Results 1 to 9 of 9

Thread: File and Printer Sharing vulnerabilities

  1. #1
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299

    File and Printer Sharing vulnerabilities

    I used to hear a lot of things about file and printer sharing causing a security risk, I never was interested and never read into it so I just disabled it since I had no use for it. Now, I'm setting up a network between two Windows XP SP2 computers, and I wish to enable file and printer sharing. What if any are the security risks, do you recommend leaving it enabled or only enabling it when needed? What would I be able to do to help prevent some of these vulnerabilities (if any).
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  2. #2
    Senior Member
    Join Date
    Aug 2004
    Posts
    149
    well befor i get into a huge typing frenzie you could help me out by letting me know what kind of netwrok is it going to be. I.E. Wireless, or hardlined. is it going to be behind a router?

  3. #3
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    It's going to be EVENTUALLY (as soon as my laptops PCIMIA card arrives) wireless, in the meantime it's "hardlined". Yeah it's going through a router, this router has some firewall settings but I just got it today so haven't done much exploring of the options yet.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I am afraid that I am not much of a help here as I have only ever shared printers in a home environment.

    However I do believe that a lot of the "security risk" you refer to was based on the precept that if you don't use something then turn it off so you won't have to worry about it, and it cannot be used to harm you.

    Obviously, file and printer sharing are commonplace in commercial and institutional environments, so they are not inherently dangerous, provided they are set up properly and the rest of your system is secure.

    I would be inclined to argue that it is the act of networking that is potentially dangerous, rather than the sharing..................and there wouldn't be much point in networking two production PCs without some sort of sharing?

  5. #5
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    Quote Originally Posted by Raion
    It's going to be EVENTUALLY (as soon as my laptops PCIMIA card arrives) wireless, in the meantime it's "hardlined". Yeah it's going through a router, this router has some firewall settings but I just got it today so haven't done much exploring of the options yet.
    Raion,

    I think that the thing you need to look at is blocking any incoming traffic on the printer and file sharing ports (can't remember them of the top of my head).

    The risk of file and printer sharing is that you open a listener on additional ports, which intruders can try to hijack. If you block these at your router, you start limiting the risk.

    The second thing to do is to beef up your firewall on the PC which is going to be doing the sharing. Only allow incoming connections from the address (ideally MAC address) of the other PC. You could also look at what limits you can configure in your router to do MAC address filtering.

    Basically, the more you can limit who is allowed to do what the less chances you take.

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    If setup properly with user permissions and file security...there should be no issues.

    Protect the lan with a router\firewall

    although I have seen many poorly setup networks...where every C$ is shared...everyone full control

    Your just asking for problems..

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    I think that the thing you need to look at is blocking any incoming traffic on the printer and file sharing ports (can't remember them of the top of my head).
    I was looking at the Windows Firewall settings, which is turned on by default when I setup a network, and it doesn't accept connections from IP addresses that aren't on my network. I don't trust Windows Firewall but would it do? My computer isn't very high on resources to take on an AV and a software firewall (and the one included with my router is highly annoying).

    BTW if it helps, I have a Netgear wgr614

    although I have seen many poorly setup networks...where every C$ is shared...everyone full control
    lol didn't Win2000 come with that as default once, I found that quite funny the first time I installed it, after a fresh install it was a shared.
    However, I won't be using it to share files too much; I would just simply use AIM for that if I didn't setup the network. My main purpose is to share my printer.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  8. #8
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    143
    In my thinking it's not so much print and file sharing that is vulnerable but that it enables NETBIOS when using it. It's the NETBIOS you want to focus on securing, mostly via the anonymous login and of course being patched

    Look into RestrictAnonymous at the below URL, it's about half way down.
    http://technet2.microsoft.com/Window....mspx?mfr=true
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Some random thoughts on locking a share down a bit:

    1) Make sure that tcp/445 and tcp/139 are blocked at your Internet/Home Network boundary (I'd hope they already are).

    2) Use the built-in firewall provided with XP SP2 (make sure that you create a rule allowing the two systems to talk to each other).

    3) Make sure the share is restricted ONLY to the specific directory needed (Ie, avoid sharing the whole drive or system critical areas (like \Windows, \Documents and Settings, etc). Make sure that the share requires authentication (preferably with a good password), ie no single dictionary words, upper/lower case, symbols, numbers, blah blah blah)...

    4) Enforce LANMAN2 encryption/negotiation (much stronger and harder to crack)

    5) Make sure you have auditing/logging enabled so you will have an idea if something has gone wrong (like a brute force attack). This will be especially important if you move to all wireless.

    6) Make sure you keep your system(s) fully up to date in regards to patches/anti-virus (you are after all opening your system up by making the daemon accessible).

    7) Consider using, if not already, NTFS so that you can further restrict the permissions of the share.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •