A
Andrew H
I have tried to find this issue addressed in google groups, but to no
avail. My apologies if it has already been answered.
I have a functioning (luckily) home network with 3 computers: 1
running XP and enabled with Internet Connection Sharing, 1 running XP,
and 1 with 2000. All 3 comupters have firewall software installed.
The firewall on the ICS computer blocks the other two computers from
accessing the internet unless I specifically add their IP addresses to
the "allow" list. However, the network is set up such that the IPs
are dynamic and, as such, seem to change every once in a while. (BTW,
they always seem to be in the range A.B.C.1 - A.B.C.255)
The changing IP addresses on the clients require me to change the
allow list on the ICS machine. While this is fine for me, it's proven
to be almost too complicated for my other (older) family members. I'd
like to configure things such that it will not be necessary to keep
changing settings.
My question, then, is about the following three options: whether any
are inherently good, bad, or just plain dumb. I have experimented
with all three and can make them work, so this isn't a question about
implementation. Rather, I'm interested in the ramifications for the
security of my little network.
A) Set the firewall to allow any IP in the range A.B.C.1-A.B.C.255,
and allow dynamic IP network addressing to continue
B) Set the firewall to allow only 2 IPs, and change to static IP
addressing on the clients, setting them to those 2 IPs.
C) Neither of the above -- leave the network as is, with dynamic IP
addressing and having to change the firewall's "allow" list.
As is probably quite clear, I don't know much about the inner workings
of networking and security. I'm worried about whether options A or B
are "bad ideas" -- ie, there's some reason to keep dynamic addressing,
and/or I'd open up the firewall to attack if I allowed a whole range
of IP addresses.
Thanks very much in advance,
Andrew
avail. My apologies if it has already been answered.
I have a functioning (luckily) home network with 3 computers: 1
running XP and enabled with Internet Connection Sharing, 1 running XP,
and 1 with 2000. All 3 comupters have firewall software installed.
The firewall on the ICS computer blocks the other two computers from
accessing the internet unless I specifically add their IP addresses to
the "allow" list. However, the network is set up such that the IPs
are dynamic and, as such, seem to change every once in a while. (BTW,
they always seem to be in the range A.B.C.1 - A.B.C.255)
The changing IP addresses on the clients require me to change the
allow list on the ICS machine. While this is fine for me, it's proven
to be almost too complicated for my other (older) family members. I'd
like to configure things such that it will not be necessary to keep
changing settings.
My question, then, is about the following three options: whether any
are inherently good, bad, or just plain dumb. I have experimented
with all three and can make them work, so this isn't a question about
implementation. Rather, I'm interested in the ramifications for the
security of my little network.
A) Set the firewall to allow any IP in the range A.B.C.1-A.B.C.255,
and allow dynamic IP network addressing to continue
B) Set the firewall to allow only 2 IPs, and change to static IP
addressing on the clients, setting them to those 2 IPs.
C) Neither of the above -- leave the network as is, with dynamic IP
addressing and having to change the firewall's "allow" list.
As is probably quite clear, I don't know much about the inner workings
of networking and security. I'm worried about whether options A or B
are "bad ideas" -- ie, there's some reason to keep dynamic addressing,
and/or I'd open up the firewall to attack if I allowed a whole range
of IP addresses.
Thanks very much in advance,
Andrew