 Click for larger picture |
This is the most common configuration for single computer households.
The computer's network interface contains the global IP and is directly exposed to infection from worms and hackers. While a separate
broad band modem is drawn, the principles hold true for an internal dial-up modem as well. At a
minimum "File and print sharing" and "Client for Microsoft Networks" must be disabled on the
interface. A good software firewall and anti-virus would be my minimum config, especially since
these can be had free for home users. See the software page for
more info.
|
|
Click image to see larger version
|
This second method allows the connection of multiple computers to the internet using Internet Connection
sharing. The warnings above are still valid since the ICS host is directly facing the Internet. This
method works pretty good for sharing a dial up connection, but if a second network card is needed for the
host to share a broadband connection the ease of use of a router makes up for the slight increase in cost.
|
|
Click image to see larger version
|
This method puts the computers into a separate network, unreachable from the internet. They can access the
internet through the router using NAT. This adds to
security, plus there is no host computer that must be left on. The setup routines on these routers have
become so advanced that no real knowledge of networking is necessary to set them up.
A very oversimplified example of NAT in action
can be seen by pressing the button below. These routers are very good at stopping unsolicited attempts
at entering your network. That doesn't mean that a trojan infected game can't be downloaded, so a good virus
scanner is still important. A software firewall will also alert you when a new or changed program tries to
access the internet so having one on the computers is still helpful if no longer critical.
|
