Re: Anyone can browse my network

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/30/05 

Date: Wed, 29 Jun 2005 19:01:10 -0500

You mention firewall but that will normally only prevent access from the
internet unless the firewall is used to protect a network segment of your
network.

If the users are logging onto their laptops with their domain credentials
[even with local account] then they could have the same access as if they
are logging onto authorized domain computers. The solutions could be using
mac filtering or 802.1X authentication depending of the capabilities of your
network infrastructure or possibly ipsec implementation on the domain. A
computer with a require ipsec policy would not be availalbe to a non domain
computer in that by default ipsec uses kerberos computer authentication
before an ipsec session can be created between two computers. Domain
controllers however can not use ipsec secured communications to communicate
with domain members. Onlly Windows 2000/2003 and XP Pro are ipsec capable in
a domain. The advantage of ipsec is that it is built in and can be managed
via Group Policy. See the links below if interested in ipsec. You may also
want to implement a computer user policy that prohibits unauthorized
computers being connected to YOUR network. Seeing files may be the least of
your worries when you take worms and hacked computers with backdoors into
account as another security vulnerability from those computers. --- Steve

http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx
 --- most applies to W2K
http://www.microsoft.com/downloads/details.aspx?FamilyID=10359569-ef11-499a-9e1f-85da3fca608c&displaylang=en
--- using ipsec for server domain isolation.

"Kurt" <Kurt@discussions.microsoft.com> wrote in message
news:ABF008DF-1F81-4C57-9E5A-D6E7A2E69A91@microsoft.com...
> Hi,
>
> I have a mixed mode 2000 domain. we have a firewall in place.
> If someone plugs a laptop into one of our switches. They can browse my
> entire network. The can see computers, shares and files.
> Is there a way to stop this?
>
> Thanks
>
> Kurt

Relevant Pages

  • Re: Simple Printer Sharing/Networking Question
    ... And all 3 desktop computers are running Windows XP Pro ... We have turned on sharing for the network printers (in association with this ... caused by 1) a misconfigured firewall or overlooked firewall (including ...
    (microsoft.public.windowsxp.network_web)
  • Re: Networks : Workgroups and Domains. How Do I Use Them?
    ... in My Network Places, it may take some time for a network resource to show up. ... all of the computers must be on the same subnet. ... it depends on whether you have Simple File Sharing enabled or disabled. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Sharing a printer
    ... Here are general network troubleshooting steps. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ... On the assumption that you in fact do have a router that connects to the Internet and that your computers then connect to the router, then if you think that you have one IP for multiple computers then you probably are using a website tool such as http://whatismyip.com/ That shows the your public IP address -- the one that the rest of the world sees. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Home Network with Vista & XP
    ... The 3 computers are: 1 laptop running XP Pro, 1 laptop running Vista Home Premium, and 1 desktop running XP Home. ... the vista laptop can see all terminals on the work group but the xp terminals cannot see the vista terminal in the network. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Networks : Workgroups and Domains. How Do I Use Them?
    ... I think the problem is from my lack of understanding whether these machines are together as a workgroup or domain. ... If I want to configure solely for a workgroup network, then I would think I do not need to provide a domain name, and vice versa for a domain network. ... It's not clear whether any of your computers is running Windows 2000 *Server.* If not, you don't have a "domain" and shouldn't be using domain names. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ...
    (microsoft.public.windowsxp.network_web)