Section 7.2. General Procedures

Previous page
Table of content
Next page

7.2. General Procedures

The preceding sections of this chapter outline the fundamentals of networking and the various components that make up Windows XP's built-in support for networking. As stated earlier, Windows is really only concerned with the connections directly attached to the computer, so building a network essentially means configuring the connections for each computer involved.

The following sections explain the procedures for building and connecting to different types of networks. It's important to realize that there are limitless combinations of networking hardware and software, and it's obviously impossible to cover them all.

7.2.1. Setting Up a LAN

Connecting two computers to form a basic peer-to-peer workgroup is fairly easy with Windows XP, as long as you have the proper equipment, drivers, and an hour or two. Ideally, you should be able to set up a functioning workgroup in less than ten minutes, but that doesn't include fishing for drivers, resolving hardware conflicts, or running a cable through your attic.

We'll start with a basic peer-to-peer workgroup consisting of two computers. Here's what you'll need:

  • Two computers, each presumably running Windows XP. Although you can connect a Windows machine to a machine running any networkable operating system (Windows 9x/Me, Windows NT/2000, Mac, Unix, etc.), for the sake of simplicity, we'll assume that both machines are running Windows XP.

  • At least one network adapter (see NIC in Section 7.1, earlier in this chapter) installed in each computer. NICs are cheap and readily available, and are even built-in to many higher-end systems.

  • If you're not sure what to get, just purchase a standard, plug-and-play 10_base-8 Ethernet adapter with an RJ45 connector. If you have a Desktop system, get a PCI card; if you have a laptop, get a PC Card (PCMCIA) adapter. You can also get a USB-based NIC (useful if you don't want to take your Desktop apart), although these tend to be slower and a little more temperamental than true Ethernet adapters.

  • Finally, you'll need a hub (or switch) and two category-5 patch Ethernet cables. Alternately, you can use just a single category-5 crossover Ethernet cable and skip the hub, but this will limit your network to only two computers. Figure 7-1 shows a simple workgroup of four computers connected to a hub (or switch).

  • An alternative to the cables and hub is to use wireless equipment. Although more expensive, and a little slower (see Section 7.1.1, earlier in this chapter), it allows you to eliminate some or all of the cabling. Instead, simply install a wireless network adapter in each of your computers, and, as long as they're in close enough proximity, a network will be established. You can even connect a DSL or cable modem to your wireless network with a wireless router. (See Section 7.2.4, later in this chapter, for details.) You can even mix and match wired and wireless networks. Figure 7-12 shows a simple wired workgroup extended with a wireless notebook adapter and a wireless access point plugged into the hub.

Figure 7-12. A network supporting both wired and wireless connections

Once you have all of the components, you can begin with the following procedure. Naturally, different types of hardware will require a modified procedure, but the methodology is the same.

  1. Plan your network by drawing a quick diagram similar to the ones shown in Figure 7-1, Figure 7-2, Figure 7-3, and Figure 7-12.

  2. Install a network adapter in each computer, according to the instructions that accompany your hardware. If you're using Plug-and-Play adapters, Windows should automatically install and configure the drivers for the adapters.

    A connection icon labeled "Local Area Connection" should appear in your Network Connections window for each installed adapter; check for this in each computer. Select Details from the View menu to show the Type and Status columns ; the connections should be enabled and of type "LAN or High-Speed Internet." If the icons don't show up, make sure Windows recognizes your network cards in Device Manager (see Chapter 4) and doesn't report any problems with the devices.

  3. Next, hook up your cables. Nearly all network adapters, hubs, and switches have lights next to their RJ45 ports. When a cable is properly plugged in to both ends, the light goes on. If the lights don't go on, you're either using the wrong type of cable, you've plugged the cable into the wrong port, or the cable is defective. Until the lights are lit, don't go any further. Hint: use a different color cable for each computer to make troubleshooting easier.

    Make sure to use only category-5 patch cables, except under the following conditions. A category-5 crossover cable can be used instead to connect two computers directly (if you don't have a hub or switch) and can also be used to connect two hubs together. In some cases where a Digital Subscriber Line (DSL) adapter or cable modem connects directly to a computer with a patch cable, a crossover cable is required to connect either of these devices to a hub. (Naturally, consult the documentation to be sure.)

  4. Go to Control Panel [Performance and Maintenance] System to open the System Properties window (described in Chapter 4), and choose the Computer Name tab.

  5. Click Network ID to run the Network Identification Wizard. Click Next on the first page, choose "This computer is for home use and not part of a business network," click Next, and then click Finish.

  6. Next, click Change to open the Computer Name Changes window (see Figure 7-13), and enter both a Computer name and Workgroup name. The Workgroup name should be the same for all computers on your local network, but the Computer name must be different for each computer.

    Figure 7-13. Set the Computer Name and Workgroup Name on the Computer Name Changes Window

  7. Click OK when you're done; if Windows informs you that you need to restart your computer, do so now. Repeat steps 4-6 for the other computers on your network.

  8. Your connection should now be active. Determine the IP address of each computer using the connections' Status windows (see Section 7.1.2.3.3, earlier in this chapter).

  9. Test your connection with Ping (described in Chapter 4). By default, Windows will assign IP addresses in the following way: the first computer will be 192.168.0.1, the second will be 192.168.0.2, and so-on. (See the following section, "What to Do if Your Connection Doesn't Work," for more information on manually assigning IP addresses.) Assuming your network is similar, pick a computer, go to Start Run, and type ping address , where address is the IP address of the other computer. For example, from the 192.168.0.2 computer, you would type: 

     ping 192.168.0.1

  10. If the network is working, you'll get something like this: 

     Pinging 192.168.0.1 with 32 bytes of data: Reply from 192.168.0.1: bytes=32 time=24ms TTL=53 Reply from 192.168.0.1: bytes=32 time=16ms TTL=53

  11. On the other hand, if you get this result: 

     Pinging 192.168.0.1 with 32 bytes of data: Request timed out. Request timed out.

  12. it means the network is not functioning.

  13. If your network is functioning, you can proceed to set up the various services you need, such as file sharing, printer sharing, and Internet Connection Sharing (all described later in this chapter). Otherwise , look through the checklist in the following section.

7.2.1.1 What to do if your connection doesn't work

The following tips should help you get around most of the common hurdles you'll encounter when setting up a LAN:

  • Run the Network Setup Wizard, as described in Chapter 4. While this step isn't always required, it does occasionally fix errant settings that otherwise would prevent a network from working properly.

  • Check your cables and make sure the appropriate lights are lit. If you're unsure which lights to look for, try unplugging a cable from a device. If a light on the device goes out and then goes back on when the cable is plugged in, that's the light you're concerned with. Such lights are often labelled "Link."

  • Windows XP is designed to implement most changes to the network without restarting. However, if you encounter problems, try restarting one or all of your machines to force them to recognize the new network.

  • Make sure no two computers on your network are attempting to use the same Computer name or IP address.

  • Make sure you have the latest drivers for your NIC (network adapter); check with the manufacturer for details. Note that hubs, routers, and switches typically don't require any special drivers.

  • Right-click the connection icon in the Network Connections window, and select Repair. Note that this feature reinstalls some drivers, but doesn't necessarily investigate your network settings.

  • The instructions in the previous section assume the network settings for your connections haven't been tampered with. If you suspect that your settings might be wrong, open Device Manager, right-click the entry corresponding with your network adapter, and select Uninstall. (Note that it's not necessary to physically remove the device from your system.) When you restart Windows, the adapter will be redetected, and the drivers will be installed with their default settings.

7.2.2. Sharing Resources

There's little point in setting up a network if you don't take advantage of the connection by sharing files and printers. Once you've established a network connection with another Windows computer and verified that the connection is working (as described in the previous two sections), you can set up resources to be shared over your network.

A shared resource is a folder on your hard disk or a printer physically attached to your computer, which you would like made accessible by other computers on your network. If you share a printer, others on your network can print to it; if you share a folder, others on your network can access the files and folders contained therein as though they were stored on their own hard disks.

Whenever you share a resource, you are opening a backdoor to your computer. It's important to keep security in mind at all times, especially if you're connected to the Internet. Otherwise, you may be unwittingly exposing your personal data to intruders looking for anything they can use and abuse. Furthermore, an insecure system is more vulnerable to viruses and other malicious programs.

The first thing you should do is go to Control Panel [Appearance and Themes] Folder Options View tab, and turn off the "Use simple file sharing" option. See "Folder Options" in Chapter 4 and "Implementing Network Security," later in this chapter, for more information on the problems with this feature.

Sharing resources is easy. Simply right-click a folder or printer icon, select Sharing and Security (or select Properties and choose the Sharing tab), and choose the appropriate options. Figure 7-14 shows a sharing window for a user 's Desktop folder. (Sharing printers is discussed later).

Note that under some circumstances, the dialogs shown in Figures Figure 7-14, Figure 7-16, Figure 7-17, and Figure 7-18 may look different. For example, in Windows XP Home Edition, if you're not using the NTFS file system, or if you have the "Use Simple File Sharing" option enabled in Windows XP Professional Edition, you may see simpler dialogs with fewer options. The concepts discussed still hold, but some of the advanced options relating to permissions will be unavailable.

Figure 7-14. Use the Sharing tab of a file or folder to set its access privileges

Choose the "Share this folder" option to enable sharing for the selected item. (Note that if you're sharing a disk and Sharing already appears to be active, you may be looking at an Administrative Share, discussed later in this chapter.) The name you typed in the "Share name" field is what users of other computers will see when they try to access the folder; the Comment field is optional.

At this point, you can click OK to begin sharing the folder (and all of its contents) over your network. When a folder or drive is shared, a small hand appears over its icon. Note that it's best to share only those folders that you need others to access.

However, you need to make sure that your user accounts are in order before others on your network are able to access your shared resources. Simply put, every user who wishes to access data on your computer remotely (that is, through the network connection) must have a user account on your computer. For example, if you're logged in as "Lenny," you'll only be able to access resources on other computers that also have an account called "Lenny" and that have the same password configured for that account. If you have two Windows XP machines, one with a "Lenny" account and one with a "Lenny" and a "Karl" account, a user logged in as "Karl" will only be able to access resources on the second machine.

Once a folder has been shared, and assuming the user accounts are set up properly, you can access the folder from another computer by using My Network Places. My Network Places is available as an icon on your Desktop and as a folder in the Windows Explorer tree. See Figure 7-15 for an example of how a shared folder called Desktop located on the computer called Karl , is accessed over the network. Files and folders can be dragged to and from this location as though it was just another folder on your hard disk.

Figure 7-15. My Network Places gives access to shared folders on other machines

The full path to a network resource (called a UNC path, for "Universal Naming Convention") looks a little different than a standard path. The path to a folder called Desktop , located on a computer called Barney , will look like this: 

 \Barney\Desktop

Note that only the Share name ( Desktop ) is shown here, even though the folder may have a long path on its host computer (e.g., c:\Documents and Settings\Barney\Desktop ).

7.2.2.1 Mapping drives

Although generally considered passe, you can also access shared resources by mapping them to a network drive. Select Map Network Drive from Windows Explorer's Tools menu to display the window shown in Figure 7-16. Here, if we choose an unused drive letter, such as N: , and specify the path to an existing network resource, such as \\Barney\Desktop , we can then access the files in that folder by navigating to N: in Explorer.

Drive mapping was used more commonly several years ago when most applications didn't support UNCs like \\Barney\Desktop , but happily accessed files off of a fictitious drive N: . Today, it is preferred to simply create a Windows Shortcut to a commonly accessed network resource rather than going to the trouble of mapping a drive. However, if you still rely on an old application or even a DOS program, you may still need to resort to drive mapping.

Figure 7-16. Mapping a network drive

7.2.2.2 Administrative shares

In Windows XP Professional, every drive is automatically shared by default. However, this is for administrative purposes and is not intended for general file sharing. (Unfortunately, there's no way to disable the administrative shares. For most intents and purposes, though, this does not pose a significant security risk, as the shares cannot be accessed like normally shared resources.) Figure 7-17 shows the "Default Share" for a drive; the dollar sign in the Share name signifies the administrative share. To initiate the type of file sharing most users will need, click the New Share button at the bottom at of the window to display the New Share window (see Figure 7-18).

Here, you can type the Share name and a comment, if desired, as described earlier in this section. The Share name you've typed, as well as the default share (here, D$ ), will then appear in a drop-down list; you can subsequently select the desired Share name from this list to configure or remove it.

Figure 7-17. An administrative share

Figure 7-18. The New Share window

Figure 7-19. The Permissions window

Figure 7-20. The Select Users or Groups window

7.2.2.3 Permissions

If you're using Windows XP Professional and the NTFS filesystem, you'll be able to control who can view your files and who cannot; click Permissions in the Sharing window to see the Permissions dialog shown in Figure 7-19. By default, a single entry, "Everyone," is shown in the top list. If you want to selectively allow and disallow access to various users, first click all the checkboxes in the Deny column. Then, click Add to configure the access rights for other configured users. Figure 7-20 shows the Select Users or Groups window, which configures permissions for user accounts on your machine and other machines on your network.

When a new user has been added to the Permissions window, highlight the username, and selectively click Allow for the various permissions available.

In Figure 7-19, we have three choices:


Full Control

Allows a user to read, modify, and delete files and folders, and add new files and folders. If allowed, the Change and Read options are also enabled.


Change

Allows a user to modify a file. If allowed, the Read option is also enabled.


Read

Provides basic read-only access to a file or folder. Remote users can view folder listings and open files, but aren't allowed to make any changes, including deleting files or adding new files to protected folders.

Permissions are inherited, which means if you configure the permissions for a folder, those permissions will be active for all subfolders and their contents. However, you can set rather liberal permissions for, say, a drive, and then selectively restrict access for the more sensitive folders contained therein.

7.2.2.4 Sharing printers

Printers are shared much in the same way that folders are (described in the previous sections), with two exceptions. First, there's really only one option on the Printer Sharing window (see Figure 7-21): the Share name. Second, printers aren't accessed through the My Network Places folder.

Figure 7-21. The Printer Sharing window

Here's how to share a printer:

  1. On the computer physically connected to the printer, go to Control Panel [Printers and Other Hardware] Printers and Faxes.

  2. Right-click on the printer icon to share, and select Sharing.

  3. Choose the "Share this printer" option, verify that the Share name is as close to the original printer name as possible, and click OK.

  4. Then, go to another computer on your network, and open Control Panel [Printers and Other Hardware] Printers and Faxes.

  5. Double-click the Add Printer icon (or, if you have common tasks enabled, click "Add a printer" in the Printer Tasks pane).

  6. Click Next on the first page, select "A network printer, or a printer attached to another computer" on the second page, and then click Next.

  7. Leave the default setting of "Browse for printer" selected, and click Next.

  8. You'll then be presented with a rather strange -looking collapsible tree (see Figure 7-22). Although it doesn't look or feel much like the tree in Windows Explorer, it works in somewhat the same way. Double-click any branch to expand it; when you've found the printer, click Next. If the printer does not appear under the computer to which it's attached, either the computer is not properly hooked up to the network or the printer driver does not support network sharing.

    Some printer drivers don't support being shared over a network, especially those for cheaper printers. However you may still be able to share your printer by purchasing a separate print server. Note that it may be less expensive to simply purchase a new printer, but that's up to you.


  9. When you complete the wizard, a new icon will appear in the Printers and Faxes window for the newly shared printer, and you'll be able to print to that printer from any Windows application. Note that the computer that is physically attached to the printer must be turned on in order to print.

  10. Repeat steps 4-9 for all other computers on your network that you need to print from.

Figure 7-22. Browsing for a Shared printer

7.2.3. Connecting to the Internet

There are five basic ways to connect to the Internet in Windows XP. The one you choose depends on the type of connection you wish to establish:

  • DSL, cable, or other high-speed connection with a static IP address

  • DSL, cable, or other high-speed connection via PPPoE

  • Wireless connection via Wi-Fi (802.11x)

  • Connection provided by another computer or router via Internet Connection Sharing

  • Dial-up connection, including analog modems over standard phone lines

If your connection doesn't fit neatly into one of these categories, your setup may still be similar to one of the following sections. Otherwise, you'll need to contact your service provider for specific instructions and software for Windows XP.

If you have a single Internet connection and more than one computer, see Section 7.2.4 later in this chapter.

Once you've successfully connected to the Internet, see Section 7.2.5, later in this chapter, for more steps to protect your computer and data.

7.2.3.1 DSL, cable, or other high-speed connection with a static IP address

High-speed connections with static IP addresses are very easy to set up in Windows XP. (A static IP address means you have the same IP address every time you start your computer.) No additional software is typically required for such a connection. If you're not sure if you have such a connection, check to see if your connection requires a username and password to log on; if so, you most likely have a PPPoE connection (see the next section). Otherwise, proceed with these steps:

  1. Connect your network adapter directly to your Internet connection. (This assumes your Internet connection is properly set up and functioning.)

  2. Open the Network Connections window, locate the connection icon corresponding to your network adapter, and rename it to "Internet Connection." Then, right-click the newly named Internet Connection icon and select Properties.

  3. Under the General tab, only Client for Microsoft Networks, and Internet Protocol (TCP/IP) should be checked (see Section 7.1.3, earlier in this chapter, for details).

  4. Select Internet Protocol (TCP/IP) and click Properties. Click the "Use the following IP address" option and enter the IP address, Subnet mask, Default gateway, and the Preferred (primary) DNS server and Alternate (secondary) DNS server addresses provided by your Internet service provider.

  5. Click OK, then click OK again; the change should take effect immediately. Test your connection by loading a web page or using Ping (see Chapter 4).

7.2.3.2 Notes

If Windows ever prompts you to connect to the Internet after completing these steps, go to Control Panel [Network and Internet Connections] Internet Options Connections tab, and click "Never dial a connection."

7.2.3.3 DSL, cable, or other high-speed connection via PPPoE

PPPoE is the protocol used to establish temporary, dynamic IP connections over high-speed Internet connections. If your connection provides a dynamic IP address, it means your Internet service provider assigns a different IP address every time you connect to the Internet. The PPPoE (PPP over Ethernet) protocol facilitates this connection by sending your username and password to your provider. If your ISP provides special software that connects to the Internet (such as Efficient Networks' NTS Enternet 300 utility or RASPPPoE), you can abandon it in favor of Windows XP's built-in support for PPPoE.

One of the differences between this type of connection and the static IP connection discussed in the previous section is that PPPoE connections must be initiated every time you start Windows or every time you wish to use the Internet, which is somewhat like using old-fashioned dial-up connections (discussed later).

Here's how to set up a PPPoE connection in Windows XP:

  1. If you have PPPoE software (such as Enternet 300) installed, remove it from your system now. This is typically accomplished by going to Control Panel Add or Remove Programs. Refer to the documentation that came with the software for details.

  2. Open the Network Connections window and start the New Connection Wizard (or click Create a new connection if you have the Common Tasks pane enabled).

  3. Click Next to skip the introductory page, choose the "Connect to the Internet" option, and click Next.

  4. Choose the "Set up my connection manually" option, and click Next.

  5. Choose the "Connect using a broadband connection that requires a username and password" option, and click Next.

  6. Type a name for this connection; a good choice is the name of your ISP or just "DSL" or "cable," and click Next.

  7. Enter your username and password, choose the desired options (if you're not sure, turn them all on), and click Next.

  8. Click Finish to complete the wizard.

  9. To start the connection, double-click the icon you just created in the Network Connections folder. If you elected to create a Desktop shortcut in the wizard, double-click said Desktop icon.

  10. The "Connect" box can be disabled by clicking Properties, selecting the Options tab, and changing the "Prompt for name and password, certificate, etc." option. You can return to this window by right-clicking the new connection and selecting Properties.

7.2.3.4 Notes

  • To have Windows connect automatically whenever the connection is needed, first right-click the connection icon and select Set as Default Connection. Then, go to Control Panel [Network and Internet Connections] Internet Options Connections tab and click "Always dial my default connection."

  • To have Windows connect automatically when you first start your computer, place a shortcut to the connection in your Startup folder. You'll also need to make sure that the "Prompt for name and password, certificate, etc." option is turned off as just described.

  • If you need to make more than one PPPoE connection quickly, right-click an existing PPPoE connection icon and select Create Copy. Then, right-click the new connection icon and select Properties to modify it.

  • If you're having trouble getting your new PPPoE connection to work, check your DSL or cable modem first to see if the correct lights are lit (refer to your documentation). Sometimes, turning off the adapter, waiting several minutes, and then turning it back on solves the problem.

7.2.3.5 Wireless connection via Wi-Fi (802.11x)

Setting up a basic Wi-Fi network couldn't be easier. This procedure assumes that you have a broadband connection and you're connecting to it via a wireless router. (You can, of course, also connect via a computer on your network acting as a gateway.)

  1. Install the wireless hardware in your computer. Modern laptops typically ship with Wi-Fi connectivity built in, but older models may require a wireless PC card or an external USB receiver. Desktop PCs can likewise use a USB receiver, but it's usually more convenient (and cheaper) to install an adapter card in a free PCI slot.

  2. Install the wireless router. Plug in the AC adapter and connect the network cable from your broadband (cable or DSL) adapter to your router's WAN port.

  3. Turn on your cable or DSL adapter, your router, and then your PC. You won't be able to access the Internet yet, but if all goes as planned, your computer should be able to talk to the router. A bubble will pop up in the System Tray telling you that a new wireless connection has been detected .

  4. Follow the instructions that came with your router to display the router's configuration screen. With many Linksys routers, for example, you'd fire up your browser and go to http://192.168.1.1. If a login box appears, leave the user name blank and enter admin as the password. (That's the default password. For security purposes, you'll want to change this right away.)

  5. At this point, you'll probably need to indicate the connection type (such as PPPoE, static IP, and so on), and probably type the user name and password provided by your Internet service provider. Enter a wireless network name (SSID) and then choose whether or not your SSID should be broadcast by default. For security reasons, you should turn off the Broadcast SSID option so that your wireless network won't show up when outsiders scan for available networks. The downside: you may have to manually type in your SSID the first time you try to connect to your wireless network.

  6. When you're done, click the Save or Apply Settings button at the bottom of the page. If all your settings are correct, you should have Internet access at this point.

Your connection should work, but it will be completely insecure. Your neighbors will be able to hook into it, change settings, download movies on your dime, and more. Make sure you cover the following bases:


Password Protection

Protect your router's settings. Change the manufacturer's password to something hard to guess. Needless to say, don't lose this password, or you'll have to reset your router to access the setup page again.


WEP

This is the standard encryption type for 802.11b/g equipment. Unlike a standard passcode, this takes the form of 5-13 ASCII characters or 10-26 hexadecimal digits, depending on the level of security you choose. With WEP enabled, every computer needs to know your assigned passcode or WEP key to connect to the system. After assigning a WEP key, open up the Network Connections control panel on each PC and in the Wireless Connection Properties dialog, enter the WEP key.


SSID Broadcast

If you turn off your router's SSID Broadcast feature, your wireless network will no longer show up in the Wireless Network Connection window. Although this isn't technically encryption, it's a good way to hide your wireless network from neighbors and passers-by. To connect to a wireless network that isn't broadcasting its SSID, open the Wireless Network Connection window, click "Set up a wireless network for a home or small office," and then type the SSID of your network.


MAC Addresses

Every wireless device has a unique identifying number, printed on the device itself or listed in the documentation. These can be used to identify devices and ensure that only they can connect to the router. If you take this route, remember to update the list whenever you add a new computer or device to your network.

7.2.3.6 Configure PCs using the Wireless Network Setup Wizard

Setting up a wireless network isn't difficult, but configuring all the connected PCs can be a bit of a pain if you've employed any of the aforementioned security measures. You have to coordinate a handful of settings, including the WEP/WPA key, network name (SSID), and connection type, among others. Luckily, the Wireless Network Setup Wizard (a new addition in Service Pack 2) can save the relevant configuration data to a USB Flash drive, which you can then take from machine to machine, installing the key settings in, well, a flash. The basic steps:

  1. Open the Wireless Network Setup Wizard (it's in the Control Panel, or you can click "Set up a wireless network for a home or small office" in the Wireless Network Connection window).

  2. If you've run this before, you'll be asked whether you want to "Set up a new wireless network" or "Add new computers or devices to the named network" (where named is the name you previously set up for the network). Choose the first option and click Next.

  3. At the top of the next page, enter the name (SSID) of your network (see Figure 7-23).

  4. Time to add security. By default, Windows XP opts to create a WEP key for you, but you'll need to type in your own so that it matches the key on your router's setup page. Click Next when you're done.

Figure 7-23. The Wireless Network Setup Wizard can practically automate setup

To roll out your settings to other PCs, plug a Flash drive into your USB port, select its drive letter from the drop-down box, and click Next.If you don't have a flash drive, you can still save some typing. Highlight the SSID and WEP keys you've typed, press Ctrl-C, and then paste them into Notepad. Save the file onto a floppy disk or CD, and then insert the disc into each of the other computers. Open the text file, and then copy and paste the individual items back into the wizard.


7.2.3.7 Connection provided by another computer or router via Internet Connection Sharing

If you're using Internet Connection Sharing, the setup for the clients (all the computers on your network, other than the one with the physical Internet connection) is a snap. This procedure is also appropriate if you're using a router to share an Internet connection.

This procedure assumes you've already set up your Internet connection, as described in Section 7.2.4, as well as a properly functioning peer-to-peer workgroup, as described in "Setting up a LAN," discussed earlier in this chapter.

Follow these steps to connect a computer to an existing shared Internet connection:

  1. Open the Network Connections window, right-click the connection icon corresponding to your network adapter, and select Properties.

  2. Under the General tab, make sure Client for Microsoft Networks and Internet Protocol (TCP/IP) are checked (see Section 7.1.3, earlier in this chapter for details). Other protocols and services may be checked here as well, depending on your needs.

  3. Select Internet Protocol (TCP/IP) and click Properties. Here, there are two possibilities.

    • If you're not using fixed IP addresses on your LAN (which will be the most common case), select both the "Obtain an IP address automatically" and the "Obtain DNS server address automatically" options, and click OK.

    • If you've set up your network with fixed IP addresses such as 192.168.0.1 , 192.168.0.2 , and so on (see Section 7.2.1, earlier in this chapter), click the "Use the following IP address" option and enter the IP address of the machine. Then type 255.255.255.0 for the subnet mask. For the gateway, enter the IP address of the computer hosting the shared Internet connection. If you're using a router to share your Internet connection, refer to the instructions that come with the router for the proper gateway settings. Finally, type the Preferred (primary) DNS server and Alternate (secondary) DNS server addresses provided by your Internet service provider. Click OK when you're done.

  4. Click OK to close the connection properties window; the change should take effect immediately. Test your connection by loading a web page or using Ping (see Chapter 4).

  5. If the connection doesn't work at this point, run the Network Setup Wizard (or click "Set up a home or small office network" if you have the Common Tasks pane enabled). Click Next at the first two pages, and on the third page, choose "This computer connects to the Internet through another computer..." Then click Next. Depending on your network configuration, the remaining pages will vary here; answer the questions the best you can and complete the wizard.

7.2.3.8 Notes

  • If Windows ever prompts you to connect to the Internet after completing these steps, go to Control Panel [Network and Internet Connections] Internet Options Connections tab, and click "Never dial a connection."

  • If you're able to view some web sites but not others from the client computers, see http://www.annoyances.org/ exec /show/article04-107.

7.2.3.9 Dial-up connection, including analog modems over standard phone lines

If you have a standard analog modem and you connect to the Internet by dialing a phone number, follow these steps to set up your connection. You can have as many connections as you like, which is especially useful if you travel; just repeat these steps for each subsequent connection.

  1. Open the Network Connections window, and then start the New Connection Wizard (or click Create a new connection if you have the Common Tasks pane enabled).

  2. Click Next to skip the introductory page, choose the "Connect to the Internet" option, and click Next.

  3. Choose the "Set up my connection manually" option, and click Next.

  4. Choose the "Connect using a dial-up modem" option, and click Next.

  5. Type a name for this connection; a good choice is your ISP name, or perhaps something like "Analog connection at my sister's house," and click Next.

  6. Type the phone number here, and click Next.

    If your ISP provides two or more phone numbers, you have the option of creating multiple connections (one for each phone number), or creating a single connection that cycles through a list of phone numbers until a connection is established. If you choose the latter, you'll have the opportunity to enter additional phone numbers for the connection later on.

  7. Enter your username and password, choose the desired options (if you're not sure, turn them all on), and click Next.

  8. Click Finish to complete the wizard.

  9. To start the connection, double-click the icon you just created in the Network Connections folder. If you elected to create a Desktop shortcut in the wizard, double-click said Desktop icon.

  10. The "Connect" box can be disabled by clicking Properties, selecting the Options tab, and changing the "Prompt for name and password, certificate, etc." option. You can return to this window by right-clicking the new connection and selecting Properties.

7.2.3.10 Notes

  • To have Windows connect automatically whenever the connection is needed, first right-click the connection icon and select Set as Default Connection. Then, go to Control Panel [Network and Internet Connections] Internet Options Connections tab, and click "Always dial my default connection."

  • To have Windows connect automatically when you first start your computer, place a shortcut to the connection in your Startup folder. You'll also need to make sure that the "Prompt for name and password, certificate, etc." option is turned off.

  • To enter additional phone numbers for this connection, right-click the new connection icon, select Properties, choose the General tab, and click Alternates. See Figure 7-24 for an example.

Figure 7-24. Adding alternate phone numbers

  • If you need to make more than one dial-up connection, a quick way is to right-click an existing dial-up connection icon and select Create Copy. Then, right-click the new connection icon and select Properties to modify it.

  • If you're using America Online, MSN, or some other proprietary service, these instructions may not apply to you. Contact your service provider for setup instructions for Windows XP.

7.2.4. Sharing an Internet Connection

It obviously makes sense to share a single Internet connection among all the computers in your home or office, rather than investing in a separate connection for each machine. Fortunately, Windows XP comes with an Internet Connection Sharing (ICS) feature built right into the operating system. Additionally, there are third-party hardware and software products that provide similar functionality, each with its own advantages and disadvantages. See "Alternatives to Internet Connection Sharing," later in this chapter, for details.

7.2.4.1 Setting up Internet Connection Sharing

Internet Connection Sharing is a system by which a single computer with an Internet Connection acts as a gateway, allowing other computers on the LAN to use the connection. The computer that is connected directly to the Internet is called the host ; all the other computers are called clients .

In order to get ICS (Internet Connection Sharing) to work, you'll need the following:

  • At least two computers, each with an Ethernet card properly installed and functioning. It is assumed you've already set up your local network, as described in "Setting up a LAN," earlier in this chapter. Your Internet connection can be shared with as many clients as your LAN will support.

  • One of the computers must have an Internet connection properly set up, as described in "Connecting to the Internet," earlier in this chapter. The instructions that follow assume that the computer handing the Internet connection is running Windows XP; if you need to set up a computer running another version of Windows as the ICS host, visit http://www.annoyances.org/exec/show/ics.

  • You do not need a special type of Internet connection, nor do you need to pay your Internet service provider extra fees to use Internet Connection Sharing. The whole point of ICS is to take a connection intended for a single computer and share it with several other machines.

  • There is no minimum connection speed, but you should keep in mind that when two users are downloading using the shared connection simultaneously (the worst-case scenario), each user will experience half of the original performance. In other words, you probably don't want to bother sharing a 14.4k analog modem connection; see the discussion of bandwidth at the beginning of this chapter for more information.

  • If your Internet connection is provided by a router or you've allocated multiple IP addresses, you don't need Internet Connection Sharing; see Section 7.2.4.3, later in this chapter, for details.

  • If you're sharing a DSL, cable modem, or other high-speed, Ethernet-based Internet connection, the computer with the Internet connection must have two Ethernet cards installed. See Figure 7-2 for a diagram of this setup.

The first step in setting up ICS is to configure the host, the computer with the Internet Connection that will be shared.

  1. Open the Network Connections window. Here, you should have at least two connections listed: one for your Internet Connection, and one for the Ethernet adapter connected to your Local Area Network (LAN). If they're not there, your network is not ready; refer to the earlier topics in this chapter, and try again.

    For clarity, I recommend renaming the two connections to "Internet Connection" and "Local Area Connection," as shown in Figure 7-4 and Figure 7-5.

  2. If you haven't already done it, select Details from the View menu.

  3. Right-click the connection icon corresponding to your Internet connection and select Properties. In most cases, it will be the Ethernet adapter connected to your Internet connection device.

    However, if you're using DSL or cable with PPPoE, the icon to use is the "Broadband" connection set up in "Connecting to the Internet: DSL, cable, or other high-speed connection via PPPoE," earlier in this chapter.

  4. Choose the Advanced tab, and turn on the "Allow other network users to connect through this computer's Internet connection" option, as shown in Figure 7-25. Click OK when you're done.

    For more information on the Firewall option shown here, see Section 7.2.5, later in this chapter.

    Figure 7-25. Allowing ICS via the Advanced tab of a network connection's properties

  5. Verify that Internet Connection Sharing is enabled; it should say "Enabled, Shared" in the Type column of the Network Connections window, as shown in Figures Figure 7-4 and Figure 7-5.

  6. Verify that the Internet connection still works on the host by attempting to open a web page or by using Ping (see Chapter 4). If the Internet connection doesn't work on the host, it definitely won't work on any of the clients.

  7. That's it! The change should take effect immediately.

The next step is to configure each of the client computers to use the shared connection. The only requirements of the client machines are that they are running an operating system that supports networking, and that their network connections are properly set up. The clients can be running Windows 2000, Windows Me, Windows 9x, Windows NT, Windows 3.x for Workgroups, or even MacOS, Unix, Linux, or FreeBSD.

See Section 7.2.3, earlier in this chapter, and follow the instructions under "Connection provided by another computer or router via Internet Connection Sharing." While the instructions are specific to Windows XP, the settings explained therein can be adapted to any OS; refer to your operating system's documentation for more information.

7.2.4.2 Troubleshooting Internet Connection Sharing

Here are some tips that should help you fix the problems you might encounter with Internet Connection Sharing:

  • If the Internet is accessible by one client machine, it should work for them all. If none of the clients work, the problem is with the host; if some of the clients work, and others don't, it's a problem with the clients.

  • ICS works over existing network connections, so those connections must be functioning before ICS will operate . Refer to Section 7.2.1 and Section 7.2.3, earlier in this chapter, for more troubleshooting details.

  • Check to see if you have any firewall software installed on the host or clients that might be interfering with the connection. The Internet Connection Firewall included with Windows XP (discussed later in this chapter) shouldn't pose any problems, though.

  • The ICS host must have the IP address for the connection to the LAN set to 192.168.0.1 , which means that no other computers can be using that address. If you can't get ICS to work with the default Windows XP configuration, try assigning a fixed IP address to each of your clients: 192.168.0.2 for the first, 192.168.0.3 for the second, and so on. Refer to Section 7.2.1, earlier in this chapter, for details on setting IP addresses

  • You can determine any computer's IP address with the "Windows IP Configuration" utility discussed in Chapter 4, or with each connection icon's Status window, discussed in Section 7.1.2, earlier in this chapter.

  • If you're experiencing poor performance, it's important to realize that whatever bandwidth is available though a given Internet connection will be shared among all of the computers using the connection. The worst-case scenario is when two or more users download large amounts of data simultaneously; in this case, they would each receive only half the total connection bandwidth. Most of the time, though, this bandwidth sharing will have little noticeable effect, because two or more users on a small workgroup will rarely consume a great deal of bandwidth at the same time.

  • If you're using special connection software for use with your DSL or cable (such as Efficient Networks' NTS Enternet 300 software), it's best to remove it and use Windows XP's built-in support for PPPoE (described earlier in this chapter).

  • If you're using PPPoE and find that you can access some web sites but not others from the client machines, see this article: http://www.annoyances.org/exec/show/article04-107.

7.2.4.3 Alternatives to Internet Connection Sharing

The Internet Connection Sharing feature built into Windows XP has its limitations. For example, the host computer must be on and connected to the Internet for the other computers to have Internet access. If you don't want your network's Internet connection to rely on any single computer, there are alternatives to ICS.

The cheapest and most flexible way to share an Internet connection is to use ICS, but it's worth investigating the alternatives to see if they make sense for you.


Use a router

A router works similarly to a hub or switch, both discussed at the beginning of this chapter, except that it is also capable of connecting a single Internet connection directly to a LAN. The advantages of a router over ICS is that no single computer must be on for the other computers to have Internet access. Among the disadvantages are the added cost, the potentially more complicated setup, and the support for only certain types of high-speed Internet Connections. Figure 7-3 shows a setup that uses a router.

If you're looking for a router, make sure to get one that supports both DSL and cable connections, as well as PPPoE connections (if that's what your service provider uses). Refer to the documentation that comes with the router for basic setup instructions, and see the Section 7.2.3.7 earlier in this chapter for instructions on connecting a Windows XP system to a router.


Use multiple IP addresses

Some ISPs may provide, at extra cost, multiple IP addresses, with the specific intent that Internet access be provided for more than one computer. Instead of using software or hardware to share a single connection (as described in the preceding sections), each computer has its own IP address and, therefore, effectively has its own Internet connection.

Refer to the instructions in the "DSL, cable, or other high-speed connection with a static IP address" section earlier in this chapter to set up each of your computers to access the Internet. The only thing to keep in mind is that each computer must have a different IP address.

The advantages of multiple IP addresses over ICS or using a router, as described above, is that the setup is very easy, and no additional hardware or software is required. The downside is that Internet connections with multiple IP addresses are often much more expensive than standard Internet connections. In fact, the added monthly cost will most likely exceed the one-time cost of a router.

7.2.5. Implementing Network Security

Security is a very real concern for any computer connected to a network or the Internet. There are three main categories of security threats:


A deliberate , targeted attack through your network connection

Ironically, this is the type of attack most people fear, but realistically , it is the least likely to occur, at least where home and small office networks are concerned. It's possible for a so-called hacker to obtain access to your computer, either through your Internet connection or from another computer on your local network.


An automated invasion by a virus or robot

A virus is simply a computer program that is designed to duplicate itself with the purpose of infecting as many computers as possible. If your computer is infected by a virus, it may use your network connection to infect other computers; likewise, if another computer on your network is infected, your computer is vulnerable to infection. The same goes for Internet connections, although the method of transport is typically an infected email message.

There also exist so-called robots, programs that are designed to scan large groups of IP addresses and look for vulnerabilities. The motive for such a program can be anything from exploitation of credit card numbers or other sensitive information to the hijacking of computers for the purpose of distributing spam or viruses.


A deliberate attack by a person sitting at your computer

A person who sits down at your computer can easily gain access to sensitive information, including your documents, email, and even various passwords stored by your web browser. An intruder can be anyone , from the person who steals your computer to a co-worker casually walking by your unattended desk. Naturally, it's up to you to determine the actual likelihood of such a threat, and to take the appropriate measures.

Windows XP includes several features that will enable you to implement a reasonable level of security without purchasing additional software or hardware. Unfortunately, Windows is not configured for optimal security by default. Before you proceed with any of the solutions in this section, complete the following steps:

  1. A feature called Simple File Sharing, which could allow anyone, anywhere , to access your personal files, is turned on by default in Windows XP. Go to Control Panel [Appearance and Themes] Folder Options View tab, and turn off the "Use simple file sharing" option.

  2. If you need to share files or folders with other computers on your network, see Section 7.2.2, earlier in this chapter. It's wise to share only those folders that need to be shared; also, make sure none of your sensitive data is stored in shared folders or folders located on shared drives. You can see exactly which folders are shared by navigating to My Network Places Entire Network Microsoft Windows Network the name of your workgroup the name of your computer. Figure 7-26 shows an example of this folder.

    Figure 7-26. Showing which files and folders your computer is sharing

  3. Open the Network Connections window, and right-click on the icon corresponding to your Internet connection. If you have more than one, repeat this procedure for each Internet connection.

  4. In the General tab, clear the checkmark next to the "File and Printer Sharing for Microsoft Networks" entry. The only connection for which this option should be enabled is the connection to your LAN (if you have one). See "Services and Protocols," earlier in this chapter, for more information.

Read through the remaining topics in this chapter for additional security features in Windows XP.

7.2.5.1 Using the Internet Connection Firewall

A firewall is a layer of protection that permits or denies network communication based on a predefined set of rules. These rules restrict communication so that only certain applications are permitted to use your network connection. This effectively closes backdoors to your computer that otherwise might be exploited by viruses, hackers, and other malicious applications.

To enable the Internet Connection Firewall (ICF) on your computer, follow these steps:

  1. Open the Network Connections window, and, if you haven't already done so, select Details from the View menu.

  2. Right-click the connection icon corresponding to your Internet connection, and select Properties. In most cases, it will be the Ethernet adapter connected to your Internet connection device.

    However, if you're using DSL or cable with PPPoE, the icon to use is the "Broadband" connection set up in "Connecting to the Internet: DSL, cable, or other high-speed connection via PPPoE," earlier in this chapter.

  3. Choose the Advanced tab, and turn on the "Protect my computer and network by limiting or preventing access to this computer from the Internet" option, as shown in Figure 7-25 (earlier in this chapter). Click OK when you're done.

    For more information on the Internet Connection Sharing option shown here, see Section 7.2.4, earlier in this chapter.

  4. Verify that Internet Connection Sharing is enabled; it should say "Enabled, Firewalled" or "Enabled, Shared, Firewalled" in the Type column of the Network Connections window, as shown in Figures 7-4 and 7-5.

  5. Verify that the Internet connection still works on the host by attempting to open a web page or by using Ping (see Chapter 4).

As you use your computer, you may find that a particular program no longer works. Verify that the firewall is causing the problem by temporarily disabling the Internet Connection Firewall, and trying again. If indeed the firewall is the culprit, you can add a new rule to permit the program to communicate over your Internet Connection.

  1. Open the Network Connections window, right-click the firewalled connection icon corresponding to your Internet connection, and select Properties.

  2. Choose the Advanced tab, click Settings, and choose the Services tab.

  3. If the program or service you wish to use is on the list, place a checkmark next to it. Otherwise, click Add to display the Service Settings window as shown in Figure 7-27.

    Figure 7-27. The Service Settings Window

  4. The Description of service is simply a name you assign to the new service; it can be anything that doesn't already exist on the list. The description should be clear and easily recognizable, such as "Peer-to-Peer Sharing" or "Whiteboard software."

  5. The "Name or IP address" field can be somewhat confusing. If you're connecting to a service provided by a single, specific computer, enter the IP address or network name of the computer here. Otherwise, simply type a period. (The field can't be left blank.)

  6. Port numbers, described at the beginning of this chapter, are how ICF distinguishes one service from another. You may need to consult the documentation of the particular software or service to determine the appropriate port number. Type the external and internal port numbers in the two remaining fields; in most cases, both of these values will be the same. And unless you specifically need to specify UDP ports, leave the TCP option enabled.

  7. Click OK when you're done. Place a checkmark next to the newly added service, as well as any other services you wish to permit, and click OK. Finally, click OK to close the properties window.

  8. Test the newly permitted service. You may have to experiment with different firewall rules until your software or service works properly.

7.2.5.2 Notes

  • There are third-party firewall solutions available that might provide a higher level of security or more options, but the Internet Connection Firewall that comes with Windows XP should provide an adequate level of protection for most home and small office computers and networks.

  • The Internet Connection Firewall only protects Internet connections; if you need a firewall between your computer and others on your local network, you'll need to use a third-party solution.

  • If you're using Internet Connection Sharing, you can protect your entire network by simply enabling the Internet Connection Firewall for the single shared Internet Connection on the host computer.

  • By default, Windows XP does not log communication blocked by the Internet Connection Firewall. To enable firewall logging, open the Advanced Settings window, and turn on the "Log dropped packets" option. The default location of the log is \Windows\pfirewall.log , which is a tex t file that can be opened in Notepad.

7.2.5.3 What's new in Service Pack 2?

The firewall feature built into Windows XP (the Internet Connection Firewall or ICF) hasn't exactly been the most popular firewall program in the world since its debut in 2001. Turned off by default and no match for third-party firewall programs, you could be forgiven for forgetting that it was there at all.

Service Pack 2 takes a slightly different approach to the problem. The new Windows Firewall, which replaces the old Internet Connection Firewall, still isn't our first choice for protector, but at least it's activated from the moment you boot up your machine. And if you try to switch it off without installing a replacement, Windows will harangue you with warnings.

One thing in its favor: Windows Firewall is exceptionally easy to use. Install SP2, reboot, and it's on by default, blocking applications and services that you haven't added to the Firewall control panel's Exception tab. If a web site tries to download anything suspicious to your PC (even if it was "asked" by a program on your PC, such as a media player), the Windows Firewall pops up a simple dialog box asking you whether to Keep Blocking it, Unblock it (in other words, grant access), or to ask you later when you've figured out what it wants. The rest of the time, Windows Firewall stays out of your way, only alerting you with a little balloon in the Windows System Tray if anything deactivates it.

To turn the firewall on or off, open the Security Center control panel, and on the General tab, click either the "On (recommended)" or "Off (not recommended)" radio button.

Unlike most firewalls, Windows Firewall only monitors and controls inbound traffic, leaving you at risk if a virus, Trojan, or spyware program on your PC wants to send information from your system or transmit itself to every friend in your address book. Paranoid? You should be. For more complete protection, get a firewall such as ZoneAlarm that controls both inbound and outbound communications. While you're at it, install top- notch anti-virus and anti-spyware programs. And use them.


One potential problem: Windows Firewall doesn't cater to multiple connections types. LAN, broadband, and dial-up connections are all the same in the Firewall's eyes. Whatever exceptions and other options you set for one will be applied to all connections. Ironically, the one exception is exceptions. When connecting to a potentially insecure network, such as a Wi-Fi hotspot, you can check a box on the General tab to temporarily cancel any and all exceptions (and hide requests for new ones).

Unfortunately, Windows XP can't automatically detect when you're away from home and flip the toggle for you. Having the option tucked away in the Firewall control panel makes it easy to forget about...until you start wondering why none of your programs are working any more!

The Firewall control panel's tabs work as follows :


General

In this tab you can switch the firewall on and off (see Figure 7-28). You should never have more than one firewall running at one time, and installing a third-party firewall is the primary reason for deactivating the Windows Firewall. The "Don't allow exceptions" checkbox is for temporary use away from your own network, when you're connecting to public and private hotspots. Naturally, you'll want to make sure that none of your applications present an additional security risk.

Figure 7-28. Windows Firewall works exactly like ICF, but it's switched on by default, and much easier to use


Exceptions

This tab lists every program or service that has attempted to make an Internet connection. Those with ticked checkboxes have been granted access; the rest are currently blocked. Click the Add Program button to display a list of your installed software and double-click any app that you want to unblock. The Browse button on this dialog box lets you track down individual executables that don't appear on the list. The Add Port button (see Figure 7-29) lets you give an application access to a specific port by name and port number. Both buttons lead to dialog boxes with a "Change scope" button, where you can restrict the exception to just your network, a set of IP addresses and subnets that you specify, or any computer on the Internet (the default).


Advanced

This tab controls the level of access that each connection has to network services such as web servers, FTP servers, and remote desktop functions. You can choose whether or not to log all traffic, and if so, exactly what, and choose to share log and error data across the whole network. The Restore Defaults button returns Windows Firewall to its factory settings.

Figure 7-29. You can give a program access to a specific port, but make sure it's the right one. In this case, port 80 handles data downloaded from web sites.

7.2.5.4 Protecting your data with passwords and encryption

Mos t users consider passwords to be a monumental nuisance. After all, we use passwords to access our email, place orders from online stores, access our bank accounts, and bid on all of those priceless artifacts on eBay. However, if it weren't for passwords, anyone could read our email, abuse our credit cards, steal from our accounts, and place bids on all sorts of annoying little ceramic figurines , all without our knowledge or authorization.

Windows XP has a rather robust security subsystem, allowing you to deny access to your computer to anyone who does not know your password. If you're using Windows XP Professional, you can also protect your data from other, less-privileged users on the same machine or on your network.

See "User Accounts" in Chapter 4 for more details on adding and removing users, as well as assigning passwords to existing user accounts. Although Windows NT permits user accounts to be created without a password (it's actually the default), you should ensure that each user on your machine is assigned a unique password. Even if you're not the least bit worried about a family member or coworker accessing the data on your computer, a password-less account is vulnerable to attacks over your network or Internet connection.

Assigning a password doesn't necessarily mean that you have to log in every time use your computer, however. If you're the only one who uses your computer, you can use TweakUI I (discussed in Appendix D) to set Windows XP to log in with your username and password automatically.

Suppose you have three different people who all use the same computer, and you don't want other users to be able to read or modify your personal files. Now, any user with administrator privileges has unrestricted access to every file and folder on your computer, but less-privileged users can easily be selectively locked out of any folder on your hard disk. While Windows XP Home Edition only supports administrator accounts, XP Professional supports several levels of users, and is therefore required for this type of security. See the section on Permissions in "Sharing Resources," earlier in this chapter, for details on setting permissions.

Finally, Windows XP supports file encryption, an additional layer of security that scrambles your sensitive data, making it totally unreadable for anyone without the proper authorization. See the "NTFS Encryption Utility" in Chapter 4 for more information.

7.2.5.5 Additional security tips

The following tips should help you make your computer more secure and less vulnerable to the types of security threats present today:

  • Close all of the applications and stop all of the services that you don't need running. For example, Windows Messenger (discussed in Chapter 4) opens yet another backdoor to your computer, potentially allowing outside users to obtain information about your network connection. By default, Windows Messenger is run every time you start Windows XP, but it should certainly be disabled immediately if you don't use it. This advice applies to Yahoo! Messenger and AOL Instant Messenger as well.

  • Go to Control Panel [Performance and Maintenance] System Remote tab, and turn off both of the options in this window. Otherwise, another user could connect to your computer over a network or Internet connection and use it as though they were sitting in front of it. See "Remote Desktop Connection" and "Remote Assistance," both in Chapter 4, for more information.

  • Viruses are probably the biggest threat to computer security. A virus can automatically disable certain security features on your computer, and even open backdoors, allowing additional viruses and other more malicious attacks. The vast majority of viruses come through email attachments. Fortunately, it's extremely easy to protect yourself from email viruses: just don't open them. They can't activate themselves ; a virus contained in a Word document will remain dormant until the document is opened in Word.

  • The downside is that it's not always obvious which files are viruses and which are not. Sometimes, of course, it's easy: if you receive an attachment with an email advertisement to make money fast, visit a porn site, or enlarge a portion of your anatomy, delete the attachment immediately without opening it. However, other times, an email attachment may come from someone you know; the file may be clean, or it may be infected. It may have even been sent without the sender's knowledge, as some viruses are capable of hijacking your email program and sending infected attachments to everyone in your contact list. Most of these types of viruses are targeted to Outlook users; not only are Microsoft Outlook and Outlook Express both very common, they are also both especially vulnerable. One way to protect yourself is to use a different email program, such as Eudora (available at http://www.eudora.com).

  • The best defense against such an attack is an up-to-date anti-virus utility, such as Norton Antivirus (available from http://www. symantec .com ). But as useful and beneficial as anti-virus software can be, don't let it lull you into a false sense of security. The majority of serious virus infestations I've seen have been on computers with full-blown anti-virus software; the infestations are invariably caused by negligence by the user.

  • Don't write your password on a Post-It note stuck to your monitor. Instead, if you have trouble remembering all of your passwords, there are a number of password-management programs available for Windows (such as Keypack, available at http://www.magellass.com/prod-kp.html, and Password Pro, available at http://cmbsoftware.com/passpro.htm). Instead of remembering twenty different username and password combinations, you only need to remember one: the password required to open your password manager!

  • In addition, your web browser can be instructed to remember passwords for your various secure web sites. Both Internet Explorer (see Chapter 4) and Mozilla (available at http://www.mozilla.org) can not only save usernames and passwords, but will type them for you automatically the next time you visit those sites.

  • Finally, take security seriously, even if your computer is not on a network, if for no other reason than to save the massive headache you'd otherwise get when you had to format your hard disk and reinstall Windows after a virus attack.


Previous page
Table of content
Next page
Windows XP in a Nutshell
Windows XP in a Nutshell, Second Edition
ISBN: 0596009003
EAN: 2147483647
Year: 2003
Pages: 266
Authors: David A. Karp, Tim OReilly, Troy Mott
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Mapping Hacks: Tips & Tools for Electronic Cartography
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Mastering Delphi 7
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy