Windows 7 with XP mode networking question [Archive] - Glock Talk

PDA

View Full Version : Windows 7 with XP mode networking question


srhoades
09-21-2011, 17:38
I have a client that insists on separating the internet from their work network, and not for any good reason other than they are paranoid. Currently they have two networks and two computers. They are getting new computers and I was wondering if I could give the Windows 7 host a static IP and leave the gateway blank while sill allowing the XP machine to obatin or assign an IP to get on the internet. I'm assuming that if the XP virtual adapter uses NAT that it probably won't work, but I wasn't sure if XP mode support direct access to the adapter.

kc8ykd
09-21-2011, 19:59
you can do that, at least using ms's virtual pc. you can have the client use the host's nic directly, or via nat.

i don't have virtual xp installed, but i'm guessing it should react the same.

just leave the gateway addr out of the host and let the xp client use dhcp to get it's address.

i would keep the host machines on a different subnet than that for the xp machines.

so, the hosts would use 192.168.1.0/24 and the xp machines would use 192.168.2.0/24, for simplicity sake (the internet router's internal interface should be on the .2.0/24 network). this is just an example as far as the ip's themselves, just to show the "separation" between the networks.

the hosts will be able to communicate with each other without problem as long as they are on the same subnet.


if their really paranoid, you might propose installing a second nic on the machines just for the internal network and vlanning their switch to keep the actual traffic separate. although, having the machine's bridge the two networks isn't ideal but it might ease their minds a little.

srhoades
09-21-2011, 22:07
Awesome, thank you.

kc8ykd
09-22-2011, 00:03
no problem.

with the second nic, you should be able to leave it unconfigured in the host system, and tell the virtual xp to only use the second nic, either scenario, configure the nic from within the virtual machine just like you were doing it like normal.

Pierre!
09-22-2011, 00:38
I just got to ask...

Why would a client WANT a documented LESS SECURE OS on the internet?

And at double the cost? Or close to it anyway... even OEM copies of XP aren't free.

They do want to run legally licensed software, right?

Win7 is waaaay better on the internet these days. XP is now a 'has been' and hosts more rootkit infections... The numbers, if really correct, are pretty staggering.

You may want to point this out... IF they are going to be paranoid, then help them out! Win7 host running Win7 VM's would be much better, and still costly, but the savings from not being infected all the time would justify it... and then there is the whole 'recover from an image or snapshot' scenario that the host system AND VM systems could employ.

Certainly you can snapshot the XP systems too, but c'mon... you will still suffer unnecessary business interruptions.

Hope that helps ya out.

Patrick

kc8ykd
09-22-2011, 01:48
virtual xp is free for most versions of windows 7, and there's a kb patch that removes the hardware virtualization requirement.

they should be able to run it as basically a sandbox, where at the end of the session, they can choose to write any changes to disk. so, if it gets mucked up, they simply discard any changes and next time it runs, it's like the last session never happened.

keep it patched and run some decent a/v software and take all the normal precautions and it shouldn't have any problems.

srhoades
09-22-2011, 09:51
Dell has Free upgrades to windows 7 professional on some system and configured with XP mode is $45. And as far as infections, they don't get infected now because *gasp* they only use the internet for business related junk. At one point they had their SonicWall configured with like 10 websites they were allowed to visit.

tous
09-22-2011, 20:37
I have a client that insists on separating the internet from their work network, and not for any good reason other than they are paranoid. Currently they have two networks and two computers. They are getting new computers and I was wondering if I could give the Windows 7 host a static IP and leave the gateway blank while sill allowing the XP machine to obatin or assign an IP to get on the internet. I'm assuming that if the XP virtual adapter uses NAT that it probably won't work, but I wasn't sure if XP mode support direct access to the adapter.

Do as your customer wishes without the comments or don't work for them.

As mentioned, virtual networking with Virtual PC is quite flexible.

kc8ykd
09-22-2011, 21:17
i think it would be irresponsible to not look for vulnerabilities, waste, and inefficiencies, and not make recommendations as to how to mitigate them.

the customer knows what they want, as far as the end result, but they may not know the best ways to achieve that goal while maintaining a prudent level of security. they also might not recognize other vectors of attack simply because they are not very familiar with the technologies involved.

sitting down with a customer, or employer, and reviewing the plan is a good idea and opportunity to educate and mitigate threats while finding a cost effective solution to their problem. i've found that customers and employers respect that, and come away feeling as if you're looking out for them.

it's imperative that one is knowledgeable about the subjects so as to be able to propose and implement the most efficient and secure solutions, which is what srhoades has done in this case.

Pierre!
09-22-2011, 21:38
i think it would be irresponsible to not look for vulnerabilities, waste, and inefficiencies, and not make recommendations as to how to mitigate them.

the customer knows what they want, as far as the end result, but they may not know the best ways to achieve that goal while maintaining a prudent level of security. they also might not recognize other vectors of attack simply because they are not very familiar with the technologies involved.

sitting down with a customer, or employer, and reviewing the plan is a good idea and opportunity to educate and mitigate threats while finding a cost effective solution to their problem. i've found that customers and employers respect that, and come away feeling as if you're looking out for them.

it's imperative that one is knowledgeable about the subjects so as to be able to propose and implement the most efficient and secure solutions, which is what srhoades has done in this case.

Very Well Put kc8ykd! We are responsible to assure 'Best Practices' are recognized and adhered to... or be sure you have a fat insurance policy! :cool:

My favorite is when you deliver the solution to the issue, they say they want it their way, and then they call you back wanting to fix 'their way' ... and that is usually 'can you drop everything and be here NOW?" And it's usually on Saturday... :supergrin:

srhoades
09-23-2011, 10:17
Very Well Put srhoades! We are responsible to assure 'Best Practices' are recognized and adhered to... or be sure you have a fat insurance policy! :cool:

My favorite is when you deliver the solution to the issue, they say they want it their way, and then they call you back wanting to fix 'their way' ... and that is usually 'can you drop everything and be here NOW?" And it's usually on Saturday... :supergrin:

That's what kc8ykd's comment, not mine.

Pierre!
09-23-2011, 12:59
That's what kc8ykd's comment, not mine.

:embarassed:

HAHAHA... Reading - Be surprised what it will get you... a lost art, and fortunately I just *proved* it... :wow:

Forgive me my *BOZO* Moment.

{sigh}

Patrick