Can I get a straight answer about XP printer and file sharing security?

Question:

ǝɯɐuɹǝsn ɔıɹǝuǝƃ

2007-11-27 23:34:39 UTC

Why don't you look at my network configuration first: http://i20.photobucket.com/albums/b238/sr111/network1.png

What I want:
I want to share my folders via Windows printer and file sharing (NOT some P2P app) but I do not want my folders to be accessible outside my network (aka, the internet.)

How it's configured:
I've set up my shared folders to be read-only, that is, there's a 0% chance I can get "infected" with a virus, worm, trojan, etc. The only thing I am worried about is unauthorized views from someone other than my friends. The router acts as a hardware firewall and 0 ports are being forwarded.

I just get annoyed because M$ technet and about every security guide I've read always recommends you turn off file sharing because of a risk of "remote viewing." Is there something I haven't considered? Is there a way to log *exactly* who is accessing the folders?

Four answers:

2007-11-28 00:05:18 UTC

I think this site will explain in more detail what you want to know than me sitting here and typing it.

As long as you have XP Pro you can disable Simple File Sharing and set specific access rights for each user.

If you follow the instructions as per the link below and make the passwords complicated e.g. alphanumeric (no pets, kids names, etc) you shouldn't have any problems.

http://www.practicallynetworked.com/sharing/xp_filesharing/whole.htm

Spartacus!

2007-11-27 23:43:51 UTC

"What I want: I want to share my folders via Windows printer and file sharing"

The key here, aside from enabling file and printer sharing, is to know how to use the personal firewall on each PC. Every firewall should allow you to define a zone, range of ip addresses, or subnet, where all traffic is allowed. If you restrict that zone to the IP addresses you enumerated in your diagram, then only those PCs would have full access to the shared resources.

"Is there a way to log *exactly* who is accessing the folders?"

You should make sure that you need a user ID and password to connect from one PC to another - that dramatically reduces the risk of casual "remote viewing". You could also require a user ID and password for each shared resource, though that would require disabling the simple file sharing option and configuring shares in a manner similar to the way resources are configured on a corporate server, then enabling logging and auditing. It's doable, but not really necessary.

2007-11-27 23:38:33 UTC

I got a program called Network magic for $25. Secured it all and shared everything perfectly. And I can remotely access my network computers and printers from any web browser in the world as long as they are turned on.

Joker

2007-11-27 23:40:10 UTC

Password the files if you can. I believe this is possible with windows and other directories.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese