Monthly Archives: July 2010

“Don’t need AV, we have a firewall”

Posted on by
2

A friend stopped by to ask if security suite x was any good or not. This led onto a conversation about a place she was working that wasn’t running any AV on windows machines. The rational behind this came from a 3rd party IT support guy  who said “you don’t need AV on the Windows machines,  the firewall will protect them”.

When I say firewall, I mean a good, old layer 3 packet filtering device. The things that cost $100 new and are, well, ADSL routers with added security aren’t able to protect a small office by themselves. Added security  equals access control lists in a pretty GUI, so not really the poster boy for defense in depth.

Amazing that some IT “professionals” actually believe having a firewall will stop pc’s from getting malicious software. Thanks goodness the USB device fad never took off.

If you do not have anti-virus software on your home or small office computer, Microsoft provides a free copy you can download from here: http://www.microsoft.com/security_essentials/

It does the job, is simple to use and doesn’t cost a penny. You want something with all the whistles and bells, pick a security suite package from any of the big names.

We now return to our regular programme.

Netsh commands

Posted on by
Reply

 

This is nothing new or exciting, I just keep forget the syntax so I’m leaving here to make it much easier to find/remember.

Interface Configuration

Interface named Local Area Connection with the static IP address 192.168.66.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.66.1:

netsh interface ip set address name=”Local Area Connection” static 192.168.66.100 255.255.255.0 192.168.66.1 1

Add multiple ip addresses

netsh interface ip add address ” Local Area Connection ” 192.168.66.101 255.255.255.0

netsh interface ip add address ” Local Area Connection ” 192.168.66.102 255.255.255.0

Configure DNS

netsh interface ip set dns “Local Area Connection” static 192.168.66.200

Add multiple DNS entries

netsh interface ip set dns “Local Area Connection” static 192.168.66.200primary
netsh interface ip add dns name=”Local Area Connection” 192.168.66.201 index=2

Configure WINS

netsh interface ip set wins “Local Area Connection” static 192.168.66.200

DHCP

Automatically obtain an IP address from a DHCP server:
netsh interface ip set address “Local Area Connection” dhcp

Get DHCP DNS/WINS settings:

netsh interface ip set dns “Local Area Connection” dhcp

netsh interface ip set wins “Local Area Connection” wins

Rename interface names

netsh.exe interface set interface name = “Local Area Connection” newname = “INT”

netsh.exe interface set interface name = “Local Area Connection(2)” newname = “Internet”

Disabling/enabling an interface


netsh interface set interface name = “Local Area Connection” admin = disabled

netsh interface set interface name = “Local Area Connection” admin = enable

Export your current IP settings

netsh -c interface dump > c:\current1.txt
import your IP settings
netsh -f c:\current1.txt
You can also use the global EXEC switch instead of -F:
netsh exec c:\current1.txt

LOOPS

FOR /L %I IN (2,1,20) DO netsh interface ip add address “Local Area Connection” 192.168.66.%I 255.255.255.0

This will add ip addresses from 192.168.66.2 to 192.168.66.20 with 1 step each time.

Examples:

http://technet.microsoft.com/en-us/library/bb490943.aspx

http://ss64.com/nt/netsh.html