File sharing and network security
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » Security » Security » File sharing and network security
Cronk @ 28th Oct 06:25PM:
File sharing and network security
Does enabling file sharing on a Vista computer lower your security protection if you should at some time connect that computer to a "risky network", such as one where there are teenagers that download all kinds of garbage, or public networks?
Or does choosing Public Network when you make those connections give you sufficient protection?
Thanks
reply
gregz @ 28th Oct 07:22PM:
Re: File sharing and network security
Not using any password protection on your file shares while on a public network is the worst idea out there. If enabling shares, they should only be on your own private network.
reply
Cronk @ 29th Oct 09:37AM:
Re: File sharing and network security
Looks like I was not clear enough in my original post, or I am not understanding how sharing works.
It seems to me that when you choose Public Network when first connecting to a network, then you are by definition not sharing files on that network. I thought that even if you have some folders that are designated as shares, the sharing would be blocked on a Public Network. I thought that I could then share files on my home Private Network, but not on networks that I've designated as Public. Is this incorrect?
Thanks
reply
gregz @ 29th Oct 12:11PM:
Re: File sharing and network security
Shares are always avail, unless you password protect. It is just like driving by your house, and the garage door is open to public viewing.
reply
OZO @ 29th Oct 03:44PM:
Re: File sharing and network security
If you use Windows firewall and go to public network make sure that firewall doesn't allow exceptions. It will block any computer from access your shares. When you in private network you may want to allow those exceptions and it will open access to those local shares.
--
Keep it simple, it'll become complex by itself...
reply
Cronk @ 1st Nov 11:39AM:
Re: File sharing and network security
When I look in Vista's Help, I find this:
Home or Work
Choose one of these locations for home or small office networks when you know and trust the people and devices on the network. Network discovery, which allows you to see other computers and devices on a network and allows other network users to see your computer, is on by default. For more information, see What is network discovery?
Public place
Choose this location for networks in public places (such as coffee shops or airports). This location is designed to keep your computer from being visible to other computers around you and to help protect your computer from any malicious software from the Internet. Network discovery is turned off for this location.
This seems to indicate that shares are not available when Public is chosen.
Have there been some reports to indicate that this protection has been hacked through??
Thanks
reply
gregz @ 1st Nov 01:48PM:
Re: File sharing and network security
Only thing that that does, is change the Firewall inbound port, but shares are still avail, and the service is still running. Best thing to do, is follow the steps under "Layered Security", and use Password protection for shares.
reply
EGeezer @ 1st Nov 01:54PM:
Re: File sharing and network security
If I recall, Link Logger did a challenge with an XP windows machine's Windows firewall about the time he did the El Cheapo Router challenge. I don't believe anyone got past it. (Tried to find the topic, haven't yet.)
In my own situation, I have the Windows firewall set for "no exceptions" on any untrusted network and use a SSL connection to remote control my home PC. Since I check and verify the Certificate against a known value prior to session initiation, I don't have to worry about a MITM attack that would substitute a certificate and decrypt and read my traffic.
An additional layer would be to turn off file and printer sharing either by removing the shares individually or globally.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
reply
Libra @ 2nd Nov 08:58PM:
Re: File sharing and network security
Cronk, I hope you don't mind my asking some questions about this also.
I have the Westell Modem NAT firewall and two computers are connected by a switch.
I have Vista Home Premium which is currently a Public Network with the Windows Firewall. XPHomesp3 has ZAFree 4.5.538.001. The IP (adapter subnet) 192.168.1.45/255.255.etc of XP is listed as being in the Internet Zone. I did put Vista's IP and the dns server (192.168.1.1) and local host into the trusted zone in ZA.
I never changed the network to private in Vista. I had file and print sharing selected and Password Protection Sharing was checked in Vista. (I'm quite confused about that because if I read correctly both computers must have the same user account and password? why would I have to make new user accounts just to share a printer? - I also think I may have read you can't use PPS with XP Home.)
I tried to share the printer and when I did "add printer", XP could not see Vista. The tech told me I had too much security on the computers.
I didn't have file and print sharing and client for MS selected in either computer. I know that should have been checked and two services, but I think something is wrong with my network to share the printer. I don't care about sharing files.
If it's possible to share securely, can anyone help me share my printer? Right now the Windows Firewall in Vista has about 5 or 6 exceptions for the HP printer which I think I should probably close if I'm not able to share.
Thank you.
Sincerely, Libra
reply
sivran @ 3rd Nov 12:23AM:
Re: File sharing and network security
Just make sure that simple file sharing is not enabled. That way, people can't use the guest account to try and poke at your shares.
If you have any explicit shares (ie: other than the admin shares) remove the Everyone group from the access list, and add only user accounts you want to have access.
--
In dadkins' memory, Think outside the Fox...
reply
Libra @ 3rd Nov 02:48PM:
Re: File sharing and network security
Thank you sivran. I don't have a guest account set up in either computer.
I'll turn off simple file sharing in Vista.
EDIT: I turned off the Password Protection Sharing, but read somewhere that turning that off enables simple file sharing. So I turned PPS back on again. 2nd EDIT: I just read that XPHome only allows simple file sharing. I am very confused about this. I don't want to share any files anyway, I was just hoping to share the printer.
Am I suppose to change the Public Network to private in Vista? And should I change the IP subnet in Zone Alarm from Internet to Local? Or can I leave both of them in Public?
Can I just assume if I don't set up any shares, that I don't have any?
Thank you.
Sincerely, Libra
reply
sivran @ 4th Nov 04:03AM:
Re: File sharing and network security
Yes, XP Home pretty much only shares via the Guest account (ie, simple filesharing) which makes it pretty annoying and not a very good team player with other Windows versions. I didn't use it for very long so I don't recall if there's a workaround or not.
quote:
EDIT: I turned off the Password Protection Sharing, but read somewhere that turning that off enables simple file sharing. So I turned PPS back on again.
I don't recall that setting, though it's been a while since I've touched a Vista machine. After looking at a couple pages on Microsoft's site, it does sound like you describe, so it should be on.
I can't seem to verify what OZO said about the services for filesharing still running, but setting network location to public is supposed to prevent any access to shares, so it's a good idea for a mobile computer anyway.
quote:
Can I just assume if I don't set up any shares, that I don't have any?
No. Unless you have explicitly disabled them, there will be "administrative" shares for all drives (or maybe just local hard drives, I forget). However, these shares require the username and password of an administrator account to access. Personally I leave them enabled, even on my laptop, because they ARE quite convenient.
The Windows XP firewall can be configured to allow access only from particular IP addresses and subnet masks, I presume the Vista one can as well. In XP it's under Windows Firewall -> Exceptions -> Highlight the service you want, Filesharing in this case, then click Edit -> Change Scope (on each entry).
Here are some screenshots: 1 2 3. (from XP Pro, Vista may rename/move some options in nonsensical ways. My condolences on your ownership.)
The third shot shows my network/mask. When I take my lappy to the coffee shop, packets sent to the filesharing ports will get dropped for not matching the network and mask. Even if someone there did know my admin account's details, they'd be denied by the firewall.
Bottom line is setting to public location, and requiring user/pass should suffice.
--
In dadkins' memory, Think outside the Fox...
reply
Libra @ 18th Nov 01:12AM:
Re: File sharing and network security
Hi sivran,
I apologize for not getting back to you for a while. I was in the hospital.
Am I correct in understanding that I can share the printer with XP using simple file sharing and Vista not using it? I appreciate the screenshots of the Windows firewall exception area.
Do you know if I have to turn Computer Browser and Server Services on in XP for this to work? They are on in Vista but I was looking at Black Viper's page and it seems to me those services are better disabled. I think he implied you could share a printer anyway, but I'm not sure.
I am confused about what these shares are. But how do I require a user/password? Is there a spot in the properties of the printer in Vista where I can type that in? I really don't want my Admin password used.
Thank you.
Sincerely, Libra
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC