-
December 29th, 2004, 09:29 PM
#1
Junior Member
Windows File Sharing Alternative
Hey all, I was wondering if anyone knows of an alternative to windows file sharing. I am looking for a secure method of transferring files between my Windows 2000 Advanced Server and my windows xp machines. Since the windows xp users are basic users this process needs to be hidden.
My main problem is windows RPC, which is used by file sharing. I really don't want to leave it open unless I have to as its rich in security flaws.
Any ideas or a shove in the right direction would be great!
Thanks for Your Help!
-
December 29th, 2004, 09:43 PM
#2
What are these files.......data or applications?
Are the files requested by the users, or are you pushing them down to the XP boxes?
-
December 29th, 2004, 09:55 PM
#3
Junior Member
Hey, Thanks for the response.
Only files will be offered to the users. I would like a folder to be placed on their desktop that will link them to the files located on the server. So all important files will be centrally stored for backup purposes. This folder should be readable and writable by the users though.
Hope that answers your question.
Thanks!
-
December 29th, 2004, 10:23 PM
#4
Have you looked at products such as Citrix?
Solutions I have seen in the defence industry involve a separate secure network, although that is probably overkill.
I would have thought that if your server is secure (AV, IDS, Firewall etc.), you should be safe?
-
December 29th, 2004, 10:33 PM
#5
Windows File Sharing is perfectly safe on a network that is firewalled, (properly), from the public network and suitably protected from viruses.
If it isn't then it is a problem.... I would recommend properly protecting the perimeter and allowing Windows to work the way it is supposed to rahther than trying to mess with it which will only make your life difficult in the end.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 29th, 2004, 10:37 PM
#6
Hi
Apart from considerations about LAN/WAN/external access, this is
a general proposal.
3th party products
Unfortunately, I have no experience with 3th party products like
WebDAV[1], hence cannot recommend it. You may give it a try
nevertheless, although this is not a transparent solution.
Briefly: WebDAV stands for "Web-based Distributed Authoring and Versioning".
It is a set of extensions to the HTTP protocol which allows users to collaboratively
edit and manage files on remote web servers.
You won't have that "network drive" icon to work with.
I try to sketch another solution, based on samba over ssh[2].
RPC port and filesharing?
Note, that you can disable Port 135 ("RPC listener") (and 445 at the same time)
using a tool wwdc[3]. At this stage, let us enable NetBIOS over TCP/IP
(Port 137-139). There are security implications, but continue reading.
The idea I propose is the following:
Allow 137-139 locally only (local IP and 127.0.0.1), create a SSH tunnel (Port 22)
to your Win2000 advanced server (e.g. OpenSSH[4]), and tunnel the file sharing traffic.
Advantages:
Although 137-139 is listening (however local only, blocked by firewall to "external" IPs
completely), you can create a standard "network drive" securely, allowing the user to
work as they know how to, transparently. A detailed desription of how to do it
is here on AO[2].
Todos/To solve:
(i) Server side: SSH server
(ii) Client side:
(ii).1 automatise the SSH tunnel creation (the user might have to enter a password once,
right after startup - this is feasible).
(ii).2 after creating the SSH tunnel, automatise the mapping of the network drive
(on the local machine), like "net use z: \\127.0.0.1\sharename"
Cheers
[1] http://webdav.org/ and http://support.microsoft.com/default...b;en-us;324046
[2] http://www.antionline.com/showthread...298#post809298
[3] http://www.firewallleaktester.com/wwdc.htm
[4] http://openssh.org/
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
December 30th, 2004, 05:05 PM
#7
Originally posted here by Tiger Shark
Windows File Sharing is perfectly safe on a network that is firewalled, (properly), from the public network and suitably protected from viruses.
If it isn't then it is a problem.... I would recommend properly protecting the perimeter and allowing Windows to work the way it is supposed to rahther than trying to mess with it which will only make your life difficult in the end.
IMHO, Tiger Shark has it right...unless you have explicit needs that absolutely preclude RPC, you are better off using the standard windows network file sharing technology...assuming you are inside a protected network and ustilizing the standard precautions.
My $0.02. Best of luck!
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
December 31st, 2004, 01:48 AM
#8
If you're just wanting to shutdown the RPC service, keep in mind that in WinXP, you can't. WinXP won't work without the RPC service. Sucks, I know. Best thing to do would be to block it with a firewall, and set the exceptions to your network IP range.
-
December 31st, 2004, 07:17 AM
#9
Junior Member
Thanks so much for the replies! I will take your advice and just implement a firewall.
Take care All!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|