Re: Question about microsoft network
From: Duane Arnold (notme_at_notme.com)
Date: Tue, 18 Oct 2005 18:47:08 GMT
"info" <info@firstname.lastname@example.org> wrote in
> Hello group,
> I have a adsl router/modem with wifi. This provides me with excellent
> from the internet, but no firewall at all from wireless wifi users who
> could access netbios file shares etc. Should I disable my Server
> service of my Windows computers to protect them from netbios access,
> if so, can I leave the Workstation service on so that computers cab
> still access one shared printer? Or should I remove the netbios
> protocols from the ip adapter?
You can use Authenticated User Group on File Shares and remove the
Everyone Group off the share. Authenticated User group means that the
computer must have an account created on the computer for any user from
another computer to access the share, which also protects on the printer
situation if set correctly. Of course, one must be using NTFS. I would
also look into using IPsec that's on the NT based Win 2K O/S and up to
protect the Netbios port if not using a personal FW solution to protect
TCP port 139.
Authenticated User Group is being talked about in the link.
MS IPsec can be used in a FW like manner in a LAN situation and can be
used to protect port 139 on Win 2K, XP and Win 2K3 machines. The AnalogX
IPsec SecPol rules will provide the protection if implemented and still
allow networking between the LAN machines. The IPsec will block High port
use for file downloads so you either learn how to set rules to open the
required port, which you can learn how to by reviewing AnanlogX rules or
you disable IPsec on the machine and do the download.