1

I want to connect 2 Windows home computers together for a server/client relationship; however, only the "client" computer should be connected to the internet.

"Server Computer" <----> "Client Computer" <----> INTERNET

I'm looking at the pros and cons of connecting the two computers using a cross-over cable verses a router in terms of (A) speed, and (B) security.

So far I've gathered that in terms of speed, cross-over cable is faster, but not by much. In terms of security, I still have no clue. Which method is more likely to keep internet viruses off the "server computer" in my network? Which gives me more control over determining which programs on the client computer can talk with my server computer?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Todd
  • 11
  • 1
  • How about "it doesn't matter" ? – Stephane May 29 '17 at 09:35
  • If you use switch with hardware switching capability you can't see any performance hit. In case of cross-over cable, how you would connect the client computer to internet? You will need 2 ethernet ports (controllers) on this PC. Moreover, you will need to have some router / firewall installed on one of PCs. Such as internet sharing in Windows or IP routing enabled + i.e. IP tables on linux. If you can buy router go for it. Its worthy than elaborate such infrastructure. Additionally, if you buy router with more switch ports, you can plug any other device there without need of special effort. – Fis May 29 '17 at 10:06
  • Something came to my mind related to security. In both cases it is necessary to follow some best security practices. I.e. change default router password, update all machines (including router) continuously. In case of router, there can be a bug you will never will be able to patch as if vendor will not release patch you are lost. This would rarely happen with the strange cross-over network. On other hand... I would never go for this solution ;) – Fis May 29 '17 at 10:13
  • @Fis if each card has it's own subnet on the client PC, there's no routing needed as OP's will is that the server has no internet access. All in all, rest of the comments apply, using a crossover cable won't bring much more security, as the client can access it, a virus can spread over, that's a matter of firewalling to prevent access, not a matter of physical links. – Tensibai May 29 '17 at 11:34
  • 1
    @Tensibai True, I missed the point he does not want the server to be connected to the internet. – Fis May 29 '17 at 12:13
  • @Fis, thanks for your input. I'll scrap the idea of a cross-over cable and go with a router – Todd May 29 '17 at 19:44
  • @Tensibai, I'll look more into firewalling since that sound like the key. Any software you'd recommend? I've only used the one that comes with Windows so far. – Todd May 29 '17 at 19:45
  • According to your description, OS firewall should be enough to restrict available services, but we're heading to a xy problem: what are you willing to secure in the server exactly? I.e: what is the exact goal which made you think about this solution at first? – Tensibai May 29 '17 at 20:03
  • @Tensibai, the server program/proprietary source code is what I'm trying to keep secure. So my idea was to keep it on a computer with no internet connection, and it's only connection to the "outside world" will be one port I allow to communicate with the client program only. Flawed idea? – Todd May 29 '17 at 21:10
  • Seems to make sense, whatever the OS is, the firewall should be enough to allow incoming connections to this port only, reducing the surface of attack to only the server program. This mean administering the server with keyboard and screen to avoid remote administrative access, all in all, cross over or switched networking doesn't make a big difference – Tensibai May 29 '17 at 21:15

1 Answers1

1

The first thing to say is that it isn't a choice between a cross-over cable and a router. The initial choice is between a cross-over cable and a switch. Most home/soho routers will contain a switch, typically 4 ports. More professional routers (e.g. the Ubiquiti EdgeRouter Lite) may only have 2 or 3 ports that have more independence than a typical low-cost switch/router.

The main issue, however, with your "architecture" is that you need 2 different network connections on the "client" computer. That could be wired and Wi-Fi or 2xwired.

One caveat before continuing: If the "client" computer is something like a fixed desktop with little use, then you could easily turn it into a dedicated router if it has two network ports.

Assuming you can do that, the next problem is how the client computer's operating system handles multiple network connections.

Typically, a Windows client (e.g. Windows 10) is not designed for this configuration and about all you can do natively is bridge the two connections. In that case, you are relying on the Windows firewall to protect your server, again it is not designed for this though it will probably do just fine. But the bigger problem is that, if your client computer is compromised, your server is likely to be as well - you can mitigate that by running an OS level firewall on the server.

Things are rather better if using Linux on the client computer since Linux OS's are generally very good at being servers and have a number of tools commonly available such as the IPTABLES firewall. You can also get tools to help with routing issues and many routers actually run Linux under the skin. You still have the additional vulnerabilities that come from using a client computer as a router though - namely that client computers are generally more exposed to dangers.

Routers are designed specifically for this purpose and therefore are likely to have better performance overall since you are not relying on the performance of the client computer. Client computer performance will vary greatly depending on what else you are running and it is generally hard (at least under Windows) to optimise for routing use. Routers will be doing less things and should be optimised for those tasks anyway.

Routers are also likely to give better security, they are not running so many tasks - every task you run adds to security risk as it adds to the potential number of security flaws open to attack.

Of course, there are rarely absolutes in the world of IT design and there are a lot of variables that we don't know about.

In general though, you are much better off with a router. It is likely to be more secure and also likely to have better overall performance or at least more consistent performance than a client computer.

Julian Knight
  • 7,092
  • 17
  • 23