Re: XP Home safe file sharing (newbie)

On Fri, 20 Jan 2006 22:51:18 +0000, Ben Hardy <ben@xxxxxxxxxx> wrote:

>Chuck wrote:
>> On Fri, 20 Jan 2006 13:56:02 -0800, George Boyce <George
>> Boyce@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>
>>> "Ben Hardy" wrote:
>>>
>>>> Can someone point me somewhere that instructs me how to set up file
>>>> sharing on a home network that is secure.
>>>> I have 2 pcs (both XP Home) connected to Hub/ADSL modem. Each PC can
>>>> access the Internet but I want to share files between each PC but
>>>> without compromising security re the Internet. I know how to do it but I
>>>> have no idea if it is safe. Each PC has a software firewall (ZoneAlarm)
>>>> and the Hub/ADSL Modem has a hardware firewall. However, when I set them
>>>> up to do File & Folder Sharing there are all these warnings about
>>>> security and that if I Share then anyone on the Net can access my files.
>>>> There is a way to do this I assume but at present I am too stupid to
>>>> work out how. Help!
>>>> Ben
>>
>>> I have done this in the past, but it's been awhile. I know that if you're
>>> behind the ZoneAlarm client, you are protected from the outside world (unless
>>> you invite that world in)...... e-mail me!
>>>
>>> George Boyce
>>
>> George,
>>
>> Zone Alarm is an excellent (free) internal layer of protection, but it's not a
>> complete defense. And ZA, by itself, will waste your time (and CPU) with all of
>> the reports of "intrusions" (probes from infected computers) that are part of
>> the background noise in the Internet.
>>
>> You really, really, need an outer layer, ie a NAT router, protecting your
>> perimeter.
>> <http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>
>> http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html
>>
>> Remember Zone Alarm, by itself, is not invincible. Multi-function trojans can
>> get to your computer, and shut ZA down. An up-to-date, and consistent,
>> antivirus and antitrojan defense is essential (see above link).
>>
>> And George, please don't contribute to the spread and success of email address
>> mining viruses. Posting your email address openly (or encouraging others to do
>> so) will get you (or others) more unwanted email, than wanted email. Learn to
>> munge your email address properly, to keep yourself a bit safer when posting to
>> open forums. Protect yourself and the rest of the internet - read this article.
>> <http://nitecruzr.blogspot.com/2005/05/how-to-post-on-usenet-and-encourage.html#Munging>

>Well, I like to get secure so I currently have on both PCs: Spyware
>Doctor, Ad-Aware, ZoneAlarm, the hardware firewall built into the
>Router/Hub thing, AVG AntiVirus, MS AntiSpyware, MS Baseline Security
>Analyzer and all the latest updates but it's this File Sharing thing
>that still bugs me. Obviously, I have to have 'exceptions' setup on
>ZoneAlarm to allow for PC1 & PC2 to 'see' each other but I'm don't know
>if this is safe or not.
>Thanks for the links Chuck but I'm having trouble understanding how I
>might apply the information there. And being an idiot regarding
>routers/hubs and NAT I don't even know if the Dynamode ADSL Bridge
>Router (R-ADSL-C4S)is NAT or NOT!
>Ben

Ben,

The C45 IS a NAT router.
The R-ADSL-C4S supports up to 253 concurrent Computers for a single ADSL
connection and is perfect for both Office and Home Use.
Configuration of NAT/NAPT
<http://www.dynamode.net/ADSL/R-ADSL-C4S.htm>
http://www.dynamode.net/ADSL/R-ADSL-C4S.htm

If you want to use file sharing on your LAN, you will have to setup exceptions
in ZA, and it is safe, within limits. The only truly safe computer is encased
in concrete, and sits at the bottom of the ocean. Short of that, I think you've
covered most of it.

Since you're asking the questions, it sounds like you have Layers 4 and 5 under
control.
# Layer 4 - Common Sense
# Layer 5 - Education

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.

Relevant Pages

  • Re: XP2 and router firewalls
    ... A NAT router like the DI-604 is just the outermost layer of a good defense ... Each layer is necessary because no layer produces complete protection. ... from other computers on your LAN. ...
    (microsoft.public.windowsxp.network_web)
  • Re: question about hardware firewall
    ... basic protection. ... protection - just as the outermost layer of protection. ... The first layer is your NAT router (hardware firewall). ...
    (comp.security.firewalls)
  • Re: Question bruteforcing
    ... because your router does not have the same OS, ... The router will give you one extra layer in your ... some may exploit an unknown vulnerability ... But to come full circle this is where a router would offer protection ...
    (Fedora)
  • Re: Would a firewall prevent Sasser worm?
    ... >>your side of the router. ... >>(although one PC with a worm behind your NAT router can gut all the other ... AFAIK the SPI bit gives you additional protection against Denial of Service ... attacks designed to confuse your router by sending malformed packets ...
    (comp.security.misc)
  • Re: Would a firewall prevent Sasser worm?
    ... >>your side of the router. ... >>(although one PC with a worm behind your NAT router can gut all the other ... AFAIK the SPI bit gives you additional protection against Denial of Service ... attacks designed to confuse your router by sending malformed packets ...
    (comp.security.firewalls)