Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.



6. If you are running a Proxy server
A proxy server is one method for sharing your Internet connection.  The pros and cons of this method are described here.  There are many different vendors of proxy software, but perhaps the most well-known is Qbik's WinGate.

The 2.x versions of WinGate are infamous for the security problems that they can cause.   The problem is not that the program is bad, but that it is easily misconfigured.  

The 3.x versions of WinGate use a different technology that makes them function more like a NAT-based router, and can be more secure than the 2.x versions. The 3.x Home version uses only the newer NAT-like method, and can't be misconfigured.  But the 3.x Standard and Pro versions allow the user to also use the older, pure proxy-based method, that can be misconfigured like the 2.x version.

The following "how-to" information applies to primarily to WinGate 2.x,  3.x Standard and Pro versions.  But the precautions are applicable to any proxy server that requires that you set your Internet applications (web browser, email, etc.) to use a proxy, and should work for the newer 4.x and 5.x versions of WinGate:

  1. Don't enable any more proxy services than necessary.

  2. Control from where your network services may be accessed.

  3. Shut off the proxy server if you're not using it.

  4. Set up your logs and review them periodically.


Point 1: Don't enable any more proxy services than necessary
Web browsing requires only an HTTP or WWW service.  Once you have an HTTP service successfully running, you can use the WinGate help files to enable more services.   Unless you have fairly sophisticated needs you probably won't need to enable anything beyond the following services (in addition to the HTTP/WWW service you've already enabled):

  • POP3 Proxy service - For incoming email.
  • SMTP mapping service - For outgoing email.
  • NNTP mapping service - For newsgroup access.
  • RealAudio Proxy service- if you use this service.
  • VDOLive Proxy service- if you use this service.

Installation of the following services is not recommended unless you know what you are doing.
Improper configuration of these services can open your system (and your ISP's network) to unauthorized users, cause problems for your ISP, or both!  The services with a high capability of  damage are indicated with a bomb gif.

  • bomb gif FTP Proxy service - Needed if you run an FTP server to transfer files between your computer and Web site, or maybe if you are using some FTP client programs.
    (Note! You don't need to enable this service to FTP files to your computer using your Web browser.)

    If you do enable this service, don't allow anonymous FTP unless you really need to!

  • bomb gif Telnet Proxy service - allows connection to another computer to run programs and access files.  
    This service also allows users to Telnet to your computer.  However, you need to be running a Telnet service on your computer and Windows 95/98 does not provide one.

    If you do enable this service, require anyone Telneting into your computer to have their own password!

  • DNS service - Needed only if you want to run a DNS server on your LAN.   WinGate recommends that you install a DNS server for any of four reasons:

    1) You want to use SOCKS4 to access FTP or Gopher or HTTPS URLs in a browser.

    2) You want to run some other SOCKS4 capable software.

    3) You have a large LAN and you want name resolution for the machines on your LAN.

    4) You want to be able to refer to 'wingate' in your client setup.

    I recommend not installing this service.

  • bomb gif DHCP service - This service automatically assigns IP addresses to machines on your network.  You must have a separate LAN, i.e. two NICs in the machine connected to the cable modem, and you must properly configure this service. 
    If you don't follow the two musts above, expect to hear from your ISP, either before or after they disconnect you for interfering with the DHCP servers that they use to run their network!

The basic rule of keeping things as simple as possible will serve you well and keep your network protected.


Point 2: Control where the Proxy can be accessed from
To take care of point two, follow the "Option 1" directions on the WinGate security page.  What this will do is set WinGate so that it only allows service to requests from computers that are on the local (192.168.0.*) subnet.

If you don't secure your site, unknown users will be able to access your proxy server for HTTP/WWW service.  Although you might not think this level of service would be harmful, remember that lots of different things (Javascript, Java applets, multimedia files) can be transferred using the HTTP protocol.  Even if this does no harm, do you really want your proxy server to be serving users you don't even know, coming from who knows where?


Point 3: Shut it off when you're not using it.
WinGate defaults to starting up every time you boot your machine.  It runs as a service, not a program, so you won't see it in the Windows Task bar or even in the "Close Program" dialog box.  The latest version (2.1d as of this writing) puts up a Pop-Up when it starts, but earlier versions don't announce they've started. 

If you don't want WinGate to start when you boot your system, create a Windows shortcut to the "Stop WinGate Engine" icon that you'll find in the
C:\Windows\Start Menu\Programs\Wingate 2.1 folder and move it to the
C:\Windows\Start Menu\Programs\StartUp folder.

If you've done this properly, you'll see a "WinGate Stopped" dialog box pop up when you boot the system.  You can then start WinGate when you want to via the "Start WinGate Engine" icon in the Start Menu (contained in the Programs\Wingate 2.1 folder).

If you're comfortable editing the Windows Registry,  you can delete the "WinGate Service" key in the registry branch:

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunServices

NOTE! Improperly editing the Registry can leave your computer inoperable!

You may want to export that branch of the registry before you delete the key.   That way, you'll be able to restore the WinGate auto-start key to the Registry by just double clicking on the exported file.


Point 4: Set up and Check the logs.
When you installed WinGate you let it install a logging service.  The logs are located at:

C:\Program Files\Wingate\Logs

If you have properly secured your site, then when you read the logs (Notepad or Wordpad work fine) you should see service requests only from IP addresses or computer names that are in your network.  If you see entries from any other addresses, then unknown people are accessing your proxy server.  You should shut off the offending service or just shut down WinGate until you can correct the problem.
If you've followed the process I've outlined, you really won't need to check your logs, since your site is properly secured.  But if you enable more services, it's a good idea to check the logs occasionally to make sure no unauthorized people are accessing your system.

Secure your LAN

LAN Security threats

LAN Security tools

 



Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums