Secure file sharing on a wirelsss network?
#1
Secure file sharing on a wirelsss network?
I thought this would be an easy research but it's not proved to be so. I have a couple of XP PCs at home on a wireless network. I want to share files and printers but be secure from the ravages of the net. The net connection is a router/switch/AP/ADSL modem combo, (NATed and firewalled). All PCs run Kerio firewall.
In order to share files I have to add the local lan 192.168.x.x. IP address range into Kerio as a "trusted" network. In my view this means that I've now opened up everything beyond the router and am now 100% relient upon the router's security. Something I'm not happy with.
Am I doing this right? Is there a way to still share files but be more secure?
TIA
In order to share files I have to add the local lan 192.168.x.x. IP address range into Kerio as a "trusted" network. In my view this means that I've now opened up everything beyond the router and am now 100% relient upon the router's security. Something I'm not happy with.
Am I doing this right? Is there a way to still share files but be more secure?
TIA
#2
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
True about the trusted network. If you lock down the ports and only allow the file transfer ad printer ports on the firewall, then you've certainly reduced your risk. Do you have a firewall on the DSL modem / router ? If so, you could enable this too. The other thing here is to assess the level of risk. I assume that you are using encryption on your wireless connection? Personally I think you've got more security in place than I've seen in many commercial networks!
#3
Scooby Regular
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Jubal
I thought this would be an easy research but it's not proved to be so. I have a couple of XP PCs at home on a wireless network. I want to share files and printers but be secure from the ravages of the net. The net connection is a router/switch/AP/ADSL modem combo, (NATed and firewalled). All PCs run Kerio firewall.
In order to share files I have to add the local lan 192.168.x.x. IP address range into Kerio as a "trusted" network. In my view this means that I've now opened up everything beyond the router and am now 100% relient upon the router's security. Something I'm not happy with.
Am I doing this right? Is there a way to still share files but be more secure?
TIA
In order to share files I have to add the local lan 192.168.x.x. IP address range into Kerio as a "trusted" network. In my view this means that I've now opened up everything beyond the router and am now 100% relient upon the router's security. Something I'm not happy with.
Am I doing this right? Is there a way to still share files but be more secure?
TIA
However, one possible weak point is the fact that you are using WiFi equipment. What security measures have you taken to prevent unauthorised use of that section of your network?
#4
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
I took the router option about 6 months back, a draytek vigour 2600g. I dont use any software firewall not even the windows one and have never had any problems. All the PC's are behind the NAT mechanism of the router (only allow in what you send out), this in itself acts like a good incoming SPI firewall.
I have however limited outgoing ports on each PC to only allow what that PC needs, my dads laptop for example is only allowed outgoing tcp 80 and 443 for HTTP and HTTPS and UDP port 53 for DNS lookups. Everything else is blocked. My router allows me to do this but not all do
Wireless is WPK/PSK only with a hidden SSID and Mac Filtering enabled.
PC's have anti-virus and strong login and local admin passwords.
This is fine with my network as I can trust the local network computers, but with this configuration PC's on the local network are open to attack from other PC's on the local network. Internet (external) should be fine
I could put the windows sp2 firewall on and enable file and print sharing but this in itself opens the PC to attack on the local network also
you could check the security on the net at certain sites like
www.symantec.com/cgi-bin/securitycheck.cgi
this should give you some peace of mind unless it says you are exposed
Another factor is what services you are running on the pc's, if you are constantly running P2P apps and the like this will increase the chances of viruses and attacks etc.
I have however limited outgoing ports on each PC to only allow what that PC needs, my dads laptop for example is only allowed outgoing tcp 80 and 443 for HTTP and HTTPS and UDP port 53 for DNS lookups. Everything else is blocked. My router allows me to do this but not all do
Wireless is WPK/PSK only with a hidden SSID and Mac Filtering enabled.
PC's have anti-virus and strong login and local admin passwords.
This is fine with my network as I can trust the local network computers, but with this configuration PC's on the local network are open to attack from other PC's on the local network. Internet (external) should be fine
I could put the windows sp2 firewall on and enable file and print sharing but this in itself opens the PC to attack on the local network also
you could check the security on the net at certain sites like
www.symantec.com/cgi-bin/securitycheck.cgi
this should give you some peace of mind unless it says you are exposed
Another factor is what services you are running on the pc's, if you are constantly running P2P apps and the like this will increase the chances of viruses and attacks etc.
Last edited by mike1210; 07 August 2005 at 05:36 PM.
#5
Thanks guys. The router I use is a Linksys which has a firewall etc. Wireless fully encrypted, hidden SSID, mac filtering. I guess I'll follow Mike and Chris and lock down the ports. It'll minimise the holes I guess. Not sure what I was expecting but I thought it would be neater somehow. TVM.
Thread
Thread Starter
Forum
Replies
Last Post
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM