Re: Authentication Question
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/06/04
- Next message: Steven L Umbach: "Re: locked out"
- Previous message: Steven L Umbach: "Re: Restrict access to USB flash storage device to console user only"
- In reply to: Ken: "Re: Authentication Question"
- Next in thread: Ken: "Re: Authentication Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 05 Apr 2004 23:35:00 GMT
Yes. If someone can plug into your network, assuming no mac filtering or 802.1x
switch control, they will be able to see shares on your network. That is why a
firewall is so important because if you have file and print sharing enabled on your
external adapter without one, people can view and potentially access your computer by
entering \\xxx.xxx.xxx.xxx your public IP address in their run box - assuming the ISP
is not filtering netbios ports as many now do.
However in a default installation of W2K neither null share access [except IPC$] or
the guest account are enabled, preventing anyone to gain access to your shared
folders unless they have credentials to a user account on your computer - logon
name/password even if both share and ntfs permissions include the everyone group. Do
NOT use blank passwords. Share permissions are your first line of defense followed by
ntfs permissions. W2K gives everyone full control access to a newly created share,
which you would want to change to suit your needs. To prevent an unauthorized
computer from gaining network access would require mac filtering or 802.1x switches
while ipsec can be used to secure network resources from computers outside of the
domain, though it will not prevent network browsing. See the links below on
configuring folder access for the network. --- Steve
http://support.microsoft.com/default.aspx?kbid=300691
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx#XSLTsection129121120120
"Ken" <kferden@homesteaderslife.com> wrote in message
news:ekf2rr0GEHA.2052@TK2MSFTNGP12.phx.gbl...
> So if anyone walks in off the street and is not a user on the network,
> connects their laptop to the network they will see these non-hidden shares.
> What can we do without losing access to all shares to prevent someone like
> this from deleting critical files. If group Everyone is on the share with
> full control this would cause the problem as this group includes everyone
> including non-authenticated users. Does the null session fall into this
> category?
> From what everyone has said, sounds like I am on the right track. Need to
> start on the Shares themselves and verify that Everyone is not being used.
> Secondly I would like to find a way to have the "Enter Network Password"
> sign on box appear for every server.
>
> I still have a few of these ideas to check out further but I do appreciate
> all the input.
>
> "Ken" <kferden@homesteaderslife.com> wrote in message
> news:e7hBMOMGEHA.2808@TK2MSFTNGP10.phx.gbl...
> > I have several servers on the network and they are visible through Network
> > Neighborhood because NetBIOS is still running. We have found that if you
> > take a laptop or pc that has never been added to the network or does not
> > have a network user logged on, the user can access different server shares
> > without authenticating to the server. Many of the servers do not show the
> > shares and will bring up a logon box to sign in. What is running on these
> > few servers? Is it the way the shares are setup? Permissions problem? A
> > service that is running?
> >
> >
>
>
- Next message: Steven L Umbach: "Re: locked out"
- Previous message: Steven L Umbach: "Re: Restrict access to USB flash storage device to console user only"
- In reply to: Ken: "Re: Authentication Question"
- Next in thread: Ken: "Re: Authentication Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
