لطفا منتظر باشید ...
7.2. General Procedures
The preceding sections of this chapter
outline the fundamentals of networking and the various components
that make up Windows XP's built-in support for
networking. As stated earlier, Windows is really only concerned with
the connections directly attached to the computer, so building a
network essentially means configuring the connections for each
computer involved.The following sections explain the procedures for building and
connecting to different types of networks. It's
important to realize that there are limitless combinations of
networking hardware and software, and it's obviously
impossible to cover them all.
7.2.1. Setting Up a LAN
Connecting
two computers to form a basic
peer-to-peer
workgroup is fairly easy with Windows XP, as long as you have the
proper equipment, drivers, and an hour or two. Ideally, you should be
able to set up a functioning workgroup in less than ten minutes, but
that doesn't include fishing for drivers, resolving
hardware conflicts, or running a cable through your attic.We'll start with a basic peer-to-peer workgroup
consisting of two computers. Here's what
you'll need:
- Two computers, each presumably running Windows XP. Although you can
connect a Windows machine to a machine running any networkable
operating system (Windows 9x/Me, Windows NT/2000, Mac, Unix, etc.),
for the sake of simplicity, we'll assume that both
machines are running Windows XP. - At least one network adapter (see NIC in Section 7.1, earlier in this chapter)
installed in each computer. NICs are cheap and readily available, and
are even built-in to many higher-end systems. - If you're not sure what to get, just purchase a
standard, plug-and-play 10_base-8 Ethernet adapter with an RJ45
connector. If you have a Desktop system, get a PCI card; if you have
a laptop, get a PC Card (PCMCIA) adapter. You can also get a
USB-based NIC (useful if you don't want to take your
Desktop apart), although these tend to be slower and a little more
temperamental than true Ethernet adapters. - Finally, you'll need a hub (or switch) and two category-5 patch
Ethernet cables. Alternately, you can use just a single category-5
crossover Ethernet cable and skip the hub, but this will limit your
network to only two computers. Figure 7-1 shows a
simple workgroup of four computers connected to a hub (or switch). - An alternative to the cables and hub is to use wireless equipment.
Although more expensive, and a little slower (see Section 7.1.1, earlier in this chapter),
it allows you to eliminate some or all of the cabling. Instead,
simply install a wireless network adapter in each of your computers,
and, as long as they're in close enough proximity, a
network will be established. You can even connect a DSL or cable
modem to your wireless network with a wireless router. (See Section 7.2.4, later in this chapter, for
details.) You can even mix and match wired and wireless networks.
Figure 7-12 shows a simple wired workgroup extended
with a wireless notebook adapter and a wireless access point plugged
into the hub.
Figure 7-12. A network supporting both wired and wireless connections
procedure. Naturally, different types of hardware will require a
modified procedure, but the methodology is the same.
- Plan your network by drawing a quick diagram similar to the ones
shown in Figure 7-1, Figure 7-2,
Figure 7-3, and Figure 7-12. - Install a network adapter in each computer, according to the
instructions that accompany your hardware. If you're
using Plug-and-Play adapters, Windows should
automatically install and configure the drivers for the adapters.A connection icon labeled "Local Area
Connection" should appear in your Network
Connections window for each installed adapter; check for this in each
computer. Select Details from the View menu to show the Type and
Status columns; the connections should be enabled and of type
"LAN or High-Speed Internet." If
the icons don't show up, make sure Windows
recognizes your network cards in Device Manager (see Chapter 4) and doesn't report any
problems with the devices. - Next, hook up your
cables. Nearly all network
adapters, hubs, and switches have lights
next to their RJ45 ports. When a cable is properly
plugged in to both ends, the light goes on. If the lights
don't go on, you're either using
the wrong type of cable, you've plugged the cable
into the wrong port, or the cable is defective. Until the lights are
lit, don't go any further. Hint: use a different
color cable for each computer to make troubleshooting easier.Make sure to use only category-5 patch cables, except under the
following conditions. A category-5 crossover cable can be used
instead to connect two computers directly (if you
don't have a hub or switch) and can also be used to
connect two hubs together. In some cases where a
Digital Subscriber Line (DSL)
adapter or cable modem connects directly to a computer with a patch
cable, a crossover cable is required to connect either of these
devices to a hub. (Naturally, consult the documentation to be sure.) - Go to Control Panel
[Performance and Maintenance] System to open the System
Properties window (described in Chapter 4), and
choose the Computer Name tab. - Click Network ID to run
the Network Identification Wizard. Click
Next on the first page, choose "This computer is for
home use and not part of a business network," click
Next, and then click Finish. - Next, click Change to open the Computer Name Changes window (see
Figure 7-13), and enter both a Computer name and
Workgroup name. The Workgroup name should be the same for all
computers on your local network, but the Computer name must be
different for each computer.Figure 7-13. Set the Computer Name and Workgroup Name on the Computer Name Changes Window
- Click OK when you're done; if Windows informs you
that you need to restart your computer, do so now. Repeat steps 4-6
for the other computers on your network. - Your connection should now be active. Determine the IP address of
each computer using the connections' Status windows
(see Section 7.1.2.3.3, earlier in this
chapter). - Test your connection with Ping (described in Chapter 4). By default, Windows will assign IP
addresses in the following way: the first computer will be
192.168.0.1, the second will be 192.168.0.2, and so-on. (See the
following section, "What to Do if Your Connection
Doesn't Work," for more information
on manually assigning IP addresses.) Assuming your network is
similar, pick a computer, go to Start Run, and type
ping address, where
address is the IP address of the other
computer. For example, from the 192.168.0.2 computer, you would type:ping 192.168.0.1
- If the network is working, you'll get something like
this:Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=24ms TTL=53
Reply from 192.168.0.1: bytes=32 time=16ms TTL=53 - On the other hand, if you get this result:
Pinging 192.168.0.1 with 32 bytes of data:
Request timed out.
Request timed out. - it means the network is not functioning.
- If your network is functioning, you can proceed to set up the various
services you need, such as file sharing, printer sharing, and
Internet Connection Sharing (all described later in this chapter).
Otherwise, look through the checklist in the following section.
7.2.1.1 What to do if your connection doesn't work
The following
tips should help you get around
most of the common hurdles you'll encounter when
setting up a LAN:
- Run the Network Setup Wizard, as described
in Chapter 4. While this step
isn't always required, it does occasionally fix
errant settings that otherwise would prevent a network from working
properly. - Check your
cables and make sure the
appropriate lights are lit. If you're unsure which
lights to look for, try unplugging a cable from a device. If a light
on the device goes out and then goes back on when the cable is
plugged in, that's the light you're
concerned with. Such lights are often labelled
"Link." - Windows XP is designed to implement most changes to the network
without restarting. However, if you encounter problems, try
restarting one or all of your machines to force them to recognize the
new network. - Make sure no two
computers on your network are
attempting to use the same Computer name or IP address. - Make sure
you have the latest
drivers for your NIC (network adapter); check with the
manufacturer for details. Note that hubs, routers, and switches
typically don't require any special drivers. - Right-click the connection icon in the Network Connections window, and
select Repair. Note that this feature reinstalls some drivers, but
doesn't necessarily investigate your network
settings. - The instructions in the previous section assume the network settings
for your connections haven't been tampered with. If
you suspect that your settings might be wrong, open
Device Manager, right-click the entry
corresponding with your network adapter, and select Uninstall. (Note
that it's not necessary to physically remove the
device from your system.) When you restart Windows, the adapter will
be redetected, and the drivers will be installed with their default
settings.
7.2.2. Sharing Resources
There's little point in
setting up a network if you don't take advantage of
the connection by sharing files and printers. Once
you've established a network connection with another
Windows computer and verified that the connection is working (as
described in the previous two sections), you can set up resources to
be shared over your network.A shared resource is a
folder
on your hard disk or a printer physically attached to your computer,
which you would like made accessible by other computers on your
network. If you share a printer, others on your network can print to
it; if you share a folder, others on your network can access the
files and folders contained therein as though they were stored on
their own hard disks.Whenever you share a resource, you are opening a backdoor to your
computer. It's important to keep security in mind at
all times, especially if you're connected to the
Internet. Otherwise, you may be unwittingly exposing your personal
data to intruders looking for anything they can use and abuse.
Furthermore, an insecure system is more vulnerable to viruses and
other malicious programs.The first thing you should do is go to Control Panel
[Appearance and Themes] Folder Options View tab, and turn offthe "Use simple file sharing"
option. See "Folder Options" in
Chapter 4 and "Implementing
Network Security," later in this chapter, for more
information on the problems with this feature.Sharing resources is easy. Simply right-click a folder or printer
icon, select Sharing and Security (or select Properties and choose
the Sharing tab), and choose the appropriate options. Figure 7-14 shows a sharing window for a
user's
Desktop folder. (Sharing printers is
discussed later).Note that under some circumstances, the dialogs shown in Figures
Figure 7-14, Figure 7-16, Figure 7-17, and Figure 7-18 may look
different. For example, in Windows XP Home Edition, if
you're not using the NTFS file system, or if you
have the "Use Simple File Sharing"
option enabled in Windows XP Professional Edition, you may see
simpler dialogs with fewer options. The concepts discussed still
hold, but some of the advanced options relating to permissions will
be unavailable.
Figure 7-14. Use the Sharing tab of a file or folder to set its access privileges
option to enable sharing for the selected item. (Note that if
you're sharing a disk and Sharing already appears to
be active, you may be looking at an Administrative Share, discussed
later in this chapter.) The name you typed in the
"Share name" field is what users of
other computers will see when they try to access the folder; the
Comment field is optional.At this point, you can click OK to begin sharing the folder (and all
of its contents) over your network. When a folder or drive is shared,
a small hand appears over its icon. Note that it's
best to share only those folders that you need others to access.However, you need to make sure that your user accounts are in order
before others on your network are able to access your shared
resources. Simply put, every user who wishes to access data on your
computer remotely (that is, through the network connection) must have
a user account on your computer. For example, if
you're logged in as
"Lenny," you'll
only be able to access resources on other computers that also have an
account called "Lenny" and that
have the same password configured for that account. If you have two
Windows XP machines, one with a
"Lenny" account and one with a
"Lenny" and a
"Karl" account, a user logged in as
"Karl" will only be able to access
resources on the second machine.Once a folder has been shared, and assuming the user accounts are set
up properly, you can access the folder from another computer by using
My Network Places. My Network Places is available as an icon on your
Desktop and as a folder in the Windows Explorer tree. See Figure 7-15 for an example of how a shared folder called
Desktop located on the computer called
Karl, is accessed over the network. Files and
folders can be dragged to and from this location as though it was
just another folder on your hard disk.
Figure 7-15. My Network Places gives access to shared folders on other machines
"Universal Naming Convention")
looks a little different than a standard path. The path to a folder
called Desktop, located on a computer called
Barney, will look like this:
\\Barney\DesktopNote that only the Share name (Desktop) is shown
here, even though the folder may have a long path on its host
computer (e.g., c:\Documents and
Settings\Barney\Desktop).
7.2.2.1 Mapping drives
Although
generally considered passe, you can
also access shared resources by mapping them to a network drive.
Select Map
Network Drive from Windows Explorer's Tools menu
to display the window shown in Figure 7-16. Here, if
we choose an unused drive letter, such as N:,
and specify the path to an existing network resource, such
as \\Barney\Desktop, we can then access the
files in that folder by navigating to N: in
Explorer.Drive mapping was used more commonly several years ago when most
applications didn't support UNCs like
\\Barney\Desktop, but happily accessed files off
of a fictitious drive N:. Today, it is preferred
to simply create a Windows Shortcut to a commonly accessed network
resource rather than going to the trouble of mapping a drive.
However, if you still rely on an old application or even a DOS
program, you may still need to resort to drive mapping.
Figure 7-16. Mapping a network drive
7.2.2.2 Administrative shares
In
Windows XP Professional, every drive
is automatically shared by default. However, this is for
administrative purposes and is not intended for general file sharing.
(Unfortunately, there's no way to disable the
administrative shares. For most intents and purposes, though, this
does not pose a significant security risk, as the shares cannot be
accessed like normally shared resources.) Figure 7-17 shows the "Default
Share" for a drive; the dollar sign in the Share
name signifies the administrative share. To initiate the type of file
sharing most users will need, click the New Share button at the
bottom at of the window to display the New Share window (see Figure 7-18).Here, you can type the Share name and a comment, if desired, as
described earlier in this section. The Share name
you've typed, as well as the default share (here,
D$), will then appear in a drop-down list; you can
subsequently select the desired Share name from this list to
configure or remove it.
Figure 7-17. An administrative share
Figure 7-18. The New Share window
Figure 7-19. The Permissions window
Figure 7-20. The Select Users or Groups window
7.2.2.3 Permissions
If
you're
using Windows XP Professional and the NTFS filesystem,
you'll be able to control who can view your files
and who cannot; click Permissions in the Sharing window to see the
Permissions dialog shown in Figure 7-19. By default,
a single entry, "Everyone," is
shown in the top list. If you want to selectively allow and disallow
access to various users, first click all the checkboxes in the Deny
column. Then, click Add to configure the access rights for other
configured users. Figure 7-20 shows the
Select Users or Groups window, which
configures permissions for user accounts on your machine and other
machines on your network.When a new user has been added to the Permissions window, highlight
the username, and selectively click Allow for the various permissions
available.In Figure 7-19, we have three choices:Full Control
Allows a user to read, modify, and delete files and folders, and add
new files and folders. If allowed, the Change and Read options are
also enabled.
Change
Allows a user to modify a file. If allowed, the Read option is also
enabled.
Read
Provides basic read-only access to a file or folder. Remote users can
view folder listings and open files, but aren't
allowed to make any changes, including deleting files or adding new
files to protected folders.
Permissions are inherited, which means if you configure the
permissions for a folder, those permissions will be active for all
subfolders and their contents. However, you can set rather liberal
permissions for, say, a drive, and then selectively restrict access
for the more sensitive folders contained therein.
7.2.2.4 Sharing printers
Printers
are shared much in the same way that folders are (described in the
previous sections), with two exceptions. First,
there's really only one option on the Printer
Sharing window (see Figure 7-21): the Share name.
Second, printers aren't accessed through the My
Network Places folder.
Figure 7-21. The Printer Sharing window
- On the computer physically connected to the printer, go to Control
Panel [Printers and Other
Hardware] Printers and
Faxes. - Right-click on the printer icon to share, and select Sharing.
- Choose the "Share this printer"
option, verify that the Share name is as close to the original
printer name as possible, and click OK. - Then, go to another computer on your network, and open Control Panel [Printers and Other
Hardware] Printers and
Faxes. - Double-click the Add Printer icon (or, if you have common tasks
enabled, click "Add a printer" in
the Printer Tasks pane). - Click Next on the first page, select "A network
printer, or a printer attached to another computer"
on the second page, and then click Next. - Leave the default setting of "Browse for
printer" selected, and click Next. - You'll then be presented with a rather
strange-looking collapsible tree (see Figure 7-22).
Although it doesn't look or feel much like the tree
in Windows Explorer, it works in somewhat the same way. Double-click
any branch to expand it; when you've found the
printer, click Next. If the printer does not appear under the
computer to which it's attached, either the computer
is not properly hooked up to the network or the printer driver does
not support network sharing.
Some printer drivers don't support being shared over
a network, especially those for cheaper printers. However you may
still be able to share your printer by purchasing a separate print
server. Note that it may be less expensive to simply purchase a new
printer, but that's up to you. - When you complete the wizard, a new
icon will appear in the Printers and Faxes window for the newly
shared printer, and you'll be able to print to that
printer from any Windows application. Note that the computer that
is physically attached to the printer must be
turned on in order to print. - Repeat steps 4-9 for all other computers on your network that
you
need to
print
from.
Figure 7-22. Browsing for a Shared printer
7.2.3. Connecting to the Internet
There are five basic ways to connect
to the Internet in Windows XP. The one you choose depends on the type
of connection you wish to establish:
- DSL, cable, or other high-speed connection with a static IP address
- DSL, cable, or other high-speed connection via PPPoE
- Wireless connection via Wi-Fi (802.11x)
- Connection provided by another computer or router via Internet
Connection Sharing - Dial-up connection, including analog modems over standard phone lines
If your connection doesn't fit neatly into one of
these categories, your setup may still be similar to one of the
following sections. Otherwise, you'll need to
contact your service provider for specific instructions and software
for Windows XP.If you have a single Internet connection and more than one computer,
see Section 7.2.4 later in this
chapter.Once you've successfully connected to the Internet,
see Section 7.2.5, later in this
chapter, for more steps to protect your computer and data.
7.2.3.1 DSL, cable, or other high-speed connection with a static IP address
High-speed
connections with
static
IP addresses are very easy to set up in Windows XP. (A static IP
address means you have the same IP address every time you start your
computer.) No additional software is typically required for such a
connection. If you're not sure if you have such a
connection, check to see if your connection requires a username and
password to log on; if so, you most likely have a PPPoE connection
(see the next section). Otherwise, proceed with these steps:
- Connect your network adapter directly to your Internet connection.
(This assumes your Internet connection is properly set up and
functioning.) - Open the Network Connections window, locate the connection icon
corresponding to your network adapter, and rename it to
"Internet Connection." Then,
right-click the newly named Internet Connection icon and select
Properties. - Under the General tab, only Client for Microsoft Networks, and
Internet Protocol (TCP/IP) should be checked (see Section 7.1.3, earlier in this chapter,
for details). - Select Internet Protocol (TCP/IP) and click Properties. Click
the "Use the following IP address"
option and enter the IP address, Subnet mask, Default gateway, and
the Preferred (primary) DNS server and Alternate (secondary) DNS
server addresses provided by your Internet service provider. - Click OK, then click OK again; the change should take effect
immediately. Test your connection by loading a web page or using Ping
(see Chapter 4).
7.2.3.2 Notes
If Windows ever prompts you to connect to the Internet after
completing these steps, go to Control Panel
[Network and InternetConnections]
InternetOptions
Connections tab,and click "Never dial a
connection."
7.2.3.3 DSL, cable, or other high-speed connection via PPPoE
PPPoE is the protocol used to
establish temporary, dynamic IP connections over high-speed Internet
connections. If your connection provides a dynamic
IP
address, it means your Internet service provider assigns a different
IP address every time you connect to the Internet. The PPPoE (PPP
over Ethernet) protocol facilitates this connection by sending your
username and password to your provider. If your ISP provides special
software that connects to the Internet (such as Efficient
Networks' NTS Enternet 300 utility or RASPPPoE), you
can abandon it in favor of Windows XP's built-in
support for PPPoE.One of the differences between this type of connection and the static
IP connection discussed in the previous section is that PPPoE
connections must be initiated every time you start Windows or every
time you wish to use the Internet, which is somewhat like using
old-fashioned dial-up connections (discussed later).Here's how to set up a PPPoE connection in Windows
XP:
- If you have PPPoE software (such as Enternet 300) installed, remove
it from your system now. This is typically accomplished by going to
Control Panel Add or
Remove Programs. Refer to the documentation that came with the
software for details. - Open the Network Connections window and start the New Connection
Wizard (or click Create a new connection if you have the Common Tasks
pane enabled). - Click Next to skip the introductory page, choose the
"Connect to the Internet" option,
and click Next. - Choose the "Set up my connection
manually" option, and click Next. - Choose the "Connect using a broadband connection
that requires a username and password" option, and
click Next. - Type a name for this connection; a good choice is the name of your
ISP or just "DSL" or
"cable," and click Next. - Enter your username and password, choose the desired options (if
you're not sure, turn them all on), and click Next. - Click Finish to complete the wizard.
- To start the connection, double-click the icon you just created in
the Network Connections folder. If you elected to create a Desktop
shortcut in the wizard, double-click said Desktop icon. - The "Connect" box can be disabled
by clicking Properties, selecting the Options tab, and changing the
"Prompt for name and password, certificate,
etc." option. You can return to this window by
right-clicking the new connection and selecting Properties.
7.2.3.4 Notes
- To have Windows connect automatically whenever the connection is
needed, first right-click the connection icon and select Set as
Default Connection. Then, go to Control Panel [Network and Internet
Connections] Internet
Options Connections tab
and click "Always dial my default
connection." - To have Windows connect automatically when you first start your
computer, place a shortcut to the connection in your Startup folder.
You'll also need to make sure that the
"Prompt for name and password, certificate,
etc." option is turned off as just described. - If you need to make more than one PPPoE connection quickly,
right-click an existing PPPoE connection icon and select Create Copy.
Then, right-click the new connection icon and select Properties to
modify it. - If you're having trouble getting your new PPPoE
connection to work, check your DSL or cable modem first to see if the
correct lights are lit (refer to your documentation). Sometimes,
turning off the adapter, waiting several minutes, and then turning it
back on solves the problem.
7.2.3.5 Wireless connection via Wi-Fi (802.11x)
Setting up a basic Wi-Fi network
couldn't be easier. This procedure assumes that you
have a broadband connection and you're connecting to
it via a wireless router. (You can, of course, also connect via a
computer on your network acting as a gateway.)
- Install the wireless hardware in your computer. Modern laptops
typically ship with Wi-Fi connectivity built in, but older models may
require a wireless PC card or an external USB receiver. Desktop PCs
can likewise use a USB receiver, but it's usually
more convenient (and cheaper) to install an adapter card in a free
PCI slot. - Install the wireless router. Plug in the AC adapter and connect the
network cable from your broadband (cable or DSL) adapter to your
router's WAN port. - Turn on your cable or DSL adapter, your router, and then your PC. You
won't be able to access the Internet yet, but if all
goes as planned, your computer should be able to talk to the router.
A bubble will pop up in the System Tray telling you that a new
wireless connection has been detected. - Follow the instructions that came with your router to display the
router's configuration screen. With many Linksys
routers, for example, you'd fire up your browser and
go to http://192.168.1.1. If a
login box appears, leave the user name blank and enter
admin as the password.
(That's the default password. For security purposes,
you'll want to change this right away.) - At this point, you'll probably need to indicate the
connection type (such as PPPoE, static IP, and so on), and probably
type the user name and password provided by your Internet service
provider. Enter a wireless network name (SSID) and then choose
whether or not your SSID should be broadcast by default. For security
reasons, you should turn off the Broadcast SSID option so that your
wireless network won't show up when outsiders scan
for available networks. The downside: you may have to manually type
in your SSID the first time you try to connect to your wireless
network. - When you're done, click the Save or Apply Settings
button at the bottom of the page. If all your settings are correct,
you should have Internet access at this point.
neighbors will be able to hook into it, change settings, download
movies on your dime, and more. Make sure you cover the following
bases:Password Protection
Protect your
router's settings. Change the
manufacturer's password to something hard to guess.
Needless to say, don't lose this password, or
you'll have to reset your router to access the setup
page again.
WEP
This is the standard
encryption type for
802.11b/g equipment. Unlike a standard passcode, this takes the form
of 5-13 ASCII characters or 10-26 hexadecimal digits, depending on
the level of security you choose. With WEP enabled, every computer
needs to know your assigned passcode or WEP key to connect to the
system. After assigning a WEP key, open up the Network Connections
control panel on each PC and in the Wireless Connection Properties
dialog, enter the WEP key.
SSID Broadcast
If you turn off your router's
SSID Broadcast feature, your wireless
network will no longer show up in the Wireless Network Connection
window. Although this isn't technically encryption,
it's a good way to hide your wireless network from
neighbors and passers-by. To connect to a wireless network that
isn't broadcasting its SSID, open the Wireless
Network Connection window, click "Set up a wireless
network for a home or small office," and then type
the SSID of your network.
MAC Addresses
Every wireless device has a unique
identifying number, printed on the device itself or listed in the
documentation. These can be used to identify devices and ensure that
only they can connect to the router. If you take this route, remember
to update the list whenever you add a new computer or device to your
network.
7.2.3.6 Configure PCs using the Wireless Network Setup Wizard
Setting
up a wireless network
isn't difficult, but configuring all the connected
PCs can be a bit of a pain if you've employed any of
the aforementioned security measures. You have to coordinate a
handful of settings, including the WEP/WPA key, network name (SSID),
and connection type, among others. Luckily, the Wireless Network
Setup Wizard (a new addition in Service Pack 2) can save the relevant
configuration data to a USB Flash drive, which you can then take from
machine to machine, installing the key settings in, well, a flash.
The basic steps:
- Open the Wireless Network Setup Wizard (it's in the
Control Panel, or you can click "Set up a wireless
network for a home or small office" in the Wireless
Network Connection window). - If you've run this before, you'll
be asked whether you want to "Set up a new wireless
network" or "Add new computers or
devices to the named
network" (where named is
the name you previously set up for the network). Choose the first
option and click Next. - At the top of the next page, enter the name (SSID) of your network
(see Figure 7-23). - Time to add security. By default, Windows XP opts to create a WEP key
for you, but you'll need to type in your own so that
it matches the key on your router's setup page.
Click Next when you're done.
Figure 7-23. The Wireless Network Setup Wizard can practically automate setup
7.2.3.7 Connection provided by another computer or router via Internet Connection Sharing
If you're using
Internet Connection Sharing, the setup for the clients (all the
computers on your network, other than the one with the physical
Internet connection) is a snap. This procedure is also appropriate if
you're using a router to share an Internet
connection.This procedure assumes you've already set up your
Internet connection, as described in Section 7.2.4, as well as a properly
functioning peer-to-peer workgroup, as described in
"Setting up a LAN," discussed
earlier in this chapter.Follow these steps to connect a computer to an existing shared
Internet connection:
- Open the Network Connections window, right-click the connection icon
corresponding to your network adapter, and select Properties. - Under the General tab, make sure Client for Microsoft Networks and
Internet Protocol (TCP/IP) are checked (see Section 7.1.3, earlier in this chapter for
details). Other protocols and services may be checked here as well,
depending on your needs. - Select Internet Protocol (TCP/IP) and click Properties. Here, there
are two possibilities.- If you're not using fixed IP addresses on your LAN
(which will be the most common case), select both the
"Obtain an IP address
automatically" and the "Obtain DNS
server address automatically" options, and click OK. - If you've set up your network with fixed IP
addresses such as 192.168.0.1,
192.168.0.2, and so on (see Section 7.2.1, earlier in this chapter),
click the "Use the following IP
address" option and enter the IP address of the
machine. Then type 255.255.255.0 for the subnet
mask. For the gateway, enter the IP address of the computer hosting
the shared Internet connection. If you're using a
router to share your Internet connection, refer to the instructions
that come with the router for the proper gateway settings. Finally,
type the Preferred (primary) DNS server and Alternate (secondary) DNS
server addresses provided by your Internet service provider. Click OK
when you're done.
- If you're not using fixed IP addresses on your LAN
- Click OK to close the connection properties window; the change should
take effect immediately. Test your connection by loading a web page
or using Ping (see Chapter 4). - If the connection doesn't work at this point, run
the Network Setup Wizard (or click "Set up a home or
small office network" if you have the Common Tasks
pane enabled). Click Next at the first two pages, and on the third
page, choose "This computer connects to the Internet
through another computer..." Then click Next.
Depending on your network configuration, the remaining pages will
vary here; answer the questions the best you can and complete the
wizard.
7.2.3.8 Notes
- If Windows ever prompts you to connect to the Internet after
completing these steps, go to Control Panel [Network and Internet
Connections] Internet
Options Connections tab,
and click "Never dial a
connection." - If you're able to view some web sites but not others
from the client computers, see http://www.annoyances.org/exec/show/article04-107.
7.2.3.9 Dial-up connection, including analog modems over standard phone lines
If you
have
a standard analog
modem and you connect to
the Internet by dialing a phone number, follow these steps to set up
your connection. You can have as many connections as you like, which
is especially useful if you travel; just repeat these steps for each
subsequent connection.
- Open the Network Connections window, and then start the New
Connection Wizard (or click Create a new connection if you have the
Common Tasks pane enabled). - Click Next to skip the introductory page, choose the
"Connect to the Internet" option,
and click Next. - Choose the "Set up my connection
manually" option, and click Next. - Choose the "Connect using a dial-up
modem" option, and click Next. - Type a name for this connection; a good choice is your ISP name, or
perhaps something like "Analog connection at my
sister's house," and click Next. - Type the phone number here, and click Next.If your ISP provides two or more phone numbers, you have the option
of creating multiple connections (one for each phone number), or
creating a single connection that cycles through a list of phone
numbers until a connection is established. If you choose the latter,
you'll have the opportunity to enter additional
phone numbers for the connection later on. - Enter your username and password, choose the desired options (if
you're not sure, turn them all on), and click Next. - Click Finish to complete the wizard.
- To start the connection, double-click the icon you just created in
the Network Connections folder. If you elected to create a Desktop
shortcut in the wizard, double-click said Desktop icon. - The "Connect" box can be disabled
by clicking Properties, selecting the Options tab, and changing the
"Prompt for name and password, certificate,
etc." option. You can return to this window by
right-clicking the new connection and selecting Properties.
7.2.3.10 Notes
- To have Windows connect automatically whenever the connection is
needed, first right-click the connection icon and select Set as
Default Connection. Then, go to Control Panel [Network and Internet
Connections] Internet
Options Connections tab,
and click "Always dial my default
connection." - To have Windows connect automatically when you first start your
computer, place a shortcut to the connection in your Startup folder.
You'll also need to make sure that the
"Prompt for name and password, certificate,
etc." option is turned off. - To enter additional phone numbers for this connection, right-click
the new connection icon, select Properties, choose the General tab,
and click Alternates. See Figure 7-24 for an
example.
Figure 7-24. Adding alternate phone numbers
- If you need to make more than one dial-up connection, a quick way is
to right-click an existing dial-up connection icon and select Create
Copy. Then, right-click the new connection icon and select Properties
to modify it. - If you're using America Online, MSN, or some other
proprietary service, these instructions may not apply to you. Contact
your service provider for setup instructions for Windows
XP.
7.2.4. Sharing an Internet Connection
It
obviously makes sense to share a
single Internet connection among all the computers in your home or
office, rather than investing in a separate connection for each
machine. Fortunately, Windows XP comes with an
Internet
Connection Sharing (ICS) feature built right into the operating
system. Additionally, there are third-party hardware and software
products that provide similar functionality, each with its own
advantages and disadvantages. See "Alternatives to
Internet Connection Sharing," later in this chapter,
for details.
7.2.4.1 Setting up Internet Connection Sharing
Internet Connection Sharing is a system by which a
single computer with an Internet Connection acts as a gateway,
allowing other computers on the LAN to use the connection. The
computer that is connected directly to the Internet is called the
host ;
all the other computers are called
clients .In order to get ICS (Internet Connection Sharing) to work,
you'll need the following:
- At least two computers, each with an
Ethernet card
properly installed and functioning. It is assumed
you've already set up your local network, as
described in "Setting up a LAN,"
earlier in this chapter. Your Internet connection can be shared with
as many clients as your LAN will support. - One of the computers must have an Internet connection properly set
up, as described in "Connecting to the
Internet," earlier in this chapter. The instructions
that follow assume that the computer handing the Internet connection
is running Windows XP; if you need to set up a computer running
another version of Windows as the ICS host, visit http://www.annoyances.org/exec/show/ics. - You do not need a special type of Internet connection, nor do you
need to pay your Internet service provider extra fees to use Internet
Connection Sharing. The whole point of ICS is to take a connection
intended for a single computer and share it with several other
machines. - There is no minimum connection speed, but you should keep in mind
that when two users are downloading using the shared connection
simultaneously (the worst-case scenario), each user will experience
half of the original performance. In other words, you probably
don't want to bother sharing a 14.4k analog modem
connection; see the discussion of bandwidth at the beginning of this
chapter for more information. - If your Internet connection is provided by a router or
you've allocated multiple IP addresses, you
don't need Internet Connection Sharing; see Section 7.2.4.3, later in this chapter, for
details. - If you're sharing a DSL, cable modem, or other
high-speed, Ethernet-based Internet connection, the computer with the
Internet connection must have two Ethernet cards installed. See Figure 7-2 for a diagram of this setup.
The first step in setting up ICS is to configure the host, the
computer with the Internet Connection that will be shared.
- Open the Network Connections window. Here, you should have at least
two connections listed: one for your Internet Connection, and one for
the Ethernet adapter connected to your Local Area Network (LAN). If
they're not there, your network is not ready; refer
to the earlier topics in this chapter, and try again.For clarity, I recommend renaming the two connections to
"Internet Connection" and
"Local Area Connection," as shown
in Figure 7-4 and Figure 7-5. - If you haven't already done it, select Details from
the View menu. - Right-click the connection icon corresponding to your Internet
connection and select Properties. In most cases, it will be the
Ethernet adapter connected to your Internet connection device.However, if you're using DSL or cable with PPPoE,
the icon to use is the "Broadband"
connection set up in "Connecting to the Internet:
DSL, cable, or other high-speed connection via
PPPoE," earlier in this chapter. - Choose the Advanced tab, and turn on the "Allow
other network users to connect through this
computer's Internet connection"
option, as shown in Figure 7-25. Click OK when
you're done.For more information on the Firewall option shown here, see Section 7.2.5, later in this chapter.Figure 7-25. Allowing ICS via the Advanced tab of a network connection's properties
- Verify that Internet Connection Sharing is enabled; it should say
"Enabled, Shared" in the Type
column of the Network Connections window, as shown in Figures Figure 7-4 and Figure 7-5. - Verify that the Internet connection still works on the host by
attempting to open a web page or by using Ping (see Chapter 4). If the Internet connection
doesn't work on the host, it
definitely won't work on any of
the clients. - That's it! The change should take effect immediately.
shared connection. The only requirements of the client machines are
that they are running an operating system that supports networking,
and that their network connections are properly set up. The clients
can be running Windows 2000, Windows Me, Windows 9x, Windows NT,
Windows 3.x for Workgroups, or even MacOS, Unix, Linux, or FreeBSD.See Section 7.2.3, earlier in this
chapter, and follow the instructions under
"Connection provided by another computer or router
via Internet Connection Sharing." While the
instructions are specific to Windows XP, the settings explained
therein can be adapted to any OS; refer to your operating
system's documentation for more
information.
7.2.4.2 Troubleshooting Internet Connection Sharing
Here are some
tips that should help you
fix the problems you might encounter with Internet Connection
Sharing:
- If the Internet is accessible by one client machine, it should work
for them all. If none of the clients work, the problem is with the
host; if some of the clients work, and others don't,
it's a problem with the clients. - ICS works over existing network connections, so those connections
must be functioning before ICS will operate. Refer to Section 7.2.1 and Section 7.2.3, earlier in this chapter,
for more troubleshooting details. - Check to see if you have any
firewall software installed on the
host or clients that might be interfering with the connection. The
Internet Connection Firewall included with Windows XP (discussed
later in this chapter) shouldn't pose any problems,
though. - The ICS host must have the IP address for the connection to the LAN
set to 192.168.0.1, which means that no other
computers can be using that address. If you can't
get ICS to work with the default Windows XP configuration, try
assigning a fixed IP address to each of your clients:
192.168.0.2 for the first,
192.168.0.3 for the second, and so on. Refer to
Section 7.2.1, earlier in this
chapter, for details on setting IP addresses - You can determine any computer's IP address with the
"Windows IP Configuration" utility
discussed in Chapter 4, or with each connection
icon's Status window, discussed in Section 7.1.2, earlier in this chapter. - If you're experiencing poor performance,
it's important to realize that whatever bandwidth is
available though a given Internet connection will be shared among all
of the computers using the connection. The worst-case scenario is
when two or more users download large amounts of data simultaneously;
in this case, they would each receive only half the total connection
bandwidth. Most of the time, though, this bandwidth sharing will have
little noticeable effect, because two or more users on a small
workgroup will rarely consume a great deal of bandwidth at the same
time. - If you're using special connection software for use
with your DSL or cable (such as Efficient Networks'
NTS Enternet 300 software), it's best to remove it
and use Windows XP's built-in support for PPPoE
(described earlier in this chapter). - If you're using PPPoE and find that you can access
some web sites but not others from the client machines, see this
article: http://www.annoyances.org/exec/show/article04-107.
7.2.4.3 Alternatives to Internet Connection Sharing
The Internet Connection Sharing feature built into
Windows XP has its limitations. For example, the host computer must
be on and connected to the Internet for the other computers to have
Internet access. If you don't want your
network's Internet connection to rely on any single
computer, there are alternatives to ICS.The cheapest and most flexible way to share an Internet connection is
to use ICS, but it's worth investigating the
alternatives to see if they make sense for you.Use a router
A router works similarly to a hub or switch, both discussed at the
beginning of this chapter, except that it is also capable of
connecting a single Internet connection directly to a LAN. The
advantages of a router over ICS is that no single computer must be on
for the other computers to have Internet access. Among the
disadvantages are the added cost, the potentially more complicated
setup, and the support for only certain types of high-speed Internet
Connections. Figure 7-3 shows a setup that uses a
router.If you're looking for a router, make sure to get one
that supports both DSL and cable connections, as well as PPPoE
connections (if that's what your service provider
uses). Refer to the documentation that comes with the router for
basic setup instructions, and see the Section 7.2.3.7 earlier in this
chapter for instructions on connecting a Windows XP system to a
router.
Use multiple IP addresses
Some ISPs may provide, at extra cost, multiple IP addresses, with the
specific intent that Internet access be provided for more than one
computer. Instead of using software or hardware to share a single
connection (as described in the preceding sections), each computer
has its own IP address and, therefore, effectively has its own
Internet connection.Refer to the instructions in the "DSL, cable, or
other high-speed connection with a static IP
address" section earlier in this chapter to set up
each of your computers to access the Internet. The only thing to keep
in mind is that each computer must have a different IP address.The advantages of multiple IP addresses over ICS or using a router,
as described above, is that the setup is very easy, and no additional
hardware or software is required. The downside is that Internet
connections with multiple IP addresses are often much more expensive
than standard Internet connections. In fact, the added monthly cost
will most likely exceed the one-time cost of a router.
7.2.5. Implementing Network Security
Security
is a very real concern for any
computer connected to a network or the Internet. There are three main
categories of
security threats:A deliberate, targeted
attack through your network connection
Ironically, this is the type of attack most people fear, but
realistically, it is the least likely to occur, at least where home
and small office networks are concerned. It's
possible for a so-called hacker to obtain access to your computer,
either through your Internet connection or from another computer on
your local network.
An automated invasion by a
virus or robot
A virus is simply a computer program that is designed to duplicate
itself with the purpose of infecting as many computers as possible.
If your computer is infected by a virus, it may use your network
connection to infect other computers; likewise, if another computer
on your network is infected, your computer is vulnerable to
infection. The same goes for Internet connections, although the
method of transport is typically an infected email message.There also exist so-called robots, programs that are designed to scan
large groups of IP addresses and look for vulnerabilities. The motive
for such a program can be anything from exploitation of credit card
numbers or other sensitive information to the hijacking of computers
for the purpose of distributing spam or viruses.
A deliberate attack by a person sitting at your computer
A person who sits down at your computer can easily gain access to
sensitive information, including your documents, email, and even
various passwords
stored by your web browser. An intruder can be anyone, from the
person who steals your computer to a co-worker casually walking by
your unattended desk. Naturally, it's up to you to
determine the actual likelihood of such a threat, and to take the
appropriate measures.
Windows XP includes several features that will enable you to
implement a reasonable level of security without purchasing
additional software or hardware. Unfortunately, Windows is not
configured for optimal security by default. Before you proceed with
any of the solutions in this section, complete the following steps:
- A feature called
Simple File Sharing, which could
allow anyone, anywhere, to access your personal files, is turned on
by default in Windows XP. Go to Control Panel [Appearance and Themes] Folder Options View tab, and turn
off the "Use simple file
sharing" option. - If you need to share files or folders with other computers on your
network, see Section 7.2.2, earlier
in this chapter. It's wise to share only those
folders that need to be shared; also, make sure none of your
sensitive data is stored in shared folders or folders located on
shared drives. You can see exactly which folders are shared by
navigating to My Network Places Entire Network Microsoft Windows Network the name of your
workgroup the name of
your computer. Figure 7-26 shows an example of this
folder.Figure 7-26. Showing which files and folders your computer is sharing
- Open the Network Connections window, and right-click on the icon
corresponding to your Internet connection. If you have more than one,
repeat this procedure for each Internet connection. - In the General tab, clear the checkmark next to the
"File and Printer Sharing for Microsoft
Networks" entry. The only connection for which this
option should be enabled is the connection to your LAN (if you have
one). See "Services and Protocols,"
earlier in this chapter, for more information.
security features in Windows XP.
7.2.5.1 Using the Internet Connection Firewall
A firewall is a layer of
protection that permits or denies network communication based on a
predefined set of rules. These rules restrict communication so that
only certain applications are permitted to use your network
connection. This effectively closes backdoors to your computer that
otherwise might be exploited by viruses, hackers, and other malicious
applications.To enable the Internet Connection Firewall (ICF) on your computer,
follow these steps:
- Open the Network Connections window, and, if you
haven't already done so, select Details from the
View menu. - Right-click the connection icon corresponding to your Internet
connection, and select Properties. In most cases, it will be the
Ethernet adapter connected to your Internet connection device.However, if you're using DSL or cable with PPPoE,
the icon to use is the "Broadband"
connection set up in "Connecting to the Internet:
DSL, cable, or other high-speed connection via
PPPoE," earlier in this chapter. - Choose the Advanced tab, and turn on the "Protect my
computer and network by limiting or preventing access to this
computer from the Internet" option, as shown in
Figure 7-25 (earlier in this chapter). Click OK when
you're done.For more information on the Internet Connection Sharing option shown
here, see Section 7.2.4, earlier in
this chapter. - Verify that Internet Connection Sharing is enabled; it should say
"Enabled, Firewalled" or
"Enabled, Shared, Firewalled" in
the Type column of the Network Connections window, as shown in
Figures 7-4 and 7-5. - Verify that the Internet connection still works on the host by
attempting to open a web page or by using Ping (see Chapter 4).
longer works. Verify that the firewall is causing the problem by
temporarily disabling the Internet Connection Firewall, and trying
again. If indeed the firewall is the culprit, you can add a new rule
to permit the program to communicate over your Internet Connection.
- Open the Network Connections window, right-click the firewalled
connection icon corresponding to your Internet connection, and select
Properties. - Choose the Advanced tab, click Settings, and choose the Services tab.
- If the program or service you wish to use is on the list, place a
checkmark next to it. Otherwise, click Add to display the Service
Settings window as shown in Figure 7-27.Figure 7-27. The Service Settings Window
- The Description of service is simply a name you assign to the new
service; it can be anything that doesn't already
exist on the list. The description should be clear and easily
recognizable, such as "Peer-to-Peer
Sharing" or "Whiteboard
software." - The "Name or IP address" field can
be somewhat confusing. If you're connecting to a
service provided by a single, specific computer, enter the IP address
or network name of the computer here. Otherwise, simply type a
period. (The field can't be left blank.) - Port numbers, described at the beginning of this chapter, are how ICF
distinguishes one service from another. You may need to consult the
documentation of the particular software or service to determine the
appropriate port number. Type the external and internal port numbers
in the two remaining fields; in most cases, both of these values will
be the same. And unless you specifically need to specify UDP ports,
leave the TCP option enabled. - Click OK when you're done. Place a checkmark next to
the newly added service, as well as any other services you wish to
permit, and click OK. Finally, click OK to close the properties
window. - Test the newly permitted service. You may have to experiment with
different firewall rules until your software or service works
properly.
7.2.5.2 Notes
- There are third-party firewall solutions available that might provide
a higher level of security or more options, but the Internet
Connection Firewall that comes with Windows XP should provide an
adequate level of protection for most home and small office computers
and networks. - The Internet Connection Firewall only protects Internet connections;
if you need a firewall between your computer and others on your local
network, you'll need to use a third-party solution. - If you're using Internet Connection Sharing, you can
protect your entire network by simply enabling the Internet
Connection Firewall for the single shared Internet Connection on the
host computer. - By default, Windows XP does not
log communication blocked by the
Internet Connection Firewall. To enable firewall logging, open the
Advanced Settings window, and turn on the "Log
dropped packets" option. The default location of the
log is \Windows\pfirewall.log, which is a
tex
t file
that can be opened in Notepad.
7.2.5.3 What's new in Service Pack 2?
The firewall feature built into Windows XP (the
Internet Connection Firewall or ICF)
hasn't exactly been the most popular firewall
program in the world since its debut in 2001. Turned off by default
and no match for third-party firewall programs, you could be forgiven
for forgetting that it was there at all.
Service Pack 2 takes a slightly
different approach to the problem. The new
Windows Firewall, which replaces the
old Internet Connection Firewall, still isn't our
first choice for protector, but at least it's
activated from the moment you boot up your machine. And if you try to
switch it off without installing a replacement, Windows will harangue
you with warnings.One thing in its favor: Windows Firewall is exceptionally easy to
use. Install SP2, reboot, and it's on by default,
blocking applications and services that you haven't
added to the Firewall control panel's Exception tab.
If a web site tries to download anything suspicious to your PC (even
if it was "asked" by a program on
your PC, such as a media player), the Windows Firewall pops up a
simple dialog box asking you whether to Keep Blocking it, Unblock it
(in other words, grant access), or to ask you later when
you've figured out what it wants. The rest of the
time, Windows Firewall stays out of your way, only alerting you with
a little balloon in the Windows System Tray if anything deactivates
it.To turn the firewall on or off, open the Security Center control
panel, and on the General tab, click either the "On
(recommended)" or "Off (not
recommended)" radio button.
|
Windows Firewall doesn't cater to multiple
connections types. LAN, broadband, and dial-up connections are all
the same in the Firewall's eyes. Whatever exceptions
and other options you set for one will be applied to all connections.
Ironically, the one exception is exceptions. When connecting to a
potentially insecure network, such as a Wi-Fi hotspot, you can check
a box on the General tab to temporarily cancel any and all exceptions
(and hide requests for new ones).Unfortunately,
Windows XP can't automatically detect when
you're away from home and flip the toggle for you.
Having the option tucked away in the Firewall control panel makes it
easy to forget about...until you start wondering why none of your
programs are working any more!The Firewall control
panel's tabs work as follows:General
In this tab you can switch the firewall on and off (see Figure 7-28). You should never have more than one firewall
running at one time, and installing a third-party firewall is the
primary reason for deactivating the Windows Firewall. The
"Don't allow
exceptions" checkbox is for temporary use away from
your own network, when you're connecting to public
and private hotspots. Naturally, you'll want to make
sure that none of your applications present an additional security
risk.
Figure 7-28. Windows Firewall works exactly like ICF, but it's switched on by default, and much easier to use
This tab lists every program or service that has attempted to make an
Internet connection. Those with ticked checkboxes have been granted
access; the rest are currently blocked. Click the Add Program button
to display a list of your installed software and double-click any app
that you want to unblock. The Browse button on this dialog box lets
you track down individual executables that don't
appear on the list. The Add Port button (see Figure 7-29) lets you give an application access to a
specific port by name and port number. Both buttons lead to dialog
boxes with a "Change scope" button,
where you can restrict the exception to just your network, a set of
IP addresses and subnets that you specify, or any computer on the
Internet (the default).
Advanced
This tab controls the level of access that each connection has to
network services such as web servers, FTP servers, and remote desktop
functions. You can choose whether or not to log all traffic, and if
so, exactly what, and choose to share log and error data across the
whole network. The Restore Defaults button returns Windows Firewall
to its factory settings.
Figure 7-29. You can give a program access to a specific port, but make sure it's the right one. In this case, port 80 handles data downloaded from web sites.
7.2.5.4 Protecting your data with passwords and encryption
Mos t users consider passwords to be
a monumental nuisance. After all, we use passwords to access our
email, place orders from online stores, access our bank accounts, and
bid on all of those priceless artifacts on eBay. However, if it
weren't for passwords, anyone could read our email,
abuse our credit cards, steal from our accounts, and place bids on
all sorts of annoying little ceramic figurines, all without our
knowledge or authorization.Windows XP has a rather robust security subsystem, allowing you to
deny access to your computer to anyone who does not know your
password. If you're using Windows XP Professional,
you can also protect your data from other, less-privileged users on
the same machine or on your network.See "User Accounts" in Chapter 4 for more details on adding and removing
users, as well as assigning passwords to existing user accounts.
Although Windows NT permits user accounts to be created without a
password (it's actually the default), you should
ensure that each user on your machine is assigned a unique password.
Even if you're not the least bit worried about a
family member or coworker accessing the data on your computer, a
password-less account is vulnerable to attacks over your network or
Internet connection.Assigning a password doesn't necessarily mean that
you have to log in every time use your computer, however. If
you're the only one who uses your computer, you can
use TweakUI I (discussed in Appendix D) to set
Windows XP to log in with your username and password automatically.Suppose you have three different people who all use the same
computer, and you don't want other users to be able
to read or modify your personal files. Now, any user with
administrator privileges has unrestricted access to every file and
folder on your computer, but less-privileged users can easily be
selectively locked out of any folder on your hard disk. While Windows
XP Home Edition only supports administrator accounts, XP Professional
supports several levels of users, and is therefore required for this
type of security. See the section on Permissions in
"Sharing Resources," earlier in
this chapter, for details on setting permissions.Finally, Windows XP supports file encryption, an additional layer of
security that scrambles your sensitive data, making it totally
unreadable for anyone without the proper authorization. See the
"NTFS Encryption Utility" in Chapter 4 for more information.
7.2.5.5 Additional security tips
The
following tips should help you make
your computer more secure and less vulnerable to the types of
security threats present today:
- Close all of the applications and stop all of the services that you
don't need running. For example, Windows Messenger
(discussed in Chapter 4) opens yet another
backdoor to your computer, potentially
allowing outside users to obtain information about your network
connection. By default, Windows Messenger is run every time you start
Windows XP, but it should certainly be disabled immediately if you
don't use it. This advice applies to Yahoo!
Messenger and AOL Instant Messenger as well. - Go to Control Panel
[Performance and Maintenance] System Remote tab, and turn off
both of the options in this window. Otherwise, another user could
connect to your computer over a network or Internet connection and
use it as though they were sitting in front of it. See
"Remote Desktop Connection" and
"Remote Assistance," both in Chapter 4, for more information. - Viruses are probably
the biggest threat to computer security. A virus can automatically
disable certain security features on your computer, and even open
backdoors, allowing additional viruses and other more malicious
attacks. The vast majority of viruses come through email attachments.
Fortunately, it's extremely easy to protect yourself
from email viruses: just don't open them. They
can't activate themselves; a virus contained in a
Word document will remain dormant until the document is opened in
Word. - The downside is that it's not always obvious which
files are viruses and which are not. Sometimes, of course,
it's easy: if you receive an attachment with an
email advertisement to make money fast, visit a porn site, or enlarge
a portion of your anatomy, delete the attachment immediately
without opening it. However, other times, an
email attachment may come from someone you know; the file may be
clean, or it may be infected. It may have even been sent without the
sender's knowledge, as some viruses are capable of
hijacking your email program and sending infected attachments to
everyone in your contact list. Most of these types of viruses are
targeted to Outlook users; not only are Microsoft Outlook and Outlook
Express both very common, they are also both especially vulnerable.
One way to protect yourself is to use a different email program, such
as Eudora (available at http://www.eudora.com). - The best defense against such an attack is an up-to-date
anti-virus utility, such as
Norton
Antivirus (available from
http://www.symantec.com). But as useful and
beneficial as anti-virus software can be, don't let
it lull you into a false sense of security. The majority of serious
virus infestations I've seen have been on computers
with full-blown anti-virus software; the infestations are invariably
caused by negligence by the user. - Don't write your
password
on a Post-It note stuck to your monitor. Instead, if you have trouble
remembering all of your passwords, there are a number of
password-management programs available for Windows (such as Keypack,
available at http://www.magellass.com/prod-kpl, and
Password Pro, available at http://cmbsoftware.com/passpro). Instead
of remembering twenty different username and password combinations,
you only need to remember one: the password required to open your
password manager! - In addition, your web browser can be instructed to remember passwords
for your various secure web sites. Both Internet Explorer (see Chapter 4) and Mozilla (available at http://www.mozilla.org) can not only save
usernames and passwords, but will type them for you automatically the
next time you visit those sites. - Finally, take security seriously, even if your computer is not on a
network, if for no other reason than to save the massive headache
you'd otherwise get when you had to format
your hard
disk and reinstall Windows after a virus attack.
