Are hidden shares safe from discovery

  • Thread starter Thread starter d28
  • Start date Start date
D

d28

I'm looking at methods to secure my wireless network in addition to
encryption used by the router and adaptors. Which would be to hide the
folders being shared across my internal LAN. When the shares are
hidden, is there any way for them to be discovered if by change someone
was able to get through and connect to my router? My PCs are installed
with WindowsXP SP1 and SP2.
 
d28 said:
I'm looking at methods to secure my wireless network in addition to
encryption used by the router and adaptors. Which would be to hide the
folders being shared across my internal LAN. When the shares are
hidden, is there any way for them to be discovered if by change someone
was able to get through and connect to my router? My PCs are installed
with WindowsXP SP1 and SP2.
Click to expand...

Anyone with administrator permissions can see the shares. You have to use
strong passwords on all accounts or someone could easily crack your password
and get access. By default all accounts have administrator permissions so
make sure all users on all pc's are using a strong password. If you are
using XP Pro turn off simple file sharing, make sure all volumes are using
NTFS, and restrict access by NTFS permissions.

http://msdn.microsoft.com/library/d...y/en-us/xpehelp/html/xeconstrongpasswords.asp

http://www.microsoft.com/resources/...all/proddocs/en-us/windows_password_tips.mspx

http://support.microsoft.com/default.aspx?scid=kb;en-us;304040

http://support.microsoft.com/default.aspx?scid=kb;en-us;307874

Kerry
 
In terms of access, it would have to come from an attack through the
wireless connection to the router. No one will have physical access to
the LAN PCs. So the scenario I'm trying to paint would be someone who
gained access through the router and my router assigns an IP address
because DHCP is enabled. Once connected can the attacker then discover
what the hidden shares are?
 
d28 said:
In terms of access, it would have to come from an attack through the
wireless connection to the router. No one will have physical access to
the LAN PCs. So the scenario I'm trying to paint would be someone who
gained access through the router and my router assigns an IP address
because DHCP is enabled. Once connected can the attacker then discover
what the hidden shares are?
Click to expand...

See my previous post. Once they have access to your lan everything in it
applies. It doesn't matter how they get access wired or wireless is the same
once they are connected. There are many programs available for hacking into
a computer once you are on the lan. Strong passwords and NTFS permissions
are good enough to defeat most hackers (i.e the neighbour's teenager). For a
truly determined hacker you would have to implement IPSEC and even that
might not work. That is the danger of wireless.

Kerry
 
Which programs? That's what I'm trying to get at. And if as you said,
someone were to remotely connect to my WLAN as an administator, they
are only administrator on thier machine, right? I don't have the remote
desktop service running or anything like that. I have only XP Home
machines making passwords irrelevant in file sharing. My only method to
somewhat to protect the shared folders is through the hidden share
(share$) method.
 
Hi everyone,

I'm having a related issue with my home network so I thought it'd be better to post my question here than make a new thread.

Basically, I'm looking to do the same thing as d28, but the issue I'm having is that there's a single XP Home Edition PC on the network and I can't access the hidden shares I've set up on that machine because of SFS's obnoxious "feature" that forces all remote users to authenticate as Guest.

Since XP Home doesn't seem to provide users with any way to shut off SFS or configure ACEs/ACLs, how do I go about actually getting the share to work?

Thanks in advance,

Chris
 
d28 said:
Which programs? That's what I'm trying to get at. And if as you said,
someone were to remotely connect to my WLAN as an administator, they
are only administrator on thier machine, right? I don't have the remote
desktop service running or anything like that. I have only XP Home
machines making passwords irrelevant in file sharing. My only method to
somewhat to protect the shared folders is through the hidden share
(share$) method.
Click to expand...

Someone trying to hack your LAN will probably not be using Windows XP. The
shares are only hidden from Windows clients. If they can access the LAN they
can access the shares if they have a password. If you have file sharing
enabled there are programs to use a brute force method to crack your
password. I am not going to post a tutorial on how to hack into a computer.
Just be assured that it can be done if they have access to your LAN. Using
strong passwords makes this harder. You can use NTFS permissions with XP
Home.

http://www.tweakhound.com/xp/xpperm/xpPerm1.htm

This will add another layer of protection. XP Home was not designed to be
secure on a network. You can make it somewhat secure. That is the best it
does.

Possibly your router can do MAC filtering. If you set that up it would be
much harder for someone to acquire access to the LAN.

http://www.google.com/search?hl=en&q=wireless+router+MAC+filtering&btnG=Search&meta=

To be 100% secure would require XP Pro, an offline certificate server with
IPSEC, a secure DHCP server or static IP's, a secure DNS server, and a
wireless router with a very sophisticated firewall. Even then you would have
to monitor for intrusions. Security is a very complex subject. Wireless
networking just adds to the problem. If you take reasonable precautions and
use WPA encryption and NTFS permissions with wireless networking I would be
more worried about malware from the internet than someone hacking your
wireless network. If your data is really that sensitive you need outside
help and a lot of money.

Kerry
 
Back
Top