Basic Lan Security

[MattTheTech]

I have several computers on a LAN that are used for business purposes, and a few machines for public usage (just the internet). All of the machines are Windows XP, so they are able to browse the network for shares no matter what the workgroup name is.

I am trying to figure out a nice simple solution to keep the public machines from doing anything on the network aside from internet access.

Is it possible to force XP to _only_ use the workgroup it is assigned, and never talk to others? (so a dummy workgroup can be used for the public machines).

Any other solutions would be welcomed. Everything is hooked up to the same linksys hub which is connected to a linksys router, then a cable modem.

 

[JackMDS]

There few solutions.

The simplest one.

Install NetBEUI on the private computers, and make it default LAN protocol.

Make sure that only TCP/IP is installed on the Public computers, and that it is not bound to File sharing.

Link: Set NetBEUI as the Default Sharing Protocol in WinXP.

 

[Torghn]

Jack's idea is great, just make sure a normal user can't change your network settings and gain access that way. If for what ever reason that's not an option and you Router/firewall has a DMZ run all your public comps on that and restrict access from the DMZ to the internal group. That would let the business comps access the public comps, but not the other way around.

 

[bgroff]

Of course there's the double NAT/router option... You could put the private network PCs behind a second Linksys router with the public/WAN side connected to your current Linksys's private network. This will keep the private network PCs hidden from the public internet PCs and solve your problem. The only kicker *might* be you'd have to use a different private network range behind the second Linksys to keep it from going mental. Technically, it shouldn't be a problem to have the same ranges overlap, but you never know what might happen...