Results 1 to 9 of 9

Thread: Windows File Sharing Alternative

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    6

    Windows File Sharing Alternative

    Hey all, I was wondering if anyone knows of an alternative to windows file sharing. I am looking for a secure method of transferring files between my Windows 2000 Advanced Server and my windows xp machines. Since the windows xp users are basic users this process needs to be hidden.

    My main problem is windows RPC, which is used by file sharing. I really don't want to leave it open unless I have to as its rich in security flaws.

    Any ideas or a shove in the right direction would be great!



    Thanks for Your Help!

    sd

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    What are these files.......data or applications?

    Are the files requested by the users, or are you pushing them down to the XP boxes?

  3. #3
    Junior Member
    Join Date
    Sep 2004
    Posts
    6
    Hey, Thanks for the response.


    Only files will be offered to the users. I would like a folder to be placed on their desktop that will link them to the files located on the server. So all important files will be centrally stored for backup purposes. This folder should be readable and writable by the users though.

    Hope that answers your question.


    Thanks!
    sd

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Have you looked at products such as Citrix?

    Solutions I have seen in the defence industry involve a separate secure network, although that is probably overkill.

    I would have thought that if your server is secure (AV, IDS, Firewall etc.), you should be safe?

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Windows File Sharing is perfectly safe on a network that is firewalled, (properly), from the public network and suitably protected from viruses.

    If it isn't then it is a problem.... I would recommend properly protecting the perimeter and allowing Windows to work the way it is supposed to rahther than trying to mess with it which will only make your life difficult in the end.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Apart from considerations about LAN/WAN/external access, this is
    a general proposal.

    3th party products

    Unfortunately, I have no experience with 3th party products like
    WebDAV[1], hence cannot recommend it. You may give it a try
    nevertheless, although this is not a transparent solution.

    Briefly: WebDAV stands for "Web-based Distributed Authoring and Versioning".
    It is a set of extensions to the HTTP protocol which allows users to collaboratively
    edit and manage files on remote web servers.
    You won't have that "network drive" icon to work with.
    I try to sketch another solution, based on samba over ssh[2].



    RPC port and filesharing?

    Note, that you can disable Port 135 ("RPC listener") (and 445 at the same time)
    using a tool wwdc[3]. At this stage, let us enable NetBIOS over TCP/IP
    (Port 137-139). There are security implications, but continue reading.


    The idea I propose is the following:
    Allow 137-139 locally only (local IP and 127.0.0.1), create a SSH tunnel (Port 22)
    to your Win2000 advanced server (e.g. OpenSSH[4]), and tunnel the file sharing traffic.


    Advantages:
    Although 137-139 is listening (however local only, blocked by firewall to "external" IPs
    completely), you can create a standard "network drive" securely, allowing the user to
    work as they know how to, transparently. A detailed desription of how to do it
    is here on AO[2].


    Todos/To solve:
    (i) Server side: SSH server
    (ii) Client side:
    (ii).1 automatise the SSH tunnel creation (the user might have to enter a password once,
    right after startup - this is feasible).
    (ii).2 after creating the SSH tunnel, automatise the mapping of the network drive
    (on the local machine), like "net use z: \\127.0.0.1\sharename"


    Cheers


    [1] http://webdav.org/ and http://support.microsoft.com/default...b;en-us;324046
    [2] http://www.antionline.com/showthread...298#post809298
    [3] http://www.firewallleaktester.com/wwdc.htm
    [4] http://openssh.org/
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by Tiger Shark
    Windows File Sharing is perfectly safe on a network that is firewalled, (properly), from the public network and suitably protected from viruses.

    If it isn't then it is a problem.... I would recommend properly protecting the perimeter and allowing Windows to work the way it is supposed to rahther than trying to mess with it which will only make your life difficult in the end.
    IMHO, Tiger Shark has it right...unless you have explicit needs that absolutely preclude RPC, you are better off using the standard windows network file sharing technology...assuming you are inside a protected network and ustilizing the standard precautions.

    My $0.02. Best of luck!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    Senior Member
    Join Date
    Dec 2001
    Posts
    319
    If you're just wanting to shutdown the RPC service, keep in mind that in WinXP, you can't. WinXP won't work without the RPC service. Sucks, I know. Best thing to do would be to block it with a firewall, and set the exceptions to your network IP range.

  9. #9
    Junior Member
    Join Date
    Sep 2004
    Posts
    6
    Thanks so much for the replies! I will take your advice and just implement a firewall.

    Take care All!
    sd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •