Intranet help page

Intranet help page

Create your own intranet :

Whatever is your purpose, to test Minilgos cdrom in a standalone network, or to create your own intranet at office or at home, this page will help you to progress quickly, even if you are not expert. But if you are beginner, delay this adventure for later and try first Minilgos directly with your modem, especially if you are alone.

The good point of intranet is that you can choose yourself the FTP storage capacity. The bad point is that you will have to leave the FTP, HTTP, SMTP or POP3 servers powered up forever, and also you will have to publish their IP address on internet.

Software described in this page are working on all Windows versions, freeware or shareware without constraint (Comtun excluded) and probably the most simple to install, perfect for simple tests. Experts will use stronger software suites, running under unix (like Apache for example), that will perfectly work with Minilgos and will accept heavy loads.

DHCP server (not necessary) :

"Comtun" is easy to install and can act as DHCP server. Activate the DHCP feature and in the advanced properties of this service, define the IP address range (for example 192.168.0.10 up to 192.168.0.40). Then, any computer, programmed for automatic retrieval of their IP address will receive one from this DHCP server (computer will be authenticated with their network adapter physical address). In Minilgos configuration utility, just type in "DHCP" in the field "local IP address".

If you don't want any DHCP server, you will have to define static IP addresses so two computers will never have the same (if you create two minilgos cdroms for two separate people, you will have to define two separate IP addresses).

There is another protocol named BOOTP which is in fact DHCP ancestor. You can eventually type in "BOOTP" instead of "DHCP" in Minilgos configuration utility if you want to test it. Normally a DHCP server should accept BOOTP requests, but "Comtun" doesn't (does not matter really).

If you want allow an access toward internet, "Comtun" offers also DNS and NAT services. DHCP protocol will assign this gateway and DNS to other computers. NAT will translate and redirect IP datagrams correctly and DNS will redirect server name translation requests toward internet DNS.

Don't forget to configure your firewall correctly to allow incoming requests.

(you may have to add manually DHCP port 67, type UDP and DNS port 53, type UDP).

Unfortunately, sometimes, because of firewalls, servers may not respond immediately to clients requests (random packet loss). Do not hesitate to test clients and servers with and without firewall.

If you have Windows XP, you can create a local network (left panel in configuration panel => network) which does the same as Comtun, but be warned, that will set your PC IP address at 192.168.0.1.

HTTP server (WEB pages, read-only access) :

"Abyss WEB server" is easy to install. After you define WEB server administrator username and password, launch the server. The physical root of this WEB server is "c:\program files\abyss web server\htdocs\". An home page sample already exists there (index.htm). With Internet Explorer you can read this page with URL "http://(pc ip address)". Changing this root location may fail, so do not hesitate to roll back and retrieve default parameters if you need. Create the intranet user directory in the web root, for example "firstname.lastname". You don't need to create any subdirectory for Minilgos, because Minilgos will create them automatically, especially the Minilgos user's private subdirectory (his/her first name).

Through full support you can request a custom version of Minilgos that will give your own public WEB pages access instead of WWM access (or anything you may need, for example, terminals emulators in order to access main frames, or specific applications).

FTP server (same WEB pages, but with write access) :

"Quick'n Easy FTP server" is easy to install (unzip files in "c:\program files\ftp server" for example). Launch the program and define the FTP account username ("firstname.lastname") and password. Then define the physical FTP root, which must be the contents of the intranet user directory you created on the WEB server ("c:\program files\abyss web server\firstname.lastname"). Grant all rights to this FTP account. Click "start".

POP3 server (optional intranet mailboxes) :

"POP3 server" is easy to install (unzip files in "c:\program files\pop3 server" for example). Launch the program. Click "settings" button, then "user accounts" tab. Create the account (use an e-mail address for its name). Define its password. The physical location of this mailbox is "c:\inetpub\mailroot\drop\". You can copy yourself .eml messages in this directory to simulate received e-mails.

SMTP server (optional e-mail sending) :

"PostCast server Free Edition" is easy to install (unzip setup.exe and launch it in order to install files in "c:\program files\PostCast server"). Accept all default parameters. The SMTP server IP address is of course the PC IP address. Any e-mail sent to this server will appear in the program window and can be saved as .eml file, for example, inside message recipient mailbox directory (Edit->Save as...). I will not give here any details about how to automatically copy .eml files in the correct directory or how to send them toward internet because I didn't need this feature for my tests and I did no research on this subject (it's obviously easier to use ISP's offered mailboxes; usually they offer 5 mailboxes for one subscription).

About security :

First of all, be aware that a minilgos user does not need any antivirus or firewall. However if you have local operating systems installed on hard disk, especially if they act as servers for minilgos clients, you HAVE to install an antivirus and a firewall, in order to avoid any bad surprise and close any existing security breach. An excellent antivirus is "AVG" (very good automatic virus database updates). Last version (or service pack) of your local operating system will provide you with a built-in firewall.

Even with Minilgos anti-spam mechanism, you can receive viruses in e-mails coming from close friends (they appear in your minilgos phone book, and you appear in his/her hard disk phone book, so if he/she uses an infected standard operating system, running on hard disk, the virus will detect your email address on hard disk and will send you copies of itself in messages that will have no meaning for you but will be sent by your friend). But Minilgos will show you the filename of the virus with type '????' because it will not be a format that Minilgos can use -Minilgos can only use a limited number of text, sound or pictures formats such as 'TEXT', 'WAVE', 'JPEG'...-, so the virus can't be activated and will never be a threat for Minilgos internal code. In such case just delete it and warn your friend that he/she's infected

It's not sure that Abyss HTTP server will allow you to prevent intranet user from browsing directories. You should prevent it, just like any well protected ISP does. For minilgos it's important since private user data is "hidden", that is saved in a location that is unknown to hackers. Minilgos code invulnerability (vs hackers and viruses) is achieved through non existence of "back doors" (listened ports allowing remote actions), non existence of routines able to load and execute external native code, and also because code is burnt on a CD-R (you can use CD-RW or even floppy disk, but then you break invulnerability). Minilgos user private data protection is another matter. Well protected ISPs will prevent hackers from detecting files on their HTTP server with two methods : first, of course, disable browsing rights (or list rights) in order to prevent display of all existing files (that means client HAVE to ask for an existing file, completely defined by its full pathname, otherwise error 404 occurs); second, there must be some mechanism to detect massive requests resulting in error 404 (file not found) with requested filename changing all the time, proof that some hacker is trying all possible filename combinations to pick up an existing file (in such case a good method is to block the hacker ip address so he can't connect again for let's say 24 hours, so the number of average combination to try and the time needed to change IP address turn the hacker life into nightmare since he has keep on trying for centuries...; if you really need to over protect a data, just create it in several encapsulated subdirectories -in which you disable 'list cache' property, in minilgos-, that will raise exponentially the number of combinations hacker will have to explore and will achieve the "perfect" protection you need).

Never forget that usually hackers will not spend their time trying to break technical defenses, and will always try, first, to ask password through phone or e-mail, pretending they are member of maintenance team for example -the basic rule is to explain to any user of any system that he/she must NEVER give his/her password, whatever reason is given; because administrators of all systems have their own passwords giving access to everyting in system; avoid also to log in on pc or terminal that is not your pc or terminal, in order to be sure you are not working on a modified system programmed to capture and store your password-.

Since minilgos uses a custom global password (to consider a bit like half the key you need to access ISP servers; other half is tainted ISP password burnt on cd), if it's captured by a modified keyboard for example, or if you forget your minilgos cdrom in a cybercafe, nothing nasty can occur. Just DO NOT lose your cdrom or have it stolen AND, AT SAME TIME, give your password or have it captured.

Of course a breach can occur if FTP or POP3 username and password are detected on network. To fix this breach related to FTP and POP3 servers, ask for a custom version of minilgos that uses a secure authenticating method like CHAP for example (very safe method, used by PPP or PPPoE logins, with the MD5 encryption that can't be reversed) instead of plain text password (unfortunately most ISPs do not offer FTP or POP3 servers that accept such secured method) and you will have to find FTP and POP3 servers on market accepting the authenticating method you want (POP3 protocol refers it as the "APOP" command). In fact, if you fear that someone can read TCP/IP packets on the network between you and your own FTP or POP3 servers, you may want to ask for a custom version of minilgos matching specific versions of your ISP servers allowing to encrypt every data since it's important to not let hackers know every file path your cdrom will access. If you avoid Wi-Fi and get warranty from your ISP that no one can look at your network traffic between ISP servers and you, that should be fine... otherwise, time to search for a smart, but not standard version of FTP server and use HTTPS instead of HTTP. Anyway don't forget that the free version of Minilgos is dedicated to children, not secret agents... Data absolute confidentiality is possible, but requires more work both on client AND server side -do not hesitate to contact Minilgos support to ask question-. Maybe Minilgos and other NC solutions will encourage ISPs to offer new services, still standard, but designed for secure remote data processing (in regard of hackers scanning network packets).