How can we better secure our network?
June 26, 2008 11:04 AM Subscribe
My (very) small office has two desktops running XP Pro (SP3), that are networked using a cable. They also share a DSL internet connection, which can also be accessed wirelessly via our Linksys router.
The internet connection isn't password protected, which is nice in that it allows people who visit to have an easy time getting online. However, I'm pretty sure that free and easy access to wireless network=anyone can access our shared folders on those two desktops. Clearly, this is bad, but I'm not sure what to do. Please explain a fix to me like I'm five. Thanks.
Also, both computers are running a third-party (not the built-in-to-Windows) firewall.
Thanks in advance to everyone.
Also, both computers are running a third-party (not the built-in-to-Windows) firewall.
Thanks in advance to everyone.
This is one solution:
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
It is interesting that it's so difficult to do this.
posted by effugas at 11:35 AM on June 26, 2008
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm
It is interesting that it's so difficult to do this.
posted by effugas at 11:35 AM on June 26, 2008
Step 1: Set up a password
Step 2: Put password somewhere everyone can read it from most places in the room
Step 3: Change password as often as you deem necessary.
posted by theichibun at 11:44 AM on June 26, 2008
Step 2: Put password somewhere everyone can read it from most places in the room
Step 3: Change password as often as you deem necessary.
posted by theichibun at 11:44 AM on June 26, 2008
If you want to leave the wifi open, I suggest what effugas linked to.
If you disable simple file sharing, and delete the "Everyone" from the access list on the shared folders... and then just add the appropriate users on those machines then you should be good. Visitors can use wifi for net access without a password but they won't be able to access your shares unless they know the login and pass for them.
posted by utsutsu at 12:03 PM on June 26, 2008
If you disable simple file sharing, and delete the "Everyone" from the access list on the shared folders... and then just add the appropriate users on those machines then you should be good. Visitors can use wifi for net access without a password but they won't be able to access your shares unless they know the login and pass for them.
posted by utsutsu at 12:03 PM on June 26, 2008
Response by poster: @wongcorgi OK, I didn't think I knew how to set up a password through the wireless router, which I figured out. What I'm unclear on is this:
Under the Wireless Security page of the of the Linksys setup, I chose the following setting:
Security Mode: WEP
Default Transmit Key = 1
WEP Encryption 64 bits 10 Hex digits
Passphrase = i just made up a word and put it here.
It then gives me 4 combinations of letters and numbers, listed under Key 1, Key 2, Key 3, and Key 4.
I can only log in under Key 1, which I suppose is because the Default Transmit Key is also 1.
Does this mean that everyone will log-in under using Key 1 as a password? Can more than one person at a time log into the network using that password?
posted by 4ster at 12:03 PM on June 26, 2008
Under the Wireless Security page of the of the Linksys setup, I chose the following setting:
Security Mode: WEP
Default Transmit Key = 1
WEP Encryption 64 bits 10 Hex digits
Passphrase = i just made up a word and put it here.
It then gives me 4 combinations of letters and numbers, listed under Key 1, Key 2, Key 3, and Key 4.
I can only log in under Key 1, which I suppose is because the Default Transmit Key is also 1.
Does this mean that everyone will log-in under using Key 1 as a password? Can more than one person at a time log into the network using that password?
posted by 4ster at 12:03 PM on June 26, 2008
Or just change the workgroup you're on... Unless someone is a member of your workgroup, they won't be able to see any of the network's resources. They'll get Interweb, but that's it.
Microsoft KnowledgeBase article How-To.
posted by Dark Messiah at 12:05 PM on June 26, 2008
Microsoft KnowledgeBase article How-To.
posted by Dark Messiah at 12:05 PM on June 26, 2008
I'd recommend passwording the wireless network anyway, though. For WEP, just use key 1. If you can, use WPA; you can pick your own password which is easier to remember than a string of gibberish.
posted by Dark Messiah at 12:06 PM on June 26, 2008
posted by Dark Messiah at 12:06 PM on June 26, 2008
Use WPA. If anyone actually cares at all about hacking into your files - which is unlikely but far from impossible - WEP is gone immediately; WPA provides some halfway meaningful security.
posted by Tomorrowful at 12:51 PM on June 26, 2008
posted by Tomorrowful at 12:51 PM on June 26, 2008
@4ster: WEP is a slightly outdated, you should be using WPA or WPA2, and yes, more than one person can log into the network with the passphrase.
@Dark Messiah: Not seeing network resources isnt the same as not being able to access them. Someone could use the netbios name or the IP to access the shared resources.
posted by wongcorgi at 12:52 PM on June 26, 2008
@Dark Messiah: Not seeing network resources isnt the same as not being able to access them. Someone could use the netbios name or the IP to access the shared resources.
posted by wongcorgi at 12:52 PM on June 26, 2008
You could possibly put the wireless on its own VLAN (virtual LAN) and the office computers on a separate VLAN. I'm not sure if your linksys router supports this. This would be something a consultant would be better at implementing. This would allow you to leave the wireless unprotected, yet still have your files sectioned off, with internet access to both.
posted by ijoyner at 1:01 PM on June 26, 2008
posted by ijoyner at 1:01 PM on June 26, 2008
Does this mean that everyone will log-in under using Key 1 as a password?
Yep thats correct. Nowadays its advisable that you use WPA instead of WEP because WEP is easily broken. You get that advantage as well as using a real passphrase. So lets say you setup WPA and you set the password to "dont come a'knockin!" Your pals would just type that in. No need for DEF4B23DD029 or whatever WEP key you are using.
If it asks: you are going to use WPA-Personal or WPA-PSK. If it asks you about encryption just use TKIP.
posted by damn dirty ape at 1:08 PM on June 26, 2008
Its also worth mentioning that the only security weakness with WPA is a 'weak' passphrase. So toss in some letters and numbers. Its also caps sensitive.
This is a bad passphrase "hello there"
This is a good passphrase "h3ll0 th3r3@!"
posted by damn dirty ape at 1:09 PM on June 26, 2008
This is a bad passphrase "hello there"
This is a good passphrase "h3ll0 th3r3@!"
posted by damn dirty ape at 1:09 PM on June 26, 2008
This thread is closed to new comments.
posted by wongcorgi at 11:15 AM on June 26, 2008