Re: 3 PC SOHO Network setup problem

On Mon, 2 May 2005 12:01:10 -0700, "Motonut" <Motonut@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

>I am having difficulty getting my home network set up so my wife and I can
>access all files/devices from all of our PC?s. Ideally, since I?ve renamed
>our 3 PC workgroup (no longer called Workgroup) I would like it set up so
>that when we log on to any of the 3 PC?s our ID?s would allow us access to
>most, if not all, files/devices in our workgroup. Setting up Sharing on each
>of the devices has proved to be hit or miss as to its success. I would also
>prefer if I could set it up so only the 3 PC?s on our (renamed) workgroup
>have access to any other PC's device.
>
>We have 2 desktop PC?s connected via Ethernet to a D-Link DI-524 (4 port and
>wireless) router and a laptop PC that can be Ethernet or wirelessly connected
>to the D-Link. The house is well over 300? from the nearest neighbor or road
>so security on the wireless side is not a major concern. The OS?s of each
>system is:
>Desktop 1 - MS Windows 2000 Pro SP4
>Desktop 2 ? MS Windows XP Home Ed. SP2
>Laptop 1 ? MS Windows XP Pro SP2
>
>Our internet connection is via a cable modem connected directly to the
>D-Link router, no PC has an internet connection other than through the router.
>
>XP?s Network Setup Wizard has been run on the 2 XP machines but is not
>functional on Win2K. What are my options for setting up our private (secure)
>network?
>
>TIA,

Neither Windows 2000 nor Windows XP restrict access by computer, only by
account. XP Home, unfortunately, uses Simple File Sharing, which allows access
only by the Guest account, which means this computer will be open to anyone.

With Simple File Sharing, you'll not be able to access "C:\Program Files",
"C:\Windows", or any of the profile related folders such as "My Documents". All
of those folders require individual user, or administrator access, and Guest
access gives you neither.

The fact that your property is large will not mean a great deal to anyone
determined enough; someone with a well constructed wireless apparatus could
hijack your wireless signal, and possibly access your shared data, just as
easily as someone connecting by Ethernet, sitting as much as a mile away.

Windows XP Home is just not a good idea for a secure WiFi LAN, nor is it for a
LAN where you wish to access all files. If you want to have symmetrical access
between all 3 computers, you'll have to use Simple File Sharing on the Laptop,
activate Guest on all 3 computers, and accept the fact that any data shared to
anybody is accessible by everybody. And the fact that some data (noted above)
will not be available to anybody except by local access.

If I were you, I would disable Simple File Sharing on Laptop, disable the Guest
account on Desktop 1 and Laptop 1, and not use Desktop 2 for file sharing.

To minimally secure your wireless LAN, you should do as many of the following as
possible.

Change the router management password, and disable remote (WAN) management.

Enable WEP (minimal) / WPA (preferable). Use non-trivial (non-guessable) values
for encryption. (No "My dog has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually.

Install a software firewall on every computer. Put manually assigned ip
addresses in the Local (highly trusted) Zone. Open the firewall for file
sharing, only in the Local Zone.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
here). Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking.wireless are good places to start.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it comes from experience.
My email is AT DOT
actual address pchuck sonic net.
.

Relevant Pages

  • Re: 3 PC SOHO Network setup problem
    ... >>>so security on the wireless side is not a major concern. ... >>>Our internet connection is via a cable modem connected directly to the ... >> only by the Guest account, which means this computer will be open to anyone. ... >> LAN where you wish to access all files. ...
    (microsoft.public.windowsxp.network_web)
  • Re: change node on ipconfig
    ... If I disable the wireless card now, the LAN will claim to be connected to the ... VPN, but it is weak. ... > before you create the VPN usxing the hard-wired connection? ...
    (microsoft.public.windows.server.sbs)
  • Re: Approach to use cross-over connect as part of LAN
    ... Wireless nic was installed on A for access to existing 3-computer LAN ... An alternative is to create a network bridge on A, ... Make ad-hoc connection between A & B maybe even with APIPA addresses. ...
    (microsoft.public.windowsxp.network_web)
  • Re: all-in-one router?
    ... Especially with a wireless LAN, you need to audit what traffic goes up (to the ... Here's a story about somebody's very stupid wireless neighbor. ... connection listed represents - you? ...
    (microsoft.public.windowsxp.network_web)
  • Re: cant file share files wirelessly over WRT54G router
    ... it cannot share files over the wireless connection. ... When I plug in via wired ethernet, file sharing works ... wireless is Layer 3 protocol neutral. ... with NETBEUI, IPX/SPX, or some other protocol, and it should still ...
    (alt.internet.wireless)