Disabling/enabling ethernet and/or TCP/IP for best security

Georges Berenger · Mar 18, 2005

Hi!

In our XPe image, we have ethernet support with TCP/IP. Most users will
actually not use it, and we would like to offer the best security possible.
I already have installed & configured the firewall. We are still using
SP1, as SP2 proved to bring hard to solve issues, and none of the bug
fixes we were hoping for.

What we would like to do now, is find a way to switch on/off Ethernet
and/or TCP/IP support so that we get the max security level possible,
even if the machine is connected to an insecure network.

Our image doesn't include the Network control panel, and I need to
switch on/off the thing programmaticaly (with Win32 APIs, or with a
command line).

Any suggestions?

Thanks!
-georges

Slobodan Brcin \(eMVP\) · Mar 18, 2005

Hi Georges,

Have you tried using devcon for disabling of your network adapter?

Regards,
Slobodan

KM · Mar 18, 2005

Georges,

I have almost nothing to add to Slobodan's reply but just the fact that a while ago I also found the DevCon approach is very simple
to enable/disable network.

Basically what I did was:
"DEVCON FIND =NET" command just to see all the network adapters installed
"DEVCON DISABLE =NET" command to disable all the network adapters installed
"DEVCON ENABLE =NET" command to enable all the network adapters installed
(watch for spaces)

That worked like a charm for me on XP and XPe.

For more info about Devcon usage see here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272

KM

Disabling/enabling ethernet and/or TCP/IP for best security

Georges Berenger

Slobodan Brcin \(eMVP\)

KM