Re: 3 PC SOHO Network setup problem
- From: "Motonut" <Motonut@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 May 2005 07:02:05 -0700
Thanks for both replies, see responses below. As I say below, my setup should
be pretty common these days, shouldn't it be alot easier to impliment this
functionality?
Bill
"Chuck" wrote:
> On Mon, 2 May 2005 12:01:10 -0700, "Motonut" <Motonut@xxxxxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>
> >I am having difficulty getting my home network set up so my wife and I can
> >access all files/devices from all of our PC’s. Ideally, since I’ve renamed
> >our 3 PC workgroup (no longer called Workgroup) I would like it set up so
> >that when we log on to any of the 3 PC’s our ID’s would allow us access to
> >most, if not all, files/devices in our workgroup. Setting up Sharing on each
> >of the devices has proved to be hit or miss as to its success. I would also
> >prefer if I could set it up so only the 3 PC’s on our (renamed) workgroup
> >have access to any other PC's device.
> >
> >We have 2 desktop PC’s connected via Ethernet to a D-Link DI-524 (4 port and
> >wireless) router and a laptop PC that can be Ethernet or wirelessly connected
> >to the D-Link. The house is well over 300’ from the nearest neighbor or road
> >so security on the wireless side is not a major concern. The OS’s of each
> >system is:
> >Desktop 1 - MS Windows 2000 Pro SP4
> >Desktop 2 – MS Windows XP Home Ed. SP2
> >Laptop 1 – MS Windows XP Pro SP2
> >
> >Our internet connection is via a cable modem connected directly to the
> >D-Link router, no PC has an internet connection other than through the router.
> >
> >XP’s Network Setup Wizard has been run on the 2 XP machines but is not
> >functional on Win2K. What are my options for setting up our private (secure)
> >network?
> >
> >TIA,
>
> Neither Windows 2000 nor Windows XP restrict access by computer, only by
> account. XP Home, unfortunately, uses Simple File Sharing, which allows access
> only by the Guest account, which means this computer will be open to anyone.
== This sucks, I disable Guest for security reasons. You would think my
setup is a pretty common one these days and they would make this
functionality available.
>
> With Simple File Sharing, you'll not be able to access "C:\Program Files",
> "C:\Windows", or any of the profile related folders such as "My Documents". All
> of those folders require individual user, or administrator access, and Guest
> access gives you neither.
>
> The fact that your property is large will not mean a great deal to anyone
> determined enough; someone with a well constructed wireless apparatus could
> hijack your wireless signal, and possibly access your shared data, just as
> easily as someone connecting by Ethernet, sitting as much as a mile away.
===I'm not going to try and prevent all conceivable possabilities, just the
most likely. I'm in farm country, it's a little too remote for someone to
drive around looking fo a hot-spot, besides, critical data/apps on my PC's
have their own protection.
>
> Windows XP Home is just not a good idea for a secure WiFi LAN, nor is it for a
> LAN where you wish to access all files. If you want to have symmetrical access
> between all 3 computers, you'll have to use Simple File Sharing on the Laptop,
> activate Guest on all 3 computers, and accept the fact that any data shared to
> anybody is accessible by everybody. And the fact that some data (noted above)
> will not be available to anybody except by local access.
>
> If I were you, I would disable Simple File Sharing on Laptop, disable the Guest
> account on Desktop 1 and Laptop 1, and not use Desktop 2 for file sharing.
>
> To minimally secure your wireless LAN, you should do as many of the following as
> possible.
>
> Change the router management password, and disable remote (WAN) management.
====Did this when I set it up.
>
> Enable WEP (minimal) / WPA (preferable). Use non-trivial (non-guessable) values
> for encryption. (No "My dog has fleas").
>
> Enable MAC filtering.
>
> Change the subnet of your LAN - don't use the default.
===Did this too when setup
>
> Disable DHCP, and assign an address to each computer manually.
===Cable ISP needs DHCP
>
> Install a software firewall on every computer. Put manually assigned ip
> addresses in the Local (highly trusted) Zone. Open the firewall for file
> sharing, only in the Local Zone.
=====Also done
>
> Don't disable SSID broadcast - some configurations require the SSID broadcast.
> But change the SSID itself - to something that doesn't identify you, or the
> equipment.
>
> Enable the router activity log. Examine it regularly. Know what each
> connection listed represents - you? a neighbor?.
>
> Use non-trivial accounts and passwords on every computer connected to a wireless
> LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
> here). Rename Administrator, to a non-trivial value, and give it a non-trivial
> password. Never use the Administrator renamed account for day to day
> activities, only when intentionally doing administrative tasks.
===I believe I tried renaming Administrator on the W2Kpro (where all
data/apps needing high security reside) machine but it wouldn't accept a
change, will try again.
>
> Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
> microsoft.public.windows.networking.wireless are good places to start.
>
> --
> Cheers,
> Chuck
> http://nitecruzr.blogspot.com/
> Paranoia is not necessarily a bad thing - it comes from experience.
> My email is AT DOT
> actual address pchuck sonic net.
>
.
- Follow-Ups:
- Re: 3 PC SOHO Network setup problem
- From: Chuck
- Re: 3 PC SOHO Network setup problem
- References:
- 3 PC SOHO Network setup problem
- From: Motonut
- Re: 3 PC SOHO Network setup problem
- From: Chuck
- 3 PC SOHO Network setup problem
- Prev by Date: Re: Alternate IP
- Next by Date: Re: how to know my printer name to share?
- Previous by thread: Re: 3 PC SOHO Network setup problem
- Next by thread: Re: 3 PC SOHO Network setup problem
- Index(es):
Relevant Pages
|
