- Sample Setup
- Wingate Security
- Local Security
- Line Tests
- Security Tests
- Wingate 3.0 FAQ
- Wingate 4 FAQ
Add Your URL
The information provided at "Solutions" on this
site deals with the various problems described below.
- 1. The Beginning. The
cable modem ISP nstalled their cable modem service at our site. Installers spliced
the TV cable, connected it to a Com21 cable modem and attached the modem to a hub used by
an in-house LAN. An uninstalled NIC was also provided. The browser connection
properties were set to values specified in the ISP's Quick Start Sheet. Internet
access worked fine and it was thought that all installation problems were solved.
- 2. Surprise 1: LAN inoperable.
It didn't take long to discover that the LAN was no longer operating properly. When
queried, ISP support indicated a proxy server was required and that they didn't support
that. A proxy server was obtained and installed, but the LAN and cable modem would
still not operate correctly.
- 3. Surprise 2. LAN hub cannot be used for cable modem. After searching internet information it was discovered that connecting the
cable modem to the hub was the cause of network failure. 2 NIC cards were required
in the machine that accessed the cable modem and used the proxy server -- one connected to
the modem, the other to the in-house network hub. A second NIC was installed and
proper operability of internet access via the cable modem as well as in-house LAN access
was available to all network clients. (Note: A 2-PC LAN does not require a hub;
2 NICs for the PC with the cable modem are still required..)
- 4. Surprise 3. LAN Client Security problem. While testing the 2-NIC system configuration, the screen for Neighborhood
Network > Entire Network > Microsoft Windows Network was checked. This
dialog contained unexpected entries for several dozen unknown domains/workgroups. On
checking out some of these, it was found some of these strange computer systems had
accessible LANs. Some used password access but others were wide open with full file
read/write access to everything. This led to the conclusion that the in-housel LAN was
also unprotected. The ISP had no support or advice for this issue. Solutions
that prevented external access to the in-house LAN were eventually found, but these did
not protect the PC connected to the cable modem.
- 5. Surprise 4. LAN Server Security Problem.
- It was determined that the ISP network security problem,
namely, visibility and ability to access other unprotected users on the ISP network, can
- with or without an in-house LAN and
- with or without a Proxy Server unless special
precautions are taken.
- It was concluded that the local server connected to the cable modem was
vulnerable although in-house LAN clients were protected by the proxy server.
- Some cable modem users of other ISP cable modem services report that the
ISP suppresses the visibility of user domains on the Neighborhood Network, but this
suppression is not provided by many cable modem ISPs.
- Suppressed visibility is not the case with our cable ISP.
Solution of these problems required
- Installing a second network interface card.
- Installing a proxy server which
- Enables correct operation of the in-house LAN and cable modem.
- Enables Internet access via the cable modem for all in-house LAN clients.
- Provides a security firewall for client PCs but not for the
PC connected to the cable modem.
- An overhaul of network default properties to secure the PC connected to
the cable modem.
- Problems and solutions will vary depending on user and ISP hardware and
software configurations. No solution is universal.
Last Updated July 29, 2002 10:21:53 PM