Re: 3 PC SOHO Network setup problem
- From: Chuck <none@xxxxxxxxxxx>
- Date: 3 May 2005 11:04:02 -0500
On Tue, 3 May 2005 07:02:05 -0700, "Motonut" <Motonut@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
>Thanks for both replies, see responses below. As I say below, my setup should
>be pretty common these days, shouldn't it be alot easier to impliment this
>functionality?
>Bill
>
>"Chuck" wrote:
>
>> On Mon, 2 May 2005 12:01:10 -0700, "Motonut" <Motonut@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> wrote:
>>
>> >I am having difficulty getting my home network set up so my wife and I can
>> >access all files/devices from all of our PC?s. Ideally, since I?ve renamed
>> >our 3 PC workgroup (no longer called Workgroup) I would like it set up so
>> >that when we log on to any of the 3 PC?s our ID?s would allow us access to
>> >most, if not all, files/devices in our workgroup. Setting up Sharing on each
>> >of the devices has proved to be hit or miss as to its success. I would also
>> >prefer if I could set it up so only the 3 PC?s on our (renamed) workgroup
>> >have access to any other PC's device.
>> >
>> >We have 2 desktop PC?s connected via Ethernet to a D-Link DI-524 (4 port and
>> >wireless) router and a laptop PC that can be Ethernet or wirelessly connected
>> >to the D-Link. The house is well over 300? from the nearest neighbor or road
>> >so security on the wireless side is not a major concern. The OS?s of each
>> >system is:
>> >Desktop 1 - MS Windows 2000 Pro SP4
>> >Desktop 2 ? MS Windows XP Home Ed. SP2
>> >Laptop 1 ? MS Windows XP Pro SP2
>> >
>> >Our internet connection is via a cable modem connected directly to the
>> >D-Link router, no PC has an internet connection other than through the router.
>> >
>> >XP?s Network Setup Wizard has been run on the 2 XP machines but is not
>> >functional on Win2K. What are my options for setting up our private (secure)
>> >network?
>> >
>> >TIA,
>>
>> Neither Windows 2000 nor Windows XP restrict access by computer, only by
>> account. XP Home, unfortunately, uses Simple File Sharing, which allows access
>> only by the Guest account, which means this computer will be open to anyone.
>
>== This sucks, I disable Guest for security reasons. You would think my
>setup is a pretty common one these days and they would make this
>functionality available.
>>
>> With Simple File Sharing, you'll not be able to access "C:\Program Files",
>> "C:\Windows", or any of the profile related folders such as "My Documents". All
>> of those folders require individual user, or administrator access, and Guest
>> access gives you neither.
>>
>> The fact that your property is large will not mean a great deal to anyone
>> determined enough; someone with a well constructed wireless apparatus could
>> hijack your wireless signal, and possibly access your shared data, just as
>> easily as someone connecting by Ethernet, sitting as much as a mile away.
>
>===I'm not going to try and prevent all conceivable possabilities, just the
>most likely. I'm in farm country, it's a little too remote for someone to
>drive around looking fo a hot-spot, besides, critical data/apps on my PC's
>have their own protection.
>>
>> Windows XP Home is just not a good idea for a secure WiFi LAN, nor is it for a
>> LAN where you wish to access all files. If you want to have symmetrical access
>> between all 3 computers, you'll have to use Simple File Sharing on the Laptop,
>> activate Guest on all 3 computers, and accept the fact that any data shared to
>> anybody is accessible by everybody. And the fact that some data (noted above)
>> will not be available to anybody except by local access.
>>
>> If I were you, I would disable Simple File Sharing on Laptop, disable the Guest
>> account on Desktop 1 and Laptop 1, and not use Desktop 2 for file sharing.
>>
>> To minimally secure your wireless LAN, you should do as many of the following as
>> possible.
>>
>> Change the router management password, and disable remote (WAN) management.
>
>====Did this when I set it up.
>>
>> Enable WEP (minimal) / WPA (preferable). Use non-trivial (non-guessable) values
>> for encryption. (No "My dog has fleas").
>>
>> Enable MAC filtering.
>>
>> Change the subnet of your LAN - don't use the default.
>
>===Did this too when setup
>>
>> Disable DHCP, and assign an address to each computer manually.
>
>===Cable ISP needs DHCP
>>
>> Install a software firewall on every computer. Put manually assigned ip
>> addresses in the Local (highly trusted) Zone. Open the firewall for file
>> sharing, only in the Local Zone.
>
>=====Also done
>>
>> Don't disable SSID broadcast - some configurations require the SSID broadcast.
>> But change the SSID itself - to something that doesn't identify you, or the
>> equipment.
>>
>> Enable the router activity log. Examine it regularly. Know what each
>> connection listed represents - you? a neighbor?.
>>
>> Use non-trivial accounts and passwords on every computer connected to a wireless
>> LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
>> here). Rename Administrator, to a non-trivial value, and give it a non-trivial
>> password. Never use the Administrator renamed account for day to day
>> activities, only when intentionally doing administrative tasks.
>
>===I believe I tried renaming Administrator on the W2Kpro (where all
>data/apps needing high security reside) machine but it wouldn't accept a
>change, will try again.
>>
>> Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
>> microsoft.public.windows.networking.wireless are good places to start.
Bill,
XP Home, and Simple File Sharing, sucks.
<http://nitecruzr.blogspot.com/2005/04/windows-xp-file-sharing-anything-but.html>
XP Home on a wireless LAN is a bad idea.
It is fairly easy to implement this functionality - upgrade to XP Pro.
Other than that, it sounds like you have a good handle on things - short of the
bad guys finding a nearby parking lot to hang out in and hijack your signal,
you're probably safe.
I will comment on one issue which you don't appear to understand.
>> Disable DHCP, and assign an address to each computer manually.
>===Cable ISP needs DHCP
Whether or not your WAN (connected to your Cable ISP) uses DHCP, you can, and
should, use fixed ip assignment on your LAN. The router makes that possible.
Please use a fixed ip address on your LAN, where you're vulnerable to attack.
Renaming the vulnerable accounts may or may not be a useful strategy. If this
doen't work for you, don't frustrate yourself too much. But do try and use
fixed ip addresses, and turn DHCP off on your LAN.
--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not necessarily a bad thing - it comes from experience.
My email is AT DOT
actual address pchuck sonic net.
.
- References:
- 3 PC SOHO Network setup problem
- From: Motonut
- Re: 3 PC SOHO Network setup problem
- From: Chuck
- Re: 3 PC SOHO Network setup problem
- From: Motonut
- 3 PC SOHO Network setup problem
- Prev by Date: DHCP Client Service Just Stoped
- Next by Date: Re: Need help networking HOME + PRO
- Previous by thread: Re: 3 PC SOHO Network setup problem
- Next by thread: Re: Networking Windows XP Pro and Windows XP Home Edition
- Index(es):
Relevant Pages
|
