Securing networks against intrusion

[Licensed to Quill]

I just set up an 802.1g using a Buffalo G54 router to which I have my main
computer hard-wired and another computer running xp in another room
connected.

My main hard-wired computer is at present a Windows 2000 computer with which
I would like to share all the Windows 2000 computer's files across MY
network

I can easily connect the Windows XP machine in the living room to the
internet using an 802.11b wireless pick-up I bought and set up file and
print sharing on the xp machine. But when I do so it tells me that I can
put the XP install disc in the Windows 2000 machine to enable file and
printer sharing across the network it just set up, that windows 2000 will
recognise it and install file and print sharing within the network

When I do so Windows 2000 tells me that it cant do so using this (xp) disc
and that I should set up my network by myself. Which is a lot of use as it
doesn't tell you how to do so.

In any event I did manage to get file (and print?) sharing enabled across
'the network' on the windows 2000 machine and now I wonder if all my files
on the Windows 2000 computer are accessable to anyone on the internet???
What is for certain at the moment is that I can't access the xp machine in
my living room from the Windows 2000 'server'.

What did I do wrong or did I just name the workgroup wrongly and if so, how
do I change the workgroup name on the windows 2000 machine and will that
automatically make the files accessable only to computers on the lan itself?
Or are all my files accessable to the whole internet merely by my enabling
file and print sharing across the network? (what network is it talking
about?) I also have At Guard (later known as Norton Internet Security)
installed on the Windows 2000 machine so I THOUGHT that no one could access
anything across that software firewall. But now I am not so sure I havent
changed all that?

Do I in addition need to activate some sort of hardware firewall which I am
sure is on the Buffalo G54 or must that type of thing always be activated by
default? I would like to move all my files and programs onto the living
room computer and access them only through the network as I am running out
of space on the windows 2000 computer

(Or MUST I uninstall the programs and reinstall them on the XP machine?)

L2Q

 

[Phillip Windell]

In any event I did manage to get file (and print?) sharing enabled across
'the network' on the windows 2000 machine and now I wonder if all my files
on the Windows 2000 computer are accessable to anyone on the internet???

The only machine accessable from the Internet is the machine that actually
has the Public IP#. Other machines "behind" that run Private IP#s and those
numbers are not "internet compatible" and cannot be accessed.

about?) I also have At Guard (later known as Norton Internet Security)
installed on the Windows 2000 machine so I THOUGHT that no one could >

access anything across that software firewall. But now I am not so sure I

havent changed all that?

It wouldn't be accessable even without that. The only way machine behind the
firewall running private IP#s is accessable is if you used the firewall to
"publish" some application or feature on that machine to the internet. This
can be complicated to do and you would not have tripped over it and done it
by accident.

Then even after all that there is still the NTFS FileSystem permissions that
have to be dealt with. Remember that even the "Everyone Group" on a machine
dosen't mean "Everyone one in the World" , it means "Everyone who has a
local Account on the Machine".

 

[serverguy]

Ok, here are some suggestions. Do not use the XP networking wizard - as you
discovered, it may not work right on the W2K box. DO look up "peer to peer
networking" in the Win2K Help menu. It will give you a good place to start.
As for Internet users being able to access all your files, that depends on a
lot of things. If you have good strong passwords for both share and NTFS
permissions and/or carefully use file encryption, it is unlikely anyone
would be able to get to your files except you. What I mean is do not use
the default accounts like "administrator." Create your own account (same on
both machines) and use a very strong password (combination of upper and
lower case letters, numbers and symbols and at least 8 characters long). DO
NOT keep the default "Everyone" group permissions set on your drive(s).
Only assign permissions to your user and/or group (having only your user in
your group, etc.) The reason you may not be able to access the XP machine is
either the built-in personal firewall is enabled or you did not setup
shares/permissions properly. Your computers should not have public ip
addresses, only the router should have a public static ip. Instead both
computers should have private ips (192.168.x.x) This will help prevent
access from the Internet also.
Yes, you do need to reinstall any programs you want to have on the XP box.
I have not even touched on the mulitude of security issues inherent in
wireless networking. I suggest you read up on the subject if you don't want
your neighbors to be able to see your network.

Hope this helps.