Re: Home network admin - can he browse my files?

on 3/9/2006 10:41 AM myahact@xxxxxxxx said the following:
Winged wrote:

myahact@xxxxxxxx wrote:

Hello,

I'll be staying with a family for a few weeks and they have a Home
Network that I'll be connecting to in order to access the internet. Can
the network administrator log on through the network to my laptop as
"administrator" (or something else) and access my files? I know he can
intercept my internet communications (including passwords) and that
doesn't bother me, but I don't want him accessing my files. I checked
the properties for my C:\ drive and it is not shared, yet I have this
feeling there's another door somewhere...

I use XP Home, NTFS filesystem.


It depends on system configuration. Is NetBIOS exposed? Is the
administrator account named administrator or admin? Is your system
suitably firewalled blocking all inbound ports below 1024? Does every
account on the system have a complex password (Each of 4 character sets
minimum of 10 character password)? Is sharing turned on anywhere on
local system? Is it part of the families domain and is every password
protected on their system? Have you turned off unneeded windows services?

If NETBIOS is exposed it doesn't require an administrator (or anyone
else) any effort to determine every account name on a system and whether
or not that account has a password.

If you join the domain of the family systems the domain administrator
can get access to your system through the domain account.

If you have sharing turned on (windows default is to include everyone in
share with read only access). There are several exploits to shares that
can allow one to expand the scope of files exposed via share.

There are many potential doors into a system. There are ways if one
controls the hub to attack the system below the transport layer on many
flavors of NIC cards. Depending on your local machine configuration and
the expertise of your family threat there are numerous potential holes.
It is very difficult without more information to assess your security
posture.

If the family member is extremely knowledgeable and willful enough, you
will be hard pressed to prevent access to both the transmitted
information as well as access to local system resources.



Holy cow! I can't possibly verify all that. All I know is this :

Besides the Guest account, I have my personal password protected
account that is not sharable and not accessible from the Guest account.
I once created an account with administrative privileges and tried
accessing my personal account from there and it also failed.

I know any system is vulnerable but I'm worried about access by regular
logging, not hacking and cracking. Can the network administrator log on
and change some settings that would allow him to access files that are
stored in the MyDocuments folder in my personal account?


If I understood the previous answers: The "Administrator" you need to worry about is the administrator of _Your_ computer, not the network. Just because you are plugged into a network does not mean that the "administrator" of that network acquires rights to your 'puter.

I also understand that this answer changes if being plugged in means that you have to log into a "domain" in order to get access. In that case, you have given the administrator of the domain some rights when you login. Two points:

1. It does not sound like that's what you have going on. Just plugging into a home router does not log you to a domain.

2. Be aware that it would be really tough to log into a domain "by accident" It requires a specific password, etc.

Follow some of the other basic advice you've been given and you should be fine. Frankly, you're probably ok "as is" for the "threat" you have described. Heck, I administer my home network and I can't get into my daughter's computer across the network, and I know everything there is to know about that computer. Could I do it if I tried? maybe, but it's easier to go kick her out of her chair if I needed . . .
.

Relevant Pages

  • Re: USER PROFILE CORRUPT?? HELP!!!!!
    ... >Windows cannot log you on because your profile cannot be ... >that your network is functioning correctly. ... >problem persists, contact your network administrator. ... This is where the hidden account called ...
    (microsoft.public.windowsxp.general)
  • Re: Cant logon to Windows
    ... The network, a desktop, laptop and 2 printers, seems to be working ... Administrator and User Group and disabling all of the accounts. ... "This account has been disabled. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Home network admin - can he browse my files?
    ... Network that I'll be connecting to in order to access the internet. ... the network administrator log on through the network to my laptop as ... Does every account on the system have a complex password? ... If the family member is extremely knowledgeable and willful enough, you will be hard pressed to prevent access to both the transmitted information as well as access to local system resources. ...
    (alt.computer.security)
  • Re: Network Type Change Locks Login
    ... Create an account for yourself. ... Log in as administrator. ... Use xcopy.exe to copy the dormat profile folder ... > of these domain name institutional network references. ...
    (microsoft.public.win2000.networking)
  • Re: Event 1202 Warnings after Renaming Administrator Acct on SBS2003
    ... policy to rename the account although it is not really necessary or useful. ... Did I check Group Policies for references to the Administrator ... Failed to perform redirection of folder Desktop. ...
    (microsoft.public.windows.server.general)