Problems? See this thread at archive.org.
Sorry I don't even know how to post the question. I have two computers, one Dell XPS Desktop and a Vostro Laptop. I am trying to connect the two machines directly with a cable connection. I hired a man to run the cable from one office to another. Purchased a Net gear switch and tried to get the machines to share files (this is an office).
Both machines have internet access but do not see each other. The tech tried for hours to set up file-sharing but gave up.
I called Dell Tech support today and they did a remote session on both machines and I was given this info. which I don't understand.
Both machines are on different routers (not true). Both machines have a different gateway number and subnet number. Sorry I have no idea what this means, I'm reading the notes. He told me it was a major problem and I need to hire a Networking Engineer to solve the problem - if it is possible to correct!
The Dell tech was quite abrupt and crude. He said he sees two computers running on different routers.. There is no router! There is no wireless. There is just this switch with 4 openings. What routers does he mean and what are those numbers?
How is that possible? They share one cable modem which connects to the Netgear switch. A cable runs from that to the two machines.
I tried contacting some computer stores in my area but no one is available until next week. One place said I had serious problems.
What is so serious and what does that mean. Can this be fixed?
Hopeless,
Kate
-
-
-
With all due respect, whomever the _Dell "technician" was, unless he knows something dire that you haven't mentioned, he didn't know what he was doing, period.
Basically, it sounds like what you want to do is to connect both computers using a cable (i.e., not wireless) to the cable modem that you use to access the internet. If that's not correct, please let me know; otherwise, I'll base the rest of my post on that assumption.
In order to accomplish this, what you're basically going to do is connect a router (they come in both wired and wireless flavors) to the cable modem, and then connect each computer via that computer's ethernet connection, to the router.
In this sort of configuration, it is possible to have both computers get access to the internet but still not be able to "see" each other because the router is treating them as being two different networks, and the router doesn't have any instructions to permit it to allow traffic to cross between those two networks.
The _Dell customer rep you talked to on the phone had one hand on the right solution, but didn't explain it to you properly.
Basically, at this point, it is most likely the case that each of your computers is set up with a different IP address and/or a different subnet mask, either of which will have the effect of causing the router to treat each computer as being on a different network.
Since you're running Win XP, you can check this info out by going to Start->Run and then typing "cmd" in the little form box that pops up when you click on Run. When you hit return, a black window will pop up that looks like the old 1980's style computer console (pardons to the Linux/Unix crowd) and will have a prompt that might look something like "c:\Documents and Settings\Owner\My Documents>" with a blinking "_" for the cursor.
From there, type the following: "ipconfig /all" exactly like that. A bunch of info will be printed out on the screen. For each computer, what you need to do is go through that info and look for a line item that says something like "Ethernet adapter local area connection" (that's what it says on my system, but I'm on a workstation, not a standalone system, so your's might not say exactly the same thing).
Under that heading will be several rows of information, that will look something like this (all details have been changed to protect the innocent - and my job
):
The four items of information that are going to be of concern to you are the four that I have highlighted in bold above.
The first item, named "Physical Address" is what is more popularly known as the computer's MAC address (aka the Media Access Control address). That number is basically your computer's true "name" on the network it connects to through its ethernet connection.
The second item, named "IP Address" is, if you will, the street address of your computer on the network that is either assigned to the computer if DHCP is enabled on your router (as it is in my example) or is set manually in the IP configuration for the computer if DHCP is not enabled.
The third item, named "Subnet Mask" is used to allow network administrators to break one monolithic network up into various subnetworks (I'm not doing it justice here, but hopefully you get the idea - it's a way of identifying several different discrete subsections of a large network that uses a common IP address).
The fourth item, named "Default Gateway" is the IP address of the router that the computer uses to get access to the internet (or cable modem if no router is used).
Your troubles most likely come from having different entries on each computer for the "IP Address" and/or the "Subnet Mask."
The simplest solution to try first is to log onto the router's admin webpage (typically, you would type something like "192.168.1.1" into the address field on your web browser, and you would be taken to a webpage that is internal to the router from which you can change the router's configuration). Once there, login and see if the router has been set to enable the router to do DHCP. Most likely, that function has not been enabled on your router, which means that the router cannot assign IP Addresses and Subnet Masks to each computer that connects to the router.
If DHCP was not enabled, enabling it should cause the router to assign a new IP Address, Subnet Mask, and Default Gateway address to each computer.
If that doesn't do the trick, then disable DHCP on the router, and go into the "network connections" control panel applet for each computer. Once there, right-click on the icon for the ethernet connection, and when a menu pops up, left-click on the "properties" item. From there (and, unfortunately, I'm going by memory now, because I don't have an example in front of me), you should be able to set the network connection properties of the ethernet card. One of the tabs at the top of the properties window will lead you to two radio buttons that give you the option to set IP address automatically (by DHCP) or to enter the info directly. Click on the second button to enter the info directly, and then enter the data along these lines:
First, get the IP Address of your router. It should be something like 192.168.2.1, or 192.168.1.1, or something similar. For purposes of the following, assume your router's IP address is XXX.YYY.Z.1.
On the first computer, assign it the following IP configuration:
IP Address: XXX.YYY.Z.2
Subnet Mask: 255.255.255.0
Default Gateway: XXX.YYY.Z.1
and then hit "Ok"
On the second computer, assign it the following IP configuration:
IP Address: XXX.YYY.Z.3
Subnet Mask: 255.255.255.0
Default Gateway: XXX.YYY.Z.1
That should be enough to set up a static network (i.e., one where the IP addresses of the computers do not change dynamically - which is probably what you will want from a security standpoint, since you will want to minimize the ability of an interloper to trick the router into assigning an IP address to the interloper.)
By giving each computer an IP address that has the same first three sets of numbers as the IP address of your router, and by giving each computer a Subnet mask of 255.255.255.0, you're putting both computers on the same network, which is identified to the router as XXX.YYY.Z (basically, I'm glossing a lot on the technical stuff here), and then giving each a unique identifying number (i.e., "2" and "3") that will enable the router to "find" each computer on that single network.
This will also permit each computer on that one network (i.e., the XXX.YYY.Z network) to find each other.
The last step in setting up simple file sharing is to have both computers be members of the same workgroup. If you go to the desktop, and right-click on the "My Computer" icon, and then left-click on the "properties" menu item, you should get a dialog box that pops up with several tabs at the top. On one of the tabs (again, I'm flying blind here right now) you should be able to set up or change the name of the workgroup the computer belongs to. Each computer should have a default workgroup with a name like "WORKGROUP" and, if both computers already have the same default, you could just use that workgroup for file-sharing purposes. However, if they have different names in there now, or if you want to use a name other than the default, you want to type the same short name into each computer - it should be one word without any spaces, punctuation, or special characters, e.g., something like "DRGENIUS" or the like.
Once the computers are on the same network and are members of the same workgroup, you can then enable file-sharing (please, please be very very careful with file sharing, and do not enable file-sharing on any file that contains confidential or private information that should not be shared with the outside world - if you're running Win XP home edition or doing simple file-sharing on Win XP Professional, once a file is set up for file-sharing it is shared with any computer that gets access to the network, regardless of whether you want the owner of that computer to get access to your shared files. If you have to share files that contain confidential and/or private information, then you should make sure you're running Windows XP Professional, and you should set up a group policy that basically prevents any computer other than the two computers on your network from getting access to any of the shared files on either computer. Setting that up is, however, a chore in and of itself, and fit for a separate post if need be). -
-
-
-
EDIT: Ok, so I wrote another novel - my apologies; I'm just very long-winded (or is that long-fingered
). In a nutshell, I agree with Blue68f100, and I definitely agree that you should hire someone to audit your network security to double-check the first guy's work - and don't pay him if the auditing technician finds any serious or egregious mistakes.
Now for the novel:
I would agree with Blue68f100's assessment - it sounds like you got a (mostly) decent setup; however, it was both unprofessional and unhelpful for the technician to be so involved in his other "business" and to not sit down with you and carefully explain what was done, why it was done, and what you need to pay attention to as you are now the network administrator (whether you want to wear that hat or not). One immediate concern that comes to mind is - if he was so involved in his other affairs, he could have easily missed some little detail that could prove crucial later on (like forgetting to exclude the "guest" account from the security policy on one of the shared folders).
For example, regarding Zone Alarm, there should be no need to get rid of a laptop-based firewall just because the router has one as well - any good firewall software can be configured to work with instead of against the router - in fact, I would consider that to be an essential part of the service I was paying for, making my equipment work together and not changing my setup unless the change was absolutely necessary.
It's true that routers have firewall capacity; however, that firewall is still a software firewall, not a hardware firewall, and is not as secure as a hardware firewall would be. Thus, keeping Zone Alarm on is a perfectly reasonable belts-and-suspenders approach when you can't afford the cost of a dedicated hardware firewall. The same would go for any other reputable anti-virus or anti-spyware application - they can all be made to play nice with an external firewall such as exists on a router, and the added protection may make a difference.
For example, on my home network, which is built around a wireless router, I have the router firewall and I also have McAfee anti-virus (it came with my laptop when I bought it back in '03, so I've just stayed with it) and Webroot Spysweeper on the laptop - each application picks up things that the other doesn't (although it gets a little crazy on-screen when they both pick up on the same thing at the same time ).
Lastly, the tech's off-handed remarks diminishing your security concerns misrepresents the whole point of securing a network in the first place. Basically, good network security works on the same principle as good physical security (e.g., door locks) - you don't try to make the system unbreakable, mainly because that's (a) impossible, and (b) prohibitively expensive. Instead, you try to achieve a level of security that is:
(a) appropriate to your legal obligations in the event of a security breach - which are pretty high in your case given the high liability imposed for the improper disclosure of personal medical and financial information,
(b) appropriate to the nature and size of your business - a five and dime does not kit itself out like Fort Knox, and
(c) is good enough to deter the opportunistic thief - people who are looking for easy pickings and who go fishing looking for low-hanging fruit; i.e., in terms of physical security, the main point of a door lock is not that it will prevent the entry of a person who has decided to target your particular business, but that it will deter the person who wanders from door to door trying door knobs to try and find an open office he can slip into, or the person who looks for locks that can be easily jimmied with a credit card, a metal ruler, or some other innocuous thing he can carry around without raising suspicions.
Basically, you want your security to be just good enough that (i) you're not leaking confidential records onto the internet by mistake, and (ii) the average thief/hacker will quickly realize that breaking into your office/network is going to take too much time and trouble, and make that person go off to try your neighbor's door/network instead.
Viewed in that context, a basic security setup is absolutely essential, not because you can make it impossible for anyone at all to break in, but so that you can deter the opportunistic thief. Basically, the tech got it backwards because, with no network security it is actually easier to steal your files electronically than physically (particularly since he shut down all of your A/V and spyware applications), so the point of getting network security is to get just enough that, for the opportunistic thief, it becomes easier to steal your files by physically breaking in rather than trying to get through your network security.
At the very least, that makes it impossible in a practical way for anyone who doesn't live in your town to steal your files (a thief from Russia, e.g., is not going to pick up his burglar's tools and march down to your storefront when he realizes that your network security means that it would be easier to steal your files by breaking and entering; if he's an opportunist like 99.9% of all thieves, he'll just give up on you and go looking for someone else - which is precisely what you want your network security to do).
Which brings me to my final concern about your technician, and why I think that it would be a very good idea for you to take Blue68f100 up on her/his (sorry, couldn't determine the correct pronoun ) offer and to also pay the additional expense of having someone else come in and audit your network security to make sure that the first guy did a proper job. My concern is raised by two facts you mention: first, his inattentiveness - as I said above, who knows if he missed some crucial little detail because he was busy gabbing on the phone? Second is the very distressing fact that he apparently removed all of the antivirus and spyware applications from your computers.
I'm just paranoid enough to consider that he might have been making it easier rather than more difficult for him to break into your network, or to sell the information needed to break in to the highest bidder on the internet. After all, since he installed the router, he also has the administrative login ID and password to the router (unless you changed those after he left), and he has your current IP address (which will persist for a little while even if your ISP uses dynamic IP addresses - in many instances, a dynamic IP won't be changed until the internet connection is temporarily turned off by turning off the cable modem). With those pieces of information, he could get access to the administrator controls of your router from outside (i.e., from the internet), set a back door (if he didn't set one when he was there to set it up), and thereby gain access to all of the files that are currently shared over your network - mostly what someone would be looking for in that case are names, addresses, telephone numbers, and SSNs, all of which could be harvested from your files without you ever noticing if your security really has been compromised.
As I said, I'm a little paranoid in any case, so please don't think that you should just rip everything out right now and go back to square one. Instead, disconnect the cable modem and unplug it for about ten minutes or so - to force a change of your dynamic IP address - and change the logon ID and password for the router.
If he didn't tell you how to do that, it's actually pretty easy with most routers. Open a web browser and type the IP address of the router into the Address field for the browser. Since you said the router was a Linksys, the default IP address for those routers should be 192.168.1.1 - if that doesn't work, then check the IP address on one of the computers like I explained earlier (i.e., by going Start->Run typing "cmd" and then typing "ipconfig /all" in the black window that opens). The IP address should look something like this: 192.168.x.y, where x and y should be single-digit numbers. The router's IP address is almost certainly going to be 192.168.x.1, so give that a try if 192.168.1.1 doesn't work.
Also, reinstall the anti-virus and spyware software that you had on the systems previously while the computer is attached to the network - a good commercial product should detect the network and at least try to conform to it. A little poking around in the configuration windows for those applications should allow you to figure out how to make them play nice with the network. If you do that and lose contact with the other computer, and cannot figure out how to get contact back, then turn the application off and make sure to raise the point with whomever you hire to audit your security.
2d EDIT: Also, here are links to two companies that provide VPN services which, as Blue68f100 indicated, is a better solution to remote access:
http://vpnprivacy.com/
http://strongvpn.com/ -
I'm sorry you're having so much trouble with setting your network up - unfortunately, about the only place that job seems to be easy is in the how-to books that are a dime a dozen. Even just setting up my little home wireless network has involved all sorts of little ... issues ... and has been a steep learning curve for me.
Remote Desktop was relatively easy to set up, although the instructions from Microsoft for activating the client end of it on Windows Home Edition weren't entirely accurate. I use it strictly internally to access the old desktop I set up to use as a home server, so I haven't had to deal with accessing it from outside via the internet.
In terms of actually using it the way you want, I don't know what, if any, current security issues there are with Remote Desktop, although given that it's a Microsoft product, I'm sure there are some things that need to be carefully attended to. In that vein, it might be worthwhile considering installing some VPN software on the office computer and the computer you would be using for remote access. Also, if you do set up remote access, and since you would only use it for scheduling and etc, it might be best to make sure that the private/confidential files that are being shared between the office computers not be accessible from any remote location - that would mean that you couldn't get into those files from your house, but it would also be one more layer protecting those files from malicious access by an outsider.
If you do decide that you want to activate Remote Desktop, I could probably walk you through it by private message (although Blue68f100 could probably do even better).
In terms of finding someone to set up your network on whom you can rely, you might check to see if you can find anyone who's bonded - i.e., has an insurance company putting its money behind the company's work (although I'm sure you know that, I'm just a big blabbermouth ). It may be more expensive, but that extra cost buys you peace of mind that is much, much more valuable than the extra money you pay out.
-
Well, it sounds like you have a reasonable setup. Rather than flog a dead horse, the only thing I would suggest now is that you change the login password for the router to something only you know.
What he did with the folders is still, in essence, "file sharing" but because you have Win XP Pro it's different from what people commonly mean when they say "file sharing." On Win XP Home, files are either shared with everybody, or with nobody; however, on Win XP Pro, you can set up files so that they can be accessed from another computer, but only by specified users (this is enabled through a group or security policy in XP Pro that allows the administrator to specify which users can access which folders/files).
The bit about setting up the folders as drive letters is a bit irrelevant - basically what he did was to assign a drive letter to the shared folders on each computer so that, when you go into "My Computer" you'll see another disk icon that looks something like this:
The function that does this is under the "tools" menu on the "My Computer" window and it's called "Map Network Drive..."
If he hadn't mapped the shared folder to a drive letter, then you would have seen an icon that looked like a file folder with a hand underneath it "sharing" the folder with you (sorry, I don't have a sample image ready to hand right now ).
For now, you should probably take the weekend off, have a nice rest (maybe a bubble bath or some bubbly ) and, come Monday, your next long-term project is to start learning a little bit about being an administrator on a Win XP Pro network. Go slow, though, because there's a lot of chaff to wade through in order to find the few nuggets you really need. I would suggest learning about how to set security policies on the network.
-
-
Now, promise that you won't look at this until Monday? Ok, first, here's a link to an article from 2001 about preparing a HIPAA-compliant network. The article is, unfortunately, a little densely written, and doesn't have many practical how-to's, but it should give you an idea of what sort of conceptual things you need to keep tabs on (and also give you some more technical words to browbeat technicians with
).
PC Anywhere can be configured to be HIPAA-compliant, at least that is what the following article from Symantec states: Symantec PcAnywhere and HIPAA Standards; however, you will need to make sure that it is configured properly (which that article unfortunately does not tell you - I would suggest looking on the Symantec website to see if they have instructions on how to configure PcAnywhere for HIPAA-compliance, and if they don't have them online, contact them directly. -
-
-
Don't be sorry - once you get all the kinks and bugs worked out (with some help from here, of course ), you'll be happy with the extra functionality you get.
So far, I don't think I can really add any more to what blue68f100 has to say, other than that I think it's good advice, so I'll just express my continuing support - it's gonna turn out just fine in the end.
-
-
I agree with blue68f100 - the whole point of paying a professional to come out and set up your network is to get something you can start using immediately without having to go back and redo everything the "professional" did. Since the tech you hired didn't actually provide you with the promised service/product, he's breached his agreement with you and isn't entitled to get paid, only to get back the hardware he sold to you.
However, you shouldn't just give up on the idea of having the network you want, (a) because it really doesn't sound all that complicated (relative to other networks, unfortunately, networks in general are more complicated than the average), and (b) because you've already come a long way up the learning curve, and have made it over the first few steps, which are the hardest - that's a valuable investment of time and energy that shouldn't go to waste - there's no better learning situation than an initial failure (which means that it really wasn't a failure at all ).
Firstly, while it may seem odd, you should be proud of yourself for having had the tenacity and drive to work through the first hard failure - so pat yourself on the back a time or two (lord knows, the boss won't do it for you ). Next, once you've settled stuff with the tech guy, and had him remove the stuff that didn't work, take a break of about a week or so (not too long, though, or your hard-won knowledge will begin to get stale), and then prepare to take another shot at it. That is where your experience this time will be invaluable because it'll make it a lot easier for you to sit down before you hire someone to start installing stuff to think about and plan what sort of network you need, and to discuss what you need in detail with another tech (whom you'll be better able to judge as competent or not), and, of course, with all of us on this thread. With a team like that, you should be able to get a decent network up and doing your bidding with only minor hiccups the next time.
-
You have right.
Connecting two machines hardwired?
Discussion in 'Networking and Wireless' started by onnie, Apr 6, 2008.
