In other words,1) I want to be able to initiate connections to the outside world;2) I want all servers on my box to be accessible only from localhost, NOT from the outside world. I am sure I can tweak something on per-server basis, but I want a one-size-fits-all solution, as I might be running more than one server. Windows XP, Zone Alarm (free version).
Asked by :-) 51 months ago Similar questions: block access server allowing local loop accessing internet Computers > Hardware > Desktops & Laptops.
Similar questions: block access server allowing local loop accessing internet.
The easiest way is to use a router between you inet-connection and your internal network If you don't let access your XP machine directly to internet but use an intermediate internet-router, no connection-requests coming from "the outside" will be transfered to the internal network. That way you can connect more than one computer to the internet-access without probem as well, because the router is doing NAT (network address traversal) and organize what packets should be routed to a specific system on the inside. With this kind of installation your servers running on the inside don't need no more configuration like restricting access to only the internal network.In addition to that you can "open" specific servers to the outside by defining a rule for so called port forwarding (e.g. If a requests comes in on port 4711 forward it to the server 1 in the internal network on port 80).
Internet routers are quite cheap nowerdays, which one fits the best for you depends on the techniques you're using for internet-access (DSL, ISDN, Modem, ...). With a personal firewall (as you were mentioning by the topics) you can do the same by defining specific rules but with Windows XP you even don't need that because the firewall of Windows XP being shipped by default does the same already. The last option is to configure the server-application itself to limit access to a specific network (e.g. The loopback device or a range of IP-addresses).
To sum up: For your specific need I think the internet-router is the best you can do. It's not only solving your problem it also solves every attack to your Windows XP that is possible if it's connected directly to the Internet. If that is not an option, you should configure your server-application that way that it's only accepting incoming requests coming from where you want.
If you don't offer a service to the Internet you don't need additional software (that can contain bugs as well) to block this. The personal firewall should be seen as the last thing to be considered simply because it adds an additional layer of complexity into your setup. Sources: My opinion .
2 cerberus, regarding your answer "The easiest way is to use a router between you inet-connection and your internal network":Yes, but I already have a personal firewall, and it's quite simple. It blocks everything unless I specifically approve it. It's been on a market for very long time and I presume it pretty secure.
Unless there is something I am missing, a router would be an overkill I think.
Cerberus, regarding your answer "The easiest way is to use a router between you inet-connection and your internal network":Yes, but I already have a personal firewall, and it's quite simple. It blocks everything unless I specifically approve it. It's been on a market for very long time and I presume it pretty secure.
Unless there is something I am missing, a router would be an overkill I think.
3 The best way to describe the functionality of a personal firewall is a picture:
A personal firewall is - I already said that - a new layer of functionality. Every week there are reports where a personal firewall or other security products have to be patched because they themselfs have bugs that lead to problems or even the install of viruses/worms. A router solves these problems immediately, the performance and stability of your system can be increased that way.If you ask professional network administrators you will get the same responses. The answer I was giving you is the result of years of discussion on Usenet in security-newsgroups where huge groups of professionals with long years of experience were giving tons of reasons why to proceed the way I described. I can give you a lot of links to these discussions but as long as you don't understand german you have to trust me in that or just look for similar discussions in the corresponding english newsgroups.
The best way to describe the functionality of a personal firewall is a picture:
A personal firewall is - I already said that - a new layer of functionality. Every week there are reports where a personal firewall or other security products have to be patched because they themselfs have bugs that lead to problems or even the install of viruses/worms. A router solves these problems immediately, the performance and stability of your system can be increased that way.If you ask professional network administrators you will get the same responses. The answer I was giving you is the result of years of discussion on Usenet in security-newsgroups where huge groups of professionals with long years of experience were giving tons of reasons why to proceed the way I described. I can give you a lot of links to these discussions but as long as you don't understand german you have to trust me in that or just look for similar discussions in the corresponding english newsgroups.
" "Accessing a server in another city. " "I know uninterrupted power suppies (UPS) are good for desktops...should people have one for laptops, too?" "What device can you recommend for Internet Access on desktops, without using cables? " "How do you put a Client Access License on your server and user desktops?
" "is there some kind of software which could help me fix laptops? And desktops?
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.