I'm putting my new Windows 7 WMC build on a VLAN.
Are there any existing options for secure updates for guide listings?
I have a Schedules Direct membership. Maybe there is a way to limit inbound traffic specifically to the Schedules Direct server?
I've got a managed switch.
Or maybe I can download to USB stick and manually update every two weeks. That would get really old, really fast though.
Suggestions or ideas???
Secure update option for Schedules Direct guide listings? USB stick? VLAN?
Forum rules
★ Download the latest EPG123 here: https://garyan2.github.io/ <> Setup guide here: https://garyan2.github.io/install.html ★
★ Download the latest EPG123 here: https://garyan2.github.io/ <> Setup guide here: https://garyan2.github.io/install.html ★
-
CZ Eddie
- Posts: 158
- Joined: Sun Dec 24, 2017 6:14 pm
- Location:
-
HTPC Specs:
-
Space
- Posts: 2840
- Joined: Sun Jun 02, 2013 9:44 pm
- Location:
-
HTPC Specs:
Not sure what you mean by a secure update.
There are various levels of security based on how much security you are comfortable with and how much you are willing to be inconvenienced.
Simply putting your WMC machine on a LAN with a firewall connecting to the Internet is usually enough security for most people. A NAT firewall will generally only allow TCP connections initiated from within your LAN to the Internet and will block any connection initiated from the Internet to your LAN.
The main issue with this setup is if you allow a "trojan" inside your LAN (through manually downloading a malicious file). In this situation, if you run that file, it can then initiate a TCP connection out from your LAN to the Internet, and then you are compromised (you are compromised even if it does not connect to the Internet, since once you run that file, it can do things such as delete files, replace executables, etc.)
If you want to block ALL connections to any sites on the Internet (except for the Schedules Direct server) then you can do that, but that is where the inconvenience part comes in. You can make it so that any outbound traffic from your WMC machine can only be to the Schedules Direct servers, this would limit any damage that can be done if you run a malicious program on your WMC machine, but if you have any other machines also on this LAN, then that malicious program also has access to those machines and can theoretically compromise one of those and then be able to access any external Internet location that those machines can access. But again, the trojan does not need to access external Internet sites to cause damage, it just allows external agents to control your computer and do what they want with it in an interactive manner, if the trojan is already programmed to cause damage then it will do so without needing any external instructions from it's controller.
Of course if you follow safe security practices, you should never run a program on your system that you are not sure is safe, so like i said, a simple NAT firewall is usually sufficient security if you know what you are doing.
There are various levels of security based on how much security you are comfortable with and how much you are willing to be inconvenienced.
Simply putting your WMC machine on a LAN with a firewall connecting to the Internet is usually enough security for most people. A NAT firewall will generally only allow TCP connections initiated from within your LAN to the Internet and will block any connection initiated from the Internet to your LAN.
The main issue with this setup is if you allow a "trojan" inside your LAN (through manually downloading a malicious file). In this situation, if you run that file, it can then initiate a TCP connection out from your LAN to the Internet, and then you are compromised (you are compromised even if it does not connect to the Internet, since once you run that file, it can do things such as delete files, replace executables, etc.)
If you want to block ALL connections to any sites on the Internet (except for the Schedules Direct server) then you can do that, but that is where the inconvenience part comes in. You can make it so that any outbound traffic from your WMC machine can only be to the Schedules Direct servers, this would limit any damage that can be done if you run a malicious program on your WMC machine, but if you have any other machines also on this LAN, then that malicious program also has access to those machines and can theoretically compromise one of those and then be able to access any external Internet location that those machines can access. But again, the trojan does not need to access external Internet sites to cause damage, it just allows external agents to control your computer and do what they want with it in an interactive manner, if the trojan is already programmed to cause damage then it will do so without needing any external instructions from it's controller.
Of course if you follow safe security practices, you should never run a program on your system that you are not sure is safe, so like i said, a simple NAT firewall is usually sufficient security if you know what you are doing.
-
IT Troll
- Posts: 1193
- Joined: Sun Nov 27, 2011 9:42 am
- Location: Edinburgh, UK
-
HTPC Specs:
If the concern is Windows 7. You could setup EPG123 in client/server mode with only the client running on WMC. Then configure it so WMC can only connected to a server on your network, which in turn gets it's updates from Schedules Direct. This would allow you to run Windows 7 with a hardened networking profile and no direct Internet access. This could be achieved using Windows firewall rules or ACLs on your managed switched.
Are you a Recorded TV HD user or want to give it a try? Check out the new community-made update; Recorded TV HD v2.1.1
-
CZ Eddie
- Posts: 158
- Joined: Sun Dec 24, 2017 6:14 pm
- Location:
-
HTPC Specs:
Thank you, Space & IT Troll. You two helped me consider options.
My managed switch isn't as cool as I thought it was.
So, I ended up flashing OpenWRT onto my four-port router.
Then, I used this video to set up VLAN's.
https://www.youtube.com/watch?v=5TtlAXeaGUM&t=305s
I put my WMC computer (PC1) and my two HDHomeRun (PC2 & PC3) and my EPG123 Server (PC4) and put them all onto a simple switch.
Then, I ran the uplink cable from the switch over to a port on my router.
And I configured that port to be a different VLAN without any Internet access.
So, the "PC's" could only talk to each other and nothing else can talk to them.
Then, I added a second network cable to the PC4 EPG123 Server and ran that to a normal VLAN1 port on the router.
My managed switch isn't as cool as I thought it was.
So, I ended up flashing OpenWRT onto my four-port router.
Then, I used this video to set up VLAN's.
https://www.youtube.com/watch?v=5TtlAXeaGUM&t=305s
I put my WMC computer (PC1) and my two HDHomeRun (PC2 & PC3) and my EPG123 Server (PC4) and put them all onto a simple switch.
Then, I ran the uplink cable from the switch over to a port on my router.
And I configured that port to be a different VLAN without any Internet access.
So, the "PC's" could only talk to each other and nothing else can talk to them.
Then, I added a second network cable to the PC4 EPG123 Server and ran that to a normal VLAN1 port on the router.