How secure are home workgroups

[kalikiano]

I have two desktops and one laptop in my home. All have firewalls and I use a netgear rangemax wireless router WPN824. I have setup a workgroup for all of them and can see them on all pc's.

My question is if I enable file and printer sharing will people other then my computers connected to my router be able to access my printer and shared file folder?

Basically is my work group safe from the internet? or should I only allow share printer since that is the main reason I wanted to create the work group so I don't have to pay for a print server adapter and my wireless laptop can print from downstairs.


When you enable file sharing does that mean you allow all files to be shared on the pc or only ones that are listed when you click on the persons pc icon in my network places or do the //(pc name) an view folders in that menu?

 

[mBernhardt]

The simple answer:

Enabling file sharing allows certain files on your computer to be shared. You can choose whether or not to require username/password before people can access those files.

No one on the internet side of your router will be able to access your files unless your computer is hacked into. If you are mostly doing only web surfing you should be safe. Once you get into bittorrent or P2P networks it exposes you a little more.


Make sure you have a password set on the administrative account, otherwise anyone on your local network could access *all* the files on your computer.

 

[kalikiano]

awesome,

Ya i basically just do the typical web surfing and online gaming.

Now how do you setup the network so that it requires a login/password to get into the workgroup.

Well when I first had the other PC's listed on my work group I would double click them and then a login screen would come up. I would log into that pc as if I was actually on that pc and logging into xp pro and it would then take me to the screen where I could view and access the shared folder and shared printer. Im guessing I set this up already or it is a default option.

Now I did notice that if my main pc is not turned on then my other pc says I dont have to that workgroup. Does the main pc have to be on for the workgroup to be on? (I believe I used that pc to originally setup the workgroup.)

 

[technogab]

First and most importantly, did you secure your wireless router? If you did not put on any encryption, than anyone in your neighborhood can hop onto your network and view all the files that you have shared. Even worse, they can just map to the entire C drive by the hidden share \\computername\c$ and see everything on your computer.

But it sounds like you have a good handle on things, I just didnt see you mention that you secured the wireless network. If not, do that ASAP

 

[kalikiano]

Yes my wireless network is secured with WEP (only because my laptop is old and does not accept WPA or WPA2 that my router could use.) If that is what your talking about. I live in an apartment and it is surprising all the networks that I see from my office that are not secured.


I was just noticing that C$ file share the other day. I was going through my pcs and turning off the file sharing on the one folder that I assigned for file sharing on each computer and would just reenable it when I need to. I mostly just need printer sharing rights.

It seems there is no way to turn off the C$ file sharing option.

Can you explain it to me please? I am guessing it deals with letting everyone who creates account on pc to view which files the admin allows them.

 

[technogab]

Glad to hear you secured the wireless, I see a lot of open networks myself.


If you browse through the network you will notice that the folders that you shared will show up when you browse to that computer through the network. However you will not see the C drive shared because it is hidden with the $ sign. The only way to map to it is to type the full UNC name including the $ sign
example: \\computername\c$ or \\IP Address\c$

If ever you want to share a folder on the network but dont want it to be seen just by browsing, just add a $ after the share name. If you shared a folder and called it "John" everyone would be able to see it just by browsing the network. However if you shared it as "John$" then it is invisible. The ony way to map to it would be by typing \\computername\John$

Every Windows NT/W2K/XP/2003 machine automatically creates a share for each drive on the system (C$, D$ E$ etc...) These shares are hidden, but available with full control to domain administrators. The drive letter, followed by the $ sign is the name, and it is shared from the root.

It is possible to simply remove the Shared Folders (in W2K/XP/2003) but the problem with this is that the shares will automatically be recreated when the machine reboots.

You can disable the automatic administrative share creation via Group Policy, but here is a much simpler way:

In order to disable these shares permanently, a registry edit will be necessary.

W2K Pro/XP Pro, the change is:


Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0

Note: If you can't find the value in the registry under the exact location (it does not exist) - right click in the right pane of the window and create it.

Note: Again, a reboot is necessary for this to take effect.

If you want the administrative shares to be re-created, you can change the value back to 1.

Note: Some applications depend on the presence of these shares. If things stop working you'll know to re-enable the shares.


Hope this helps

Joe

 

[kalikiano]

Wow that is scary stuff. I was on one desktop and did that for my other one.

\\(pc name)\c$ and was able to see everything.


I live in a small apartment complex and attend a small college with everyone else so I mostly trust them but man if you lived in a big apartment/condo building. You could be attacked by people from all around above you beside you below you etc....


Now to access my workgroup. If a person manages to get access to my router would it show them the available workgroups or would he or she have to guess the workgroup name and safe it as his own designated workgroup??


Also. With the reg edit, will that disable any type of file sharing and only allow that admin account and no one else on that pc or even on network to access it?

 

[technogab]

That regisry edit just removes the administrative hidden share. It will still allow you to share any other directories however you would like.

As far as the workgroup goes, By default windows uses the name "workgroup" as the first workgroup name unless you specify otherwise. Most people know this and look for that workgroup. But Anyone can browse the network and look for shared workgroups, but they will not be able to join them unless they have an account on that computer. But most people run password cracking programs trying to get in with the adminstrator account.

As a rule of thumb, you should always disable the Administrator account and make another account that has admin access but give it a name that you will remember. Because the first thing that hackers try to hack is the Administrator account. If you leave it enabled, they are already know the administrator account name and are half way through breaking in, now they just need to get the password.

If it's disabled, they can try all day long and will never get in with the admin account.

I see thousands of attempts of people trying to break into my FTP server daily and they are all using "Administrator" as a user name and then just have a program trying different passwords. They never get in because Admin is disabled. I have another account with admin rights with a name that I know.


Also, I don't know if your drive is formatted Fat32 or NTFS. But NTFS is much more secure and you can assign file permissions to each directory and/or file. This way, only the person who you assigned permissions to, can access that file/folder.

 

[kalikiano]

Hey,


went and created a new account.

now when I log on with new account(has admin access) it wont show me my original admin account under user accounts menu just shows my new one and guest

 

[technogab]

Did you disable the account or delete it? If you deleted it, it will be gone and you would have to re-create it.

I don't know how you are managing the account, but I like to do it by right clickinng on My Computer and then choose "Manage" Then click on the Users folder.

When you want to disable an account, just right click the account and choose "disable".

You will then see a red X on that account reminding you that it is disabled. The account still exists, it's just not valid. If ever you need to enable it again, just right click on it and choose Enable.