Networking and Sharing quagmire

To illustrate the extent of my knowlege - please refer to the nick name (worm: only enough experience to be very dangerous) and (hole: the area located between my ears) .......Having said that, here is my dilema:

I have 3 Windows 2000 professional PC's and 1 XP home laptop. I have easily set up a network here at my home office. We can all see each other fine. I also use ICS fine.

Suddenly, I decided I wanted a wireless card for the XP home laptop.

Now, before I go much further, let me explain that my SHARED connection is a USB from Direcway DW4000 2/way Satelitte.
So.. I must use one of the Windows 2000 prof. as a gateway and ethernet out to a hub, where the others are connected.

The Direcway software uses (demands is more like it) the IP 192.168.0.1 as the local gateway for ICS.

When converting to adapt my new wireless equipment, I discontinued useing the 4 port Linksys hub, and am now using a D-link DI 614+ (AirPlus) router and D-link DWL 650+ card for the laptop.

I configured the router to now use 192.168.0.3 instead of 192.168.0.1 (default) and the router now decides the IP for the other 2 PC's and the wireless account (or 3 PC's when I don't go wireless. YES, I am using 128 incription and I don't broadcast the CCID.

My problem is this... The network crashes - and I don't know if it is a security issue or if it is a configuration issue.

NOW for the TWIST.... like the recent game shows we see on TV, there is a slight twist. I am genuinely concerned about the vulnerability of my system with good reason, I have a nemasis, a competetor, who is very well versed in the vulnerabilities of networking and IP security, who has boasted of "jacking with my system" which is probably nothing, BUT, I sure wouldn't know an attack if I saw one, so I am concerned just the same.

I know that the configuration I use enable RPC (I think) and even with the latest Microsoft Updates, can I be sure my system is secure? I use Zone Alarm on the gateway and VCOM System Suite on all the client PCS, except one, where I use Norton Systemworks. Zone alarm goes APEpooky ocasionally, but I don't really know what's happening then.. I DO KNOW that my registry has been corrupted twice in the last 10 days. This last time I had to reformat it was so bad.

I will purchase whatever I need to, to get a locked down solid ICS / network. QUESTION: what is the BEST way to setup my network to INSURE there is no outside interference. someone please send me an acceptable diagram or advice would be appreciated.

What I have MAY be fine, I may just have a crappy PC that got choked, but it is brand new, and didn't have any issues until I set up this new networking setup descibed above.

I figure there MUST be a million people smarter and more knowlegeable than I am that could probably give me some advice here, so please help out if you can, I would certainly appreciate any help I could get. Until then, the router stays unplugged.

Thanks "wormhole" aka Steve

I should also explain that the PC that is getting fragged, is the gateway PC. Although I use this to share the USB sat. connection, I do not use any e-mail client or access the internet for browsing on this PC. It just sits there and shares the connection (1.1gig/512ram Intell celeron) it has no software installed other than what it needs to do this.

On the other connecting PC's that are connected to the LAN off the router, they must FTP and file transfer. They are also used to remote into my webhosting servers control panels via secure HTTP protocol. They also recieve massive amount of e-mail from time to time. These PC's seem to be working fine.

Also I have had NO problems with the laptop on wired LAN or wireless connectivity.

Only the GATEWAY windows PC is failing. When I switched PC's, I got the same results on another windows 2000 PC.

It is either my configuration, my setup or a security issue I think.

wormhole

The reason for the registry corruption is not obvious. How do you know it is corrupt ?

You have software on the gateway from Direcway - I would check you have the latest version from them.

The 192.168.0.1 for the gateway address is a demand of ICS. This cannot be changed.

The dlink router should be connected to the gateway by a LAN port, not its WAN port. The DHCP service in the Dlink must be disabled or this will cause your network to have problems. I would suggest setting the Dlink router to 192.168.0.254, but it doesn't matter really.

You didn't mention anti virus software. You need this on the network and must regularly scan the gateway and other PCs.

On zonealarm do you get firewall logs for incoming ICMP protocol.

The reason I think the registry is corrupt is that when I boot up, several programs either don't start or fail completely. Eventually, the PC will not even boot. When I go to the event viewer, I see information there saying registry entries are corrupt or not found. This event viewer is usually error free until I set up this network configuration, then it has massive entries warnings (yellow) and errors (red) that start showing up 24 to 48 hours after I set it up... strange, No unusual entries for the first 2 or three boots, then by 72 hours later, 20 to 30 errors or problems at each boot.

I understand the IP config, and I have addresses the IP situation.

I am using Norton 2003 antivirus and I update definitions on it every tuesday and friday evening.

Zone alarm logs everything, problem is, I don't know what any of it means. Is there something about a ICMP I should be worried about?

The DHCP is disabled an the router, and all connections to the router are on the LAN ports.

I have a little trouble setting up the firewalls on each computer, since they are meant to see each other, and share a connection, but still be secure. Maybe I am opening them up too much to make them work, and overriding the security I need to have in order to have a running system, maybe I am allowing too much access?? - I would like any advice on how to allow communication and still lock them down.

Please continue to ask questions, maybe you can help me find the problem, I just don't know what to look for anymore.

Thanks,
Steve

From a security view point you are quite secure.

ICS prevents most uninvited instrusions except for some more sophisticated methods like spoofing. These would show up as ICMP protocols in zonalarm apparently coming from your public IP address or your gateway but its really a virus probe from the internet pretending to be your IP. You should configure zonealarm so the only thing in your trusted zone is your LAN subnet (192.168.0.0 mask 255.255.255.0). These types of probes are not personal, they are scanning whole public address ranges looking for unprotected victims.

If you are scanning with latest AV then you're free of virus. Are you scanning all your PCs.

The corruption is a mystery.