Re: XP Less Secure than 98 for Sharing Files

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 04/25/04 

Date: Sun, 25 Apr 2004 13:05:28 -0400

Ed Derz wrote:
> In a Small office or Home Network used to share files, XP (using
> Windows Networking) seems Less secure than Win98.

Not so - FAT has no security to speak of, and NTFS does...
>
> In Win98, Passwords can be assigned to Shared resources, Service
> Broadcasting can be Disabled, and Non-routable NetBEIU protocols are
> standard. While you can configure NetBEUI with some additional
> effort, there seems no ability to password protect or turn of service
> Broadcasts in XP, or to password protect shared file services.

Why would you need NetBEUI? You should be able to use TCP/IP alone. Use a
firewall to protect your network from the Internet. Most if not all of the
hardware appliances also do DHCP as well as NAT - makes setting up computers
a lot easier. Check out NetGear FR114P - my current choice for small
networks.
If you disable NetBIOS over TCP/IP you can stop NetBIOS broadcasts, but
you'll also disable browsing. NetBEUI relies on broadcast anyway, if I
recall correctly (haven't used it in a million years).
If you use NTFS, you can granularly set permissions on shares/folders for
different user accounts. You can disable simple file sharing on XP Pro
(which also supports 10 concurrent connections, not merely 5 as Home does)
and set up all other user accounts/passwords on it, and control who has
access to what, with local groups or accounts, as you wish.
>
> Interestingly, XP as a client will work fine with a win98 "Server"
> which has passwords on shares and has broadcast disabled.
>
> XP as a windows network server appears vunerable to any device that
> gains access to the LAN. Are there ways to overcome these
> limitations in Windows networking?

Who has access to the LAN, and how? If someone gains access to your network
from the Internet (due to no firewall, etc), busting open the password
protection on Win9x/FAT is no big deal. NTFS alone isn't going to save you
there, but no matter what you use, you need a firewall, period.

Relevant Pages

  • Re: Remote Desktop Web Connection
    ... >> Jeffrey Randow (Windows Networking MVP) ... >> Windows Network Technology Community - ... >>>The router is what is restricting you from reaching multiple machines. ... and it understands rules about passing packets on port ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Home Networking in XP - need help
    ... >suggests setting the NetBIOS over TCPIP option in TCPIP ... All versions of Windows can network using NetBIOS over TCP/IP. ... Nothing in Windows networking requires, or has ever required NetBEUI. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help with home network
    ... TCP/IP [not netbeui] and Windows Networking is probably not enough. ... Netbios over TCP/IP property in your network card properties also allows the ...
    (microsoft.public.win2000.security)
  • Re: SBS 2k3 and Additional Servers
    ... question to talk about network security but about Windows networking. ... It seems that SBS itself agrees with all of you and turns ... GPO's and network configs. ... killing the external nic of the web server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Peculiar permissions problem
    ... you will understand that Windows Networking is not ... account properly activated for network access. ... On a server running NTFS, with Simple File Sharing disabled, there is a clear ...
    (microsoft.public.windowsxp.network_web)