Wizcrafts Computer Services
maintenance and security
Computer Networking Fundamentals:
The information about hardware on this webpage covers wired networks only. The details about protocols applies to wired and wireless Windows networking.
Domains, Servers, Workstations, LANS and WANS:
I know about Domains and LANs. Skip to the next section.
Networking means connecting two or more computers together to share files and resources. The usual purpose of computer networks is for business use, where multiple employees can work on centrally stored files, from their individual workstaions. These networks usually have a mainframe "File Server," or other powerful machines which contain all of the login credentials and permissions needed to allow the employees logon to the Domain to access customer records and data files stored on the servers, from their less powerful, or "dumb" workstations. The main computers are referred to as "Domain Controllers, File Servers, or Terminal Servers," and the remote computers, or networked keyboards, are called "Workstations," or "Terminals." The Servers allow employees at their workstations to read, and or write to the data files that are stored on the Server's hard drives. This relationship is a Master-Slave system.
The computers making up the network contain Network Interface Cards (NICs), which are connected by cabling, typically CAT5, to devices called "network hubs," which regulate the flow of data between the Servers, the Workstations, and the network printers. Often, the printers are connected to a special device called a "Print Server," which can feed one or more Laser printers with print jobs originating from various Workstations.
All of the computers that interconnect physically in one building are referred to a Local Area Network, or "LAN." Often, employees on the road, or at other corporate buildings, or in other cities, must connect to the Domain by remote wired, wireless, or dial-in connections. This expanded network is called a Wide Area Network, or "WAN." The Internet is actually a WAN.
I mentioned that the system which has Domain Controllers with File Servers and Workstations is a Master-Slave system. There is also a network system caller "Peer-to-Peer."
I know about Peer-to-Peer networks. Skip to hardware.
In a Peer-to-Peer network all of the computers that are interconnected are able to function as either Master or Slave, in their local area network. These are typically found in small offices or businesses where everybody is able to work with data files stored on their own machines. While Peer-to-Peer systems may have certain files stored on one master machine, it is not necessarily so, and any workstation computer can become a file server for the others on the network, if it is so decided.
It used to be that networking multiple computers was strictly in the domain of advanced business systems, requiring the services of a systems administrator knowledgable in the mysteries of Windows NT operating systems and Domains.
While this job position is still very much in demand for businesses, networking has now spilled over into the home computer market. The Internet phenomenon has led to many families having more than one computer in the household, especially those users with high-speed broadband connections.
Many of my service calls now involve setting up home computer "peer-to-peer" networks
What equipment is needed for a Peer-to-Peer network?
I know about the equipment. Skip to installation instructions.
To start you will need a 10/100 mbps, or faster (1000 mbps), Network Interface Card (NIC) for each computer to be networked. These cards plug into slots in sockets on your motherboard (usually white PCI slots) and have an RJ45 input/output jack, and possibly some LED signal lights, on the metal mounting strip. If it is not feasable to install internal cards, there are external USB Network Interface Devices available, for USB equipped computers.
You will also need a device known as a network "hub," or "router," or "switch" (that matches the speed of the NICs), with enough ports (sockets) for all your computers (hubs routers and switches usually come with multiples of 4 sockets). The type of device you need depends on whether you are connecting to a broadband modem and the Internet (WAN - Wide Area Network), or are simply networking computers together inside your house/office (LAN - Local Area Network).
If you are connecting to the Internet through a broadband modem you will need a broadband Router. Otherwise, a 4 or 8 port hub will suffice for your household or small office computers, whereas a switch will perform better for a large office setup.
Additionally, you'll need CAT-5e Network Cables, long enough to connect each computer to the router/hub/switch. Network cables are sold by all the major electronics stores, home renovation outlets, and computer parts suppliers, and come in various lengths, or in bulk rolls. You can buy your cable in bulk, then buy an RJ45 crimping tool and a bunch of RJ45 plugs and cut your own cables to whatever lengths you need, often far cheaper than buying individual preassembled cables.
There are many brands and price points to choose from for NICs, hubs, routers and switches, and some manufacturers even sell "network in a box" kits, with two or more NICs and a matching hub.
You can get connected with everything you need for wired or wireless networking, at Tiger Direct
Next, determine where the hub|router|switch and the various computers will be located and measure along the walls behind them to get the required length of network cable you will require. Purchase pre-made cables in the closest lengths to your measurements, or cut your own cables from bulk and crimp on the plugs (buy a short network cable as a reference for the color code connections of the wires on the two ends). The catagory code for the cable will depend on whether you are using 10/100 mb/s, or the new 1000 mb/s NICs. The faster cards require a special, low capacitance cable to avoid signal degradation.
Finally, you may need driver disks for any new network cards that will be installed, and possibly your Windows operating system CDs, for older versions of Windows on your various computers (unless these files have been transferred to your hard drives).
How to install a Network Interface Card (NIC) (Show details)
If you need to purchase a NIC see the sources listed above.
If the network card is already installed, or is built into the motherboard, or you know how to install it, skip to the configuration section.
If the NIC is built into the motherboard, but is not being recognized, it might be disabled in the BIOS. Reboot the computer and tap the (Delete, or F1, or F2, or ESC) key that is used to enter Setup, until you see "Entering Setup," or you see the BIOS/CMOS configuration screen. You'll have to navigate using the Arrow and Tab keys, and open/close option boxes with the Enter key. One of the tabs will contain configuration options to enable built-in hardware devices (e.g. sound, network, RAID). You'll have to search for it (look under Northbridge, Southbridge, peripherals, etc). When you find the place where the NIC is activated Enable it (try Enter and up/down arrow keys). Once you enable the Network Adapter save the changes and exit the BIOS (read the keyboard instructions on the bottom or right side of the screen). Allow the computer to reboot into Windows and see if it asks for a driver for the NIC.
If the NIC is detected by Windows and needs to have it's driver installed from a disk, find that disk (it shipped with your computer or motherboard) and go to step #8.
- Shut down any computer that needs to have a NIC installed.
- Unplug the power cord and open the case.
- Locate an appropriate available (probably PCI or Network mini-riser) socket and remove the cover plate and screw from the back chassis to expose that slot for installation.
- Insert and firmly seat the NIC into the socket, with the steel bracket facing the back of the case, then apply the screw to the slot in the bracket to secure it to the threaded hole in the chassis. The chassis screw is necessary both to prevent the card from loosening and for grounding purposes.
- When you are certain that the card is firmly secured in its socket you can replace the case cover and the power plug.
- Have your NIC's installation floppy diskette or CD handy.
- If the installation drivers are on a floppy disk, but your computer does not have a floppy drive, you can buy a USB floppy drive from Tiger Direct, or Amazon.
Boot the computer and see if Windows detects the new hardware (it should).
- If the operating system recognizes your card it will offer to install a driver for it.
- If you have a recent release driver disk, that is compatible with the operating system, insert it into the appropriate drive, check the option box for that drive, and let the New Hardware Wizard search that drive to decide if it is a more compatible driver than the system version.
- If it is a better match, use the manufacturer's driver. If not, accept the system driver. You can always update from the Internet later.
- If you have a USB network adapter, install the driver first (from the CD or floppy), then plug the adapter into a USB port and let Windows find the device and activate it.
- After the network adapter has been installed and recognized by Windows you should visit the Windows Update, or Microsoft Update website, and run a "Custom" check to see if there is a driver update for your network adapter.
If your card is not recognized when the computer reboots, and the New Hardware Found Wizard does not appear, either the card is not Plug and Play compatible (it's too old), or your operating system is too old to recognize the new card (happens often).
- Let Windows finish loading, until all disk activity stops.
- Click on Start > Settings > Control Panel and double-click on the "Add/Remove Hardware" icon.
- The Add Hardware Wizards are different for various versions of Windows, so you may not see all of these options.
- Click on Next until the Wizard displays a list of hardware to add or remove.
- It may have a link at the top of a list, labeled "Add a new device." If so, select that and click Next.
- Choose to select your hardware from a list (and click Next). A long list of various types of hardware will appear.
- Scroll down and select "Network Adapters."
- The next option window should display a double paneled selection box, with the "Manufacturers:" on the left and "Network Adapter:" on the right. Under the right panel you should see the button labeled "Have Disk."
- Click this button and use the Browse button to locate your CD or floppy disk, and the appropriate folder where the driver file exists. When you find that file or folder the "OK" button will become highlighted.
- The installer file will have the extension ".inf" which will install your driver into the correct system directory.
- Click OK to install the driver, then OK, Next, or Finish to complete the installation.
- Reboot the computer when prompted to do so.
- Your network card is now installed, but not configured.
- After the network adapter has been installed and recognized by Windows you should visit the Windows Update, or Microsoft Update (or manufacturer's) website, and run a "Custom" check to see if there is a driver update for your network adapter.
Breath deep and take a break. The fun has just started!
Connecting and Configuring your Network: (Show details)
I know about connecting and configuring the cards. Jump to Protocols.
Once you have installed all of the network adapters you need to wire the network, unless you installed wireless network cards. If you are going wireless please follow the instructions that were provided with the cards and the wireless router or accesspoint.
Plug a network cable, with an RJ45 connector on each end, into each computer's network interface jack and plug the other ends into the network hub, router or switch. Plug the AC power adapter for the hub | router | switch into an AC outlet to power it up. If you have a four port hub with an Uplink port and switch, and you have plugged a cable to a computer into that port, ensure that the switch is not in the Uplink position! The Uplink switch reverses the wiring on the expansion port so you can use that port to connect to another hub (to expand your network).
Once all the computers are connected to the (hub) it is time to install the necessary Protocols, Logon Methods, IP and Subnet Addresses, Computer IDs, User Accounts and the new Workgroup Name, on each computer, so that they can see each other on the network.
Peer-To-Peer Network Protocols and Configuration: (Show details)
I have enabled the necessary protocols. Show me how to share files.
No matter what version of Windows you have on your computers, you must establish a common language for them to see each other and be capable of transferring files. The means by which this is accomplished is known as Networking Protocols.
Although there are many Protocols in use in business environments, there are usually only two in common use on typical peer to peer networks. These are TCP/IP and NetBeui.
If they are to communicate one of these two protocols must be installed on all of the interconnected machines. The usual protocol applications are TCP/IP for Internet connections and most modern LAN networks, NetBeui (deprecated with the release of Windows XP) for older mixed operating systems and for network file sharing without Internet access, and IPX/SPX, which is mostly used by some online multi-player games.
Tied in with the first two is another transport protocol called NetBios. NetBios carries the name of a computer to the other members of the local or wide area network. This allows them to lookup files and map paths on remote machines, using their unique names to identify each from the other. No two machines on a network may have the same name (upper or lower letter-case is identical to Windows). The names should be limited to 12 characters, should not be the same as any Usernames, nor should a computer's name, or it's owner's Login name be the same as the label given to it's main (C:) boot drive, or the active drive or partition where its operating system resides.
Due to the fact that NetBeui is no longer readily available for use on Windows XP and newer computers, and is non-routable, I strongly recommend that unless you are running mostly older operating systems, or have a compelling reason to use it, you should remove it from the networking protocols of all your machines and setup your network with TCP/IP only.
In addition to the aforementioned Protocols each computer should also have Client for Microsoft Networks and File and Printer Sharing installed in the Network Settings.
Now we will go through setting up the Computer Identification and configuring the variables in the Clients, Adapters and Protocols.
For Windows 95 and 98 computers right-click on Network Neighborhood and select Properties, or open Control Panel and double-click on the "Network" icon. The Configuration tab lists all installed, or installable Protocols, Clients and Adapters. The Identification tab is where you type in a unique name for that machine, and where you set the name for the "Workgroup" that does, or will exist for your network. The last tab is for controlling who can access shared files and printers on the machine.
Click the Identification tab and give the computer a different name than any other machine on the network. Choose a name for your shared Workgroup, or use the default name, "Workgroup," and type it into the Workgroup field. Just bear in mind that every computer on your network must have the same Workgroup name assigned to them, or else they won't be able to share files, or be seen on the network.
Use the Access tab to choose how network users can share files. There are two options that control access to a Windows 9x network. Share-level access control is the usual choice, with each shared resource protected by, or not protected by a password, with different passwords selectable for Read Only, or Read and Write (Full) access. User-level is only available if you have a Master List of User Names stored on a Server, which most home networks won't have.
Sharing Files, Folders, Printers and Drives (Resources)
Manual File Sharing Setup
First of all, Windows Sharing must be installed from your Windows 9x cdrom, or setup folder if stored locally on a hard drive. If sharing is not installed yet, you need to follow this proceedure to install it:
- Click on the "START BUTTON", then click on "SETTINGS"
- Click on "CONTROL PANEL"
- Click on "NETWORK"; The Network setup box opens
- You want the first page, "CONFIGURATION"
- Look at the items listed under "The following network components are installed"
- Scroll down through the items listed to look for "File and Printer sharing for Microsoft Networks"
- If it is listed, "sharing" is already installed
- If not, click the "ADD" button, select "SERVICE", select "MICROSOFT", then highlight "File and printer sharing for Microsoft Networks"
- Click "OK"; you will now be prompted for the location of the Windows setup files. Type in the location to either the Windows 9x cdrom, or the hard-drive storage location
- Insert the cdrom, or type the local hard-drive location and click "OK", to begin copying the necessary files to your system.
- When the copying has finished there should be an entry, in "NETWORK CONFIGURATION", for file and print sharing
- Now click on the button labeled "File and Print Sharing"
- Place a checkmark in either or both boxes, for files and printers
- Click "OK"
- The Network setup box closes and a notice pops up telling you to click OK to reboot your computer
- Allow the system to reboot
Windows 2000 and XP automatically install and configure Networking components if they detect that a NIC is installed. File and Printer Sharing will be enabled by default when the Networking components are installed by Windows 2000, Server 2003, XP, or newer.
However, there are other items that may require custom cofiguration, such as the Protocol used to communicate with other computers on the network, and the IP address - subnet - DNS Server/Gateway information.
The following tips may help you to setup these items:
- Go to Start > Settings > "Network and Dial-up Connections" or open your Control Panel and find the icon with the same name.
- Find the icon that represents your "Local Area Connection" then right-click it and select Properties.
- The installed items shown will include Clients, Services, Adapters and Protocols.
- To share files between your computers you must have an installed Network Adapter (either an onboard or plugin NIC), or an internal or external dialup modem, a Client (ex: "Client for Microsoft Networks," "Windows Family Logon," "Windows Logon," "LanMan"), File and Printer Sharing for Microsoft Networks, and either NetBEUI Protocol (available in Windows 2000 and earlier), or Internet Protocol (TCP/IP) for Windows XP networks, or earlier.
- All computers on a local area network must have a common "Protocol" to exchange data. Early versions of Windows, such as NT 4 and Windows 9.x commonly used NetBEUI as their file sharing protocol. Windows XP and newer O.S.s have dropped native support for this old protocol, and instead communicate among themselves by using TCP/IP.
- If you are connecting your home or small office computers to a router/firewall that uses Network Address Translation (NAT) to assign private IP addresses to the networked computers, with only one external public IP address assigned by your ISP, TCP/IP Protocol should be all you need to both share files and printers, and to allow all your computers to connect to the Internet. This is the way Windows XP computers share files.
Windows 2000 and earlier computer networks also use TCP/IP, but many admins setup their networks with NetBEUI as the file sharing protocol, for security reasons. NetBEUI is a non-routable protocol and is not supported by Microsoft any longer, starting with the release of Windows XP. Although NetBEUI does not appear in the list of available protocols in Windows XP, it can still be found on the Windows XP CD. You will need to manually install the driver by using this method:
- Insert your Windows XP CD-ROM in the CD-ROM drive and then locate the Valueadd\MSFT\Net\NetBEUI folder.
- With the Windows XP CD open to the above listed folder, copy the Nbf.sys file to the %SYSTEMROOT%\System32\Drivers folder.
Copy the Netnbf.inf file to the %SYSTEMROOT%\Inf hidden folder.
- Note To make a hidden folder viewable, follow these steps:
- Click Start, click Run, type Explorer, and then click OK.
- Click Tools, click Folder Options, and then click the View tab.
- Under Advanced Settings, click to select Show hidden files and folders under the Hidden files and folders Folder.
- Click Start, click Control Panel, and then double-click Network Connections.
- Right-click the adapter you want to add NetBEUI to, and then click Properties.
- On the General tab, click Install.
- Click Protocol, and then click Add.
- Click to select NetBEUI Protocol from the list and then click OK.
- Restart your computer if you are prompted to do this. The NetBEUI protocol will now be installed and working.
Sharing printers (all versions from Windows 95 to XP)
To share a printer that is connected to a computer, click on START, then SETTINGS, then PRINTERS.
The "Printers" window will open, displaying all installed printers for this computer, or remote shared printers on other computers, for your workgroup.
Locate the printer that is physically connected to the desired computer and right-click on it. Select SHARING from the flyout choices. Tick the radio selection labeled "Share as:" and observe the name that is assigned by the system. If this name is to your liking, go with it and click OK, to dismiss the Sharing dialog window. If you don't like the share-name type another one. Bear in mind that if you run DOS business programs you should limit your printer share-names to a maximum of 8 characters, without spaces.
Connecting to the shared printer:
Once you have selected a printer and given it a "Share Name" you can access it from other computers on the same network by going to each one, then opening "Start Menu > Settings > Printers and Faxes." In Windows XP the newly shared printer should appear automatically. If it doesn't, or for other operating systems, double-click on "Add Printer," to open the Add Printer Wizard. Click Next to choose Local or Network Printer. Select "A network printer, or a printer connected to another computer." Select "Browse for a printer" and click "Next." If you have made all of your computers a part of the same workgroup you should see the shared printer listed under the computer's name to which it is connected. Highlight that printer and click Next. The next option page will ask if you want to use this as the default printer for that computer. Make your selection and click Next, then Finish.
Note for DOS applications users: If your program needs to know that UNC network path to a shared printer, the form to use is like this; \\ComputerName\PrinterSharedName - so if your host computer is named Bob (no spaces) and the printer is shared as a hp8500 (no spaces), the DOS path to it would be; \\Bob\hp8500
About routers with built-in firewalls:
A NAT router takes a single Internet connection as it's input and distributes it to all computers that are plugged into it's output connectors, assigning internal, private IP addresses to each of them. This makes it somewhat more difficult to attack these computers than if they were directly connected to a broadband or dialup modem. However, they are still vulnerable to attacks that are designed to punch through these NAT translation devices.
For better security against Internet-borne attacks over TCP, or UDP, you also will need a firewall. This is either a hardware or software device that is designed to block Internet traffic in either incoming or outgoing directions, and which provides user-configurable rules to allow desired traffic in or out of the router. Most broadband routers now contain a configurable hardware firewall, such as these wireless routers and repeaters.
If you are connected to a home or business network using a router with a built-in firewall, or a separate hardware firewall, it should be configured to block all incoming packets, except those that you wish to permit and create rules for (such as filesharing, net meeting programs, remote control software, VPN, FTP, etc). A typical broadband router, which contains a user programmable hardware firewall, will block ALL unsolicited incoming traffic by default. You must create rules to allow incoming unsolicited communications, such as are needed to use PcAnywhere or remote access programs. While hardware firewall/routers normally block unsolicited incoming traffic, they will allow solicited incoming connections, because they are smart enough to detect that you initiated that connection, from your computer. This is how the Internet normally works.
Other security items pertaining to the D-Link Router firewall are to disallow remote management and incoming Pinging, unless you really need them. The checkbox for the Remote Management setting is found (on the DI-604) under "Tools" > "Admin" > "Remote Management," which should have the Disabled option selected. The Pinging option is under "Tools" > Misc > "Discard PING from WAN side." This is really a judgement call because some programs or ISPs may require you to allow incoming pinging for online status confirmation. It is best to test this option before turning it off. A positive answer to an outside ping confirms that a computer exists at that IP address. It does not open any doors by itself. Therefore, unless you have disabled the built-in firewall, or downloaded a backdoor program, no direct advantage is gained by outsiders knowing that you exist online.
Made for wired networks, this router contains a user configurable firewall and access filters, which block or permit traffic based on IP address, domain name, MAC address, or port numbers. It uses NAT translation to separate the computers on the LAN from the Internet, and has it's own DNS Server. The default firewall rules are set to block unwanted or (usually) hostile incoming probes and traffic, thus protecting the computers connected to it. Manufactured by D-Link, the DI-604 is used and recommended by Wizcrafts, for both Cable and DSL Internet connections. You have to read the dropped packet logs to believe the sheer volume of attacks that are aimed at exploiting vulnerable, unprotected ports, every minute of every day!
You can find many brands of the most popular broadband Ethernet and wireless routers on Tiger Direct's Networking components page.