Re: Question about microsoft network

From: Duane Arnold (notme_at_notme.com)
Date: 10/18/05 

Date: Tue, 18 Oct 2005 18:47:08 GMT

"info" <info@appwall@electronicscomputing.com> wrote in
news:43550d94$1_1@mk-nntp-2.news.uk.tiscali.com:

> Hello group,
>
> I have a adsl router/modem with wifi. This provides me with excellent
> firewall
> from the internet, but no firewall at all from wireless wifi users who
> could access netbios file shares etc. Should I disable my Server
> service of my Windows computers to protect them from netbios access,
> if so, can I leave the Workstation service on so that computers cab
> still access one shared printer? Or should I remove the netbios
> protocols from the ip adapter?
>
>

You can use Authenticated User Group on File Shares and remove the
Everyone Group off the share. Authenticated User group means that the
computer must have an account created on the computer for any user from
another computer to access the share, which also protects on the printer
situation if set correctly. Of course, one must be using NTFS. I would
also look into using IPsec that's on the NT based Win 2K O/S and up to
protect the Netbios port if not using a personal FW solution to protect
TCP port 139.

Authenticated User Group is being talked about in the link.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

MS IPsec can be used in a FW like manner in a LAN situation and can be
used to protect port 139 on Win 2K, XP and Win 2K3 machines. The AnalogX
IPsec SecPol rules will provide the protection if implemented and still
allow networking between the LAN machines. The IPsec will block High port
use for file downloads so you either learn how to set rules to open the
required port, which you can learn how to by reviewing AnanlogX rules or
you disable IPsec on the machine and do the download.

http://www.analogx.com/contents/articles/ipsec.htm

Duane :)

 

Relevant Pages

  • Re: IPsec and protecting ports
    ... > try to gain access by means of port 445. ... You can do that with IPsec as I do configure BlackIce to protect the ... Windows Networking ports. ...
    (comp.security.firewalls)
  • Re: Routers Firewall
    ... > indicates that it has firewall technology, then the router doesn't have a ... What your router does have is NAT. ... ZA is a fine product which will protect a computer ... Port 80 is the WEB access port and port 21 is the FTP ...
    (comp.security.firewalls)
  • [KJ][PATCH]Rocket port:use mutex instead of binary semaphore
    ... Use mutex instead of binary semaphore for mutual exclusion. ... * simultaneous access to the same port by more than one process. ... - * A per port write semaphore is used to protect from another process writing to ...
    (Linux-Kernel)
  • Re: FTP ports and security questions.
    ... The default firewall in XP Pro is good enough to protect you against the ... >opening such a port automatically gives me away and make me vulnerable. ... Those connections will go to your FTP server. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: How does domain isolation with Windows 2003 IPsec happen?
    ... Servers receive policies that require inbound communications to be protected with IPsec; clients receive policies instructing them to use IPsec when communicating to severs within whatever address range you define. ... Protect Your Windows Network: http://www.amazon.com/dp/0321336437 ...
    (microsoft.public.security)