Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Windows XP - locking down internet access
New Posts  All Forums:Forum Nav:

Windows XP - locking down internet access

post #1 of 10
Thread Starter 
Apologies if this is a recurring thread nowadays, but I have a mission from my in-laws to keep their P4 rig alive. Simply, I need to lock down their Windows XP install so that internet access can only occur within iTunes or Amazon Cloud Player (standalone app). I thought this would be easy - I'd just block all ports both ways except those needed by iTunes & ACP, but I've since discovered that iTunes needs 80 & 443 doh.gif

I did think I could whitelist them in the HOSTS file, but I don't know how to confirm which URLs they are using in the background (if they've not connecting directly using IPs). I know this is probably going to involve some kind of firewall settings (hopefully Windows Firewall, but I'm open to a free 3rd party firewall). They run a limited user account (the admin account password is only known by me). Unfortunatly, I'm not sure where to acquire the needed information (Google didn't help), and I'm not 100% sure how to use when I've obtained it redface.gif

A little help please? smile.gif
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #2 of 10
Is there a reason you want to do this? It will make the computer quite usless, it would in effect become a MP3 player


What you can do is install wireshark, start the program and just look for what DNS requests it makes to get URI's if you really want to
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #3 of 10
Thread Starter 
I've install Linux Mint onto the thing for the purposes of internet usage, word processing, and photo printing. While technically their iPods could be made to sync under Linux, they are comfortable with iTunes both in terms of managing the library, and also the iTunes Store. ACP saves the ripping CDs step when they buy a new CD (thanks to AutoRip), plus it's instant so no waiting for it to arrive in the post.

The idea, is that I don't want them using the internet AT ALL on Windows, but as iTunes & ACP don't function under Linux, and there isn't a viable alternative, I'm a bit snookered.
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #4 of 10
Even if you find what DNS requests the programs make and whitelist those, sometime in the future, those might change, and you'll end up having to keep editing your whitelist. I don't know what windows has, but there ought to be outgoing firewalls that can filter by app.
post #5 of 10
dsl-modem-condom,6-M-193342-13.jpg
That'll do the job fine.

Just poke holes in the shape of the iTunes icon.
i7 Sandy
(8 items)
 
Skylake Pentium
(8 items)
 
 
CPUMotherboardGraphicsRAM
i7-2600K ASRock Z75 Pro3 GTX 970 16GB 
Hard DriveOSMonitorPower
250GB Samsung 850 Evo WinXP Pro / Win7 Pro 1080p 60Hz Thermaltake Smart M850W 
CPUMotherboardGraphicsRAM
Pentium G4400 ASRock H110M-HDV GTX 550 Ti 8GB (2x4) 
Hard DriveOSPowerOther
250GB SSD Windows 7 500W 300Mbps WLAN 
  hide details  
Reply
i7 Sandy
(8 items)
 
Skylake Pentium
(8 items)
 
 
CPUMotherboardGraphicsRAM
i7-2600K ASRock Z75 Pro3 GTX 970 16GB 
Hard DriveOSMonitorPower
250GB Samsung 850 Evo WinXP Pro / Win7 Pro 1080p 60Hz Thermaltake Smart M850W 
CPUMotherboardGraphicsRAM
Pentium G4400 ASRock H110M-HDV GTX 550 Ti 8GB (2x4) 
Hard DriveOSPowerOther
250GB SSD Windows 7 500W 300Mbps WLAN 
  hide details  
Reply
post #6 of 10
I do this all the time in Windows 7 and 8.1, for XP you'll need a third party solution.
post #7 of 10
Thread Starter 
Yeah, went with AShampoo, basically got iTunes, ACP & Avast set up on a whitelist, with everything else blocked.
Annoyingly, standard user accounts can change the config, but I'm hoping the in-laws won't be able to figure it out, lol
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #8 of 10
Quote:
Originally Posted by chemicalfan View Post

Yeah, went with AShampoo, basically got iTunes, ACP & Avast set up on a whitelist, with everything else blocked.
Annoyingly, standard user accounts can change the config, but I'm hoping the in-laws won't be able to figure it out, lol

Just keep in mind that these types of outgoing firewalls aren't perfect. If malware injects iTunes with malicious code, for example, then it will have the privileges of iTunes and be able to send messages freely through the firewall. Unless the rules were tied to both the process AND the destination domain.
post #9 of 10
Thread Starter 
That is true, but it should be unlikely - the source of malware would have to originate from iTunes itself via update, as the users won't be able to download any (no browsers or mail clients have internet access)
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #10 of 10
Good point; I forgot about "lock down" biggrin.gif
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Windows XP - locking down internet access