ip filtering and icf; file server

Microsoft Windows xp professional w/serv...
September 6, 2009 at 08:40:35
Specs: Windows XP Pro sp3
I plan to use an old PC as a file server for work data requiring substantial security. I'll hard-connect a P4 box running XP Pro to a Linksys wireless router on which I've reserved two NAT IP addresses for two permitted PCs. No one else and no other device should have access to these files.

Am I right thinking that IP filtering and ZoneAlarm on the server will secure the box from meddling? I hope to administer the server from one of the two permitted PCs.


See More: ip filtering and icf; file server

Report •


#1
September 7, 2009 at 06:54:18
Okay your story is a bit fuzzy but I will try to answer.

If you use the Wireless Router Only for those two PC's ONLY and thru a WIRELLES CONNECTION you can apply MAC filtering besides your log-on security to the wireless network
e.g. WPA2 - TKIP

MAC spoofing however is easy but one needs to know the MAC address of those computers and the pass key for Wifi security too.

See it as "Just an extra border to cross"

IP Filtering can be tricky cause you probably are running DHCP and those PC's will end up with different IP Addresses frequently.

Could you make a schematic diagram of what you have/want and upload it to imagevenue or some other imagehoster and give me the URL

I maybe can give you a better advice


Report •

#2
September 8, 2009 at 19:51:57
Thanks for the reply.

I'm not too good at putting a schematic together, but here's what I can add:

My wireless router allows me to reserve IP addresses by MAC address, so I can guarantee that the same two devices that need access will always have their own, same IP address.

Here's what I'm thinking: A non-broadcasting wireless router with NAT and WPA2, a very small list of permitted MAC addresses makes a reasonable environment. Two devices with need to see the fileserver will always have the same IP address assigned, tied to each device's MAC address.

The server will employ windows native IP filtering facility and only respond to those two devices. The server will also be running Zonealarm to limit the type of activity permissible even further. Inside the firewall I'll run sort of antivirus. I plan to turn off any unnecessary services in windows once I determine what is necessary.

Does that sound like a reasonable plan?


Report •

#3
September 8, 2009 at 22:34:55
My wireless router allows me to reserve IP addresses by MAC address, so I can guarantee that the same two devices that need access will always have their own, same IP address.

Okay sounds good you have that covered (the reserved IP and MAC give you double security, make sure others can not logon or have no permission to connect to the port where the server is on, I have no picture of the schematics so I dunno who else can be on the netweork doing other things)

Here's what I'm thinking: A non-broadcasting wireless router with NAT and WPA2, a very small list of permitted MAC addresses makes a reasonable environment. Two devices with need to see the fileserver will always have the same IP address assigned, tied to each device's MAC address.

You mean the Router does not advertise it's SSID, good too.
WPA2 is good too, solid security.

The server will employ windows native IP filtering facility and only respond to those two devices. The server will also be running Zonealarm to limit the type of activity permissible even further. Inside the firewall I'll run sort of antivirus. I plan to turn off any unnecessary services in windows once I determine what is necessary.

IP Filtering, extra security for the server
Zonealarm is not one of my favorites but if it works for you that's fine.
Watch out with killing services, but I think you know what you are doing


Lotsa security, bit overkill IMO but it'll work

What's on the server, your secret recipe for Appelpie ?? ;-)


Report •

Related Solutions

#4
September 9, 2009 at 03:35:56
I've been working in an environment where the security is very high and all files are backed up every night and I plan to leave that employer in the next few months to work from home. It looks to me that the security of my work files is pretty important and could be very costly to me if I lost them.

That and I have a low cost data storage solution that I'm hoping I won't need to spend much time messing with once set up.

If I am able to avoid mischievous intrusion and hardware failure, and I can do it in a way that's nearly transparent from the user side, I'll be happy. It being overkill is only a problem if it makes the solution more burdensome or expensive, and I don't think this will, so I'm ok with that.

Thanks again for your reply.


Report •

#5
September 13, 2009 at 00:42:33
Okay fine with me but make documentations of what you are doing and keep them is a safe place.
If you are gone (in case of emergency) people that take over your job need to know what you have been doing to continue the business

Good Luck


Report •


Ask Question