At home I have created a wireless network and configured XP SP2 to do simple file and printer sharing. Firewall is configured to trust the local network behind the router.
When I'm on the road, what should I do to secure my laptop when connecting to public WiFi spots? It would be a PITA to turn off sharing on every folder I created for the home network.
What do you guys do to manage these two "profiles"? How do you do it?
How about using the security credentials that XP provides, so in addition to the firewall features, only grant security access to the shares to the users that need access and not EVERYONE or GUEST users.
Anyone that manages to get onto your WiFi network at home is therefore trusted. I have a long lease time for DHCP, and configured just a couple of trusted addresses.
If your home network happens to be one of the widely popular numbers, that might not be a good thing either. I always move away from 192.168.0.x on any router I set up, just so I don't get confused. You might wind up "blessing" the wrong network.
You could always run a cmd prompt "net stop server". That stops print and file sharing, and a couple of other things you probably don't need at Starbucks. When you reboot it would come back, or you could start it and its dependents from start-run-services.msc
With ZoneLabs it was pretty simple. Whenever I connected to a new network, it would show up as a new subnet, and get appropriate permissions.
speeder wrote in news: snipped-for-privacy@4ax.com:
If it were me, I would use the Authenticated User Group on shares and remove all other accounts off the share. But you need to be using NTFS. That's what I do on all my shared folders. It means an user account/user-id must be set-up using XP's User Manager to access the share. If the proper account credentials or user-Id and psw are not given when a remote machine tries to access the share, access is denied, which can be set for user-id (s)/users on your LAN.
formatting link
Authenticated User Group is also being discussed in the link.
Others have covered some of the methods and requirements. I'll just offer some useful tools:
Belarc Advisor.
formatting link
is really an inventory control program that give you a list of what inside your laptop. However, the latest version has a "security benchmark" feature that lists a considerable number of potential local security related settings and options. It's real easy to forget an open share or an account with an insecure password. Use it like a checklist. It's not necessary to have all the holes plugged, but you should be aware of the possibilities listed.
Netswitcher.
formatting link
allows you to switch network setups between multiple locations on the fly. It includes the usual protocols and IP's, but also mail serves and printers. Useful if you connect your laptop to multiple LAN's and WLAN's. This is really your "profile" manager.
Newt security scanner.
formatting link
will scan your machine and those on your LAN for known vulnerabilities.
Good stuff, thanks everyone. I just found out my laptop is XP Home and according to one of those links:
"Unfortunately, XP Home Edition doesn't allow you to disable Simple File Sharing and is unable to join a domain, so the best you can hope for is to make sure you set your shared folders to be read only, hide the file shares by using a $ sign after the folder name, or if your using the NTFS file system, use the 'Make Private" option in the folder properties."
I guess the secure and simplest solution is to configure my firewall to untrust local networks.
speeder wrote in news: snipped-for-privacy@4ax.com:
Really, all you have to do is block traffic on port 445.
formatting link
's_port_445_in_w2k_xp_2003.htm And you can do it with IPsec that's on the XP O/S.
formatting link
You can also implement Analog's Ipsec policy rules and go to the Windows Networking policies and kill networking period on the machine while you're on the road and disable IPsec when you're at home to enable networking again.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.