|
|
 | |||||||||
|
|||||||||
|
|
 |
|
Hole-y firewall! If you have multiple computers connected to the Internet, they should be on a separate network, behind some sort of firewall or Proxy Server. Either of these Internet sharing methods will provide good protection against uninvited connection to your network's computers and data from the Internet, providing that they are properly configured. With a properly configured firewall or proxy server in place (see the Securing section of this site), any requests for data from a computer on your LAN that come from the Internet will be rejected. However, when you are running a server on one of your LAN's computers, you want an Internet user to be able to access the server! With a NAT-based firewall, you'll need to open or map the ports that the application uses. For a proxy server, you'll need to set up a TCP or UDP forwarding service and set your server to expect its data requests to come through it. You'll need to consult the User documentation for your proxy or NAT to get the specifics of how to set up the mapping or proxy forwarding service. (Some general information on these server-type applications and the ports they use can be found in the "Special Applications" section of the site.)  NOTE:
Before you do anything to allow Internet based access to your
computers, read this
section of the Securing page. An incorrectly configured NAT
firewall or proxy server is a threat to both your data and your ISP's
network.
Directly connected? Lock
it up tight!
If the computer that is running your server is directly connected to the Internet, you need to be especially careful, particularly if it is a Windows 9X based machine that is sharing files and printers with another computer directly connected to the Internet (we call this the MultipleIP method of sharing). Windows is not a very secure operating system and the default network configurations that it installs can leave many open holes into your hard drive contents if you have File and Printer sharing enabled and bound to the TCP/IP protocol. On the other hand, if the only thing that is on the directly connected computer is the server that you want to be accessed, and all your other computers are safely behind a firewall, and not sharing files or printers, then you actually have a quite secure setup (for your computers behind the firewall). The server computer, however, better be locked up tight, and watched closely. Think about doing the following for the directly exposed server:
There are entire Web sites devoted to security, so we've just put a tiny scratch in the surface of the subject. But if you use the above information correctly, you should be able to serve safely! 
Get a domain!
|
 |
| Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums |
