Thanks for the Info Luke....
1) But (yeah, i'm butting
) I used to work for several ISPs, and installed many many(and then some) triple play installations (TV, Internet and Telephone) at consumer homes here in Holland, so "I've been around the block" and i don't agree with that UPnP is turned off by default by most manufacturers...
Sure, STUN and STUNT NAT traversal works okay too... My own D-Link DIR-655 (which also had UPnP on by default) happily supports it
But in some scenario's (especially with cheap routers like Sitecom or Sweex) UPnP is better supported...
the most popular routers here are Linksys, Sitecom, Sweex, Netgear, ICIDU, D-Link, Draytek and Asus.... and for what i've seen... all had UPnP ON by default....
I Guess that's Because Mediaplayers like the Xtreamer, HD Playon! etc. are becoming very popular here, and most LCD TV's here are beginning to support DLNA too... and DLNA works best with UPnP enabled
This is also why there are requests of implementing UPnP support here in the forums, since they want to acces their media files through neorouter (Point-to-site mostly) so they can play them at their friend's place....
Anyways.... IPv6 talk is "Hot" at the moment (since there are no free IPv4 addresses left
)... but implementation's slow
especially when manufacturers are bugging about using NAT or not
(gheheh... NAT or Not
)
Next to the fact that a lot of home routers have to be replaced in order to cope with IPv6.... So the whole thing, It's gonna take a while, so where stuck with IPv4 and NAT for now
2) Invite trusted computers into the network.... Well, that's the main idea anyway
But what if one of the trusted computers is stolen when using the Free version ? My Girlfriend for instance has a Laptop only, and we use Neorouter to play LAN games with others, and she also carries it around as she goes
Setting ACL's on shared folders per computer works indeed (With User Groups setup, NTFS permissions set etc.. (Doing your MSCA/MSCE thing the way Microsoft likes it)), but i guess you know too how fast Usernames and passwords are found if you would bruteforce a seperate Windows "Sitting duck" machine... (Firewall-settings are easy to disable when a thief has his hands on a computer and he's using something like Bart Lagerweij's BartPE and it's implemented remote registry editor for instance)
Building a domain system with Kerberos, certificates and SSL/NTLMv2 encryption etc. is a solution off course... But that's a little bit overkill for "mere Mortals", isn't it ? (Next to the fact that my (and other people's) mediaplayer and DLNA-using TV doesn't support Domain logon properly
)
But ok, quickly changing the password on fileservers and NAS-es works for most users... but still.... the virtual network still can be accessed and sniffed since initiating the VPN-connection doesn't require user/password....
So basicly: changing the neorouter domain name each time is the only way to ensure "safety", and this means that all users have to change too, which is quite the hassle, changing all instead of just one... If the professional (payed) version of Neorouter works in the same way as the free version in terms of initial connections (Fully connecting to the virtual network with no user/password needed at startup)... This would be a reason for a business (and it's Administrator) to NOT implement Neorouter....
So i'm gonna do some competition-talk (sorry for that
)... Logmein's Hamachi (including the Free version in both managed mode and standalone mode) does need a User/password for initial connection after starting up their Network Explorer-like client, and disconnects immediately after shutting down their Network Explorer-like client... Most (free) VPN-implementations with the same purpose as Neorouter and Hamachi work like this...
Also performance-wise, a client only connecting to the Neorouter server computer when needed instead of allways constantly being connected at the moment the "Neorouter Client service"-service is started on the client computer, is much better.... So the Neorouter server can just worry about the actual active users instead of both active AND inactive users and their connections...
So I guess that's something to think about Luke
Nevertheless... Neorouter is more stable and faster than Hamachi for what i've seen and i prefer Neorouter because of that.... But in terms of security, i prefer Hamachi..... So, do you see my Dilemma ?
Grtz,
Shadowguy