I connect to the internet via a Netgear wifi modem/router. My own PC (Win98SE) is connected to this by wire, my wife's laptop(WinXPSP2) is connected by wifi. This works OK - both machines can access the internet fine. But,I would like to be able to send files from the PC to the laptop.
How do I congifure things to enable files to be sent from the PC to the laptop without have the laptop or PC vulnerable on the internet?
I would appreciate any help
Regards, Terry
On 16 Jul 2006 01:08:44 GMT, Terry wrote in :
At a minimum, you should:
(a) use WPA on your wireless with a strong passphrase (at least 20 characters, 30 is better);
(b) use strong passwords on all your shares (at least 12 random characters);
(c) not open "holes" in your wireless router to computers on your LAN, or use the horribly misnamed "DMZ" feature;
(d) use software ("personal") firewalls on all computers.
See "Making File and Printer Sharing Safer in Windows XP Service Pack 2"
If the router provides NAT, you can use Windows File Sharing.
snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in news:1hin1zs.1fjyqge1shwvywN% snipped-for-privacy@hotmail.com:
Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3 as IP for my PC and the laptop.
If I now enable 'file and printer sharing' on both machines, will this be safe regarding unwanted access via the internet? Is it possible/necessary to limit access to just the two machines?
Thanks,
Terry
On 19 Jul 2006 01:49:23 GMT, Terry wrote in :
No.
See my prior response.
The OP stipulates "on the internet" and "via the internet". Since when has a PC behind a router with NAT been accessable from the internet?
On Thu, 20 Jul 2006 14:14:56 +0200, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :
There are ways to get through NAT (PAT) from the outside (and before you ask, I'm not going to detail that here). Marketing claims notwithstanding, NAT alone is not as effective as a real SPI firewall.
You answered "no" to being "safe regarding unwanted access via the internet" when file and printer sharing are enabled. Now you vaguely refer to something you call "ways to get through NAT". And then you try to duck out by pretending that you could somehow be able "to detail that here".
Are you not really a wannabee, Mr Navas?
Again, the difference between network address translation and statefull packet inspection has nothing to do with the question you answered "no" to.
A link explaining NAT- and SPI firewalls:
snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in news:1hisn7b.zy2oit14k1juqN% snipped-for-privacy@hotmail.com:
The router I'm using (Netgear DG834G) uses SPI according to the spec.
As there's no reason anyone would want to target my PC, am I safe from a random or casual attack, as regards having 'file and printer sharing' enabled?
And, just out of interest, is it really possible for someone to get past NAT and access to files?
Regards,
Terry
On 20 Jul 2006 22:23:59 GMT, Terry wrote in :
Good. Properly implemented, it *should* be considerably more robust than NAT alone. (To have real confidence in the firewall, you need independent certification; e.g., by ICSA Labs.)
Just because you don't think anyone is after you personally, a big problem is the opportunity to make serious dirty money from zombie networks. There are lots of such nasty folk out there -- my firewall (an ICSA-certified SonicWALL) has typically logged multiple attacks per day, and while many of them are just probes for security vulnerabilities, some of them are pretty sophisticated. And of course I have no way of knowing what might not have been logged.
Here's what Cisco says (in "Anatomy: A Look Inside Network Address Translators", September 2004):
Learning from NATs At this stage we can observe a few relevant lessons about NATs: ... Secondly, a little bit of security is often far worse than no security. NATs are very poor security devices, and in terms of their ---------------------------------------------------------- behavior with UDP, NATs afford only minor levels of protection. The --------------------------------------------------------------- task of securing a site from various forms of attack and disruption remains one of a careful exercise of assessment of acceptable risk coupled with detailed consideration of site-management functions. NATs are not a quick way out of this effort.
For more context, see Section 9.0 (Security Considerations) of RFC 2663 (NAT Terminology and Considerations), a 7-year old document (ancient in Internet terms). See also tcptraceroute, which can traverse NAT.
I could go on, but as I said before, I'm not going to go into real detail here. Take that however you wish.
The three laws of prediction:
-Arthur C. Clarke
Why don't you just answer the question?
No. And why should someone with a NAT firewall who wants to turn on file and printer sharing be concerned about (from the link above, using SPI):
- blocking Java, ActiveX, and Cookie portions of downloaded web pages
- blocking access to WAN Proxy servers
- blocking "IP Spoofing" attacks
- blocking malformed IP packet attacks such as "Ping of Death", and variants such as "Teardrop", "Bonk", and "Nestea"
-blocking SYN flood and LAND attacks
Mr Navas?
BTW. My router with NAT blocks SYN flood attacks, and answering pings can be turned off.
You can test your connection with Shieldsup at Steve Gibson's site, here:
On Fri, 21 Jul 2006 12:38:58 +0200, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :
Because I don't trust the audience, and I'm not about to help evildoers. Is that clear enough? ;)
On Fri, 21 Jul 2006 12:38:59 +0200, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :
SPI is something else entirely. Here's a good start:
Zippie do.
On Fri, 21 Jul 2006 16:28:23 +0200, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :
Full of very bad advice by Steve "Chicken Little" Gibson.
And lots more.
Well, yes actually though not trivially.
- you could mistakenly open the ports on your router.
- your router could have an exploitable flaw in the firmware.
(list of fairly irrelevant items).
Well, they're all things one should perhaps be interested in blocking anyway, but I agree tehy've sod all to do with file & printer sharing.
What a stupid answer!
He asked, is it possible for someone to...
So could a router with SPI.
Exactly!
All these Chicken Littles (Mr Navas) on usenet.
A case of the kettle calling the pot black.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.