to give it a try.

So does anybody know a technique or program that could do this? Since
turning the switch ON/OFF will happen multiple times per day on each PC, the
solution has to be something simple. I envision having to setup some sort
of BAT file that would issue the appropriate commands to turn the switch ON
or OFF. Just not sure if the "switch" is within TCP/IP, the router, or
what.

I done a lot of Googling and found some solutions for permanent
restrictions, but nothing that can be easily turned off and on. I'm looking
for help!


Gary Richtmeyer
Click to expand...

Create two batch files. The first one creates a default route using
the router's LAN address (w.x.y.z), enabling Internet access:

route add 0.0.0.0 mask 0.0.0.0 w.x.y.z

The second one deletes the default route, disabling Internet access:

route delete 0.0.0.0 mask 0.0.0.0

You can create desktop shortcuts to the batch files and configure the
shortcut properties to run minimized so that they work invisibly.

The files will have no effect on LAN access.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
G

Gary Richtmeyer

Steve Winograd said:
Create two batch files. The first one creates a default route using
the router's LAN address (w.x.y.z), enabling Internet access:

route add 0.0.0.0 mask 0.0.0.0 w.x.y.z

The second one deletes the default route, disabling Internet access:

route delete 0.0.0.0 mask 0.0.0.0

You can create desktop shortcuts to the batch files and configure the
shortcut properties to run minimized so that they work invisibly.

The files will have no effect on LAN access.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
Click to expand...


Steve, exactly what I was looking for! I've tested on one of my office PCs
and it works like a champ.

Thanks so much!

Gary Richtmeyer
 
S

Steve Winograd [MVP]

"Gary Richtmeyer" said:
Steve, exactly what I was looking for! I've tested on one of my office PCs
and it works like a champ.

Thanks so much!

Gary Richtmeyer
Click to expand...

You're welcome, Gary. I'm glad to help you and your nervous customer.
:)
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FS605 Netgear blinking led? No LAN connection to a PC. 6
Mobo problem or something else ??? 6
LAN & Internet Setup Problem with DI-524 2
Broken Internet connection 1
Wireless Access to ADSL Router 5
Wired & Wireless in same PC 5
Connecting a PC on home network to the internet -- does it expose all computers? 3
Blocking internet sharing 3

Top