3 PC SOHO Network setup problem

G

Guest

I am having difficulty getting my home network set up so my wife and I can
access all files/devices from all of our PC’s. Ideally, since I’ve renamed
our 3 PC workgroup (no longer called Workgroup) I would like it set up so
that when we log on to any of the 3 PC’s our ID’s would allow us access to
most, if not all, files/devices in our workgroup. Setting up Sharing on each
of the devices has proved to be hit or miss as to its success. I would also
prefer if I could set it up so only the 3 PC’s on our (renamed) workgroup
have access to any other PC's device.

We have 2 desktop PC’s connected via Ethernet to a D-Link DI-524 (4 port and
wireless) router and a laptop PC that can be Ethernet or wirelessly connected
to the D-Link. The house is well over 300’ from the nearest neighbor or road
so security on the wireless side is not a major concern. The OS’s of each
system is:
Desktop 1 - MS Windows 2000 Pro SP4
Desktop 2 – MS Windows XP Home Ed. SP2
Laptop 1 – MS Windows XP Pro SP2

Our internet connection is via a cable modem connected directly to the
D-Link router, no PC has an internet connection other than through the router.

XP’s Network Setup Wizard has been run on the 2 XP machines but is not
functional on Win2K. What are my options for setting up our private (secure)
network?

TIA,
 
C

Chuck

I am having difficulty getting my home network set up so my wife and I can
access all files/devices from all of our PC’s. Ideally, since I’ve renamed
our 3 PC workgroup (no longer called Workgroup) I would like it set up so
that when we log on to any of the 3 PC’s our ID’s would allow us access to
most, if not all, files/devices in our workgroup. Setting up Sharing on each
of the devices has proved to be hit or miss as to its success. I would also
prefer if I could set it up so only the 3 PC’s on our (renamed) workgroup
have access to any other PC's device.

We have 2 desktop PC’s connected via Ethernet to a D-Link DI-524 (4 port and
wireless) router and a laptop PC that can be Ethernet or wirelessly connected
to the D-Link. The house is well over 300’ from the nearest neighbor or road
so security on the wireless side is not a major concern. The OS’s of each
system is:
Desktop 1 - MS Windows 2000 Pro SP4
Desktop 2 – MS Windows XP Home Ed. SP2
Laptop 1 – MS Windows XP Pro SP2

Our internet connection is via a cable modem connected directly to the
D-Link router, no PC has an internet connection other than through the router.

XP’s Network Setup Wizard has been run on the 2 XP machines but is not
functional on Win2K. What are my options for setting up our private (secure)
network?

TIA,
Click to expand...

Neither Windows 2000 nor Windows XP restrict access by computer, only by
account. XP Home, unfortunately, uses Simple File Sharing, which allows access
only by the Guest account, which means this computer will be open to anyone.

With Simple File Sharing, you'll not be able to access "C:\Program Files",
"C:\Windows", or any of the profile related folders such as "My Documents". All
of those folders require individual user, or administrator access, and Guest
access gives you neither.

The fact that your property is large will not mean a great deal to anyone
determined enough; someone with a well constructed wireless apparatus could
hijack your wireless signal, and possibly access your shared data, just as
easily as someone connecting by Ethernet, sitting as much as a mile away.

Windows XP Home is just not a good idea for a secure WiFi LAN, nor is it for a
LAN where you wish to access all files. If you want to have symmetrical access
between all 3 computers, you'll have to use Simple File Sharing on the Laptop,
activate Guest on all 3 computers, and accept the fact that any data shared to
anybody is accessible by everybody. And the fact that some data (noted above)
will not be available to anybody except by local access.

If I were you, I would disable Simple File Sharing on Laptop, disable the Guest
account on Desktop 1 and Laptop 1, and not use Desktop 2 for file sharing.

To minimally secure your wireless LAN, you should do as many of the following as
possible.

Change the router management password, and disable remote (WAN) management.

Enable WEP (minimal) / WPA (preferable). Use non-trivial (non-guessable) values
for encryption. (No "My dog has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually.

Install a software firewall on every computer. Put manually assigned ip
addresses in the Local (highly trusted) Zone. Open the firewall for file
sharing, only in the Local Zone.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
here). Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking.wireless are good places to start.
 
G

Guest

Thanks for both replies, see responses below. As I say below, my setup should
be pretty common these days, shouldn't it be alot easier to impliment this
functionality?
Bill

Chuck said:
Neither Windows 2000 nor Windows XP restrict access by computer, only by
account. XP Home, unfortunately, uses Simple File Sharing, which allows access
only by the Guest account, which means this computer will be open to anyone.
Click to expand...

== This sucks, I disable Guest for security reasons. You would think my
setup is a pretty common one these days and they would make this
functionality available.
With Simple File Sharing, you'll not be able to access "C:\Program Files",
"C:\Windows", or any of the profile related folders such as "My Documents". All
of those folders require individual user, or administrator access, and Guest
access gives you neither.

The fact that your property is large will not mean a great deal to anyone
determined enough; someone with a well constructed wireless apparatus could
hijack your wireless signal, and possibly access your shared data, just as
easily as someone connecting by Ethernet, sitting as much as a mile away.
Click to expand...

===I'm not going to try and prevent all conceivable possabilities, just the
most likely. I'm in farm country, it's a little too remote for someone to
drive around looking fo a hot-spot, besides, critical data/apps on my PC's
have their own protection.
Windows XP Home is just not a good idea for a secure WiFi LAN, nor is it for a
LAN where you wish to access all files. If you want to have symmetrical access
between all 3 computers, you'll have to use Simple File Sharing on the Laptop,
activate Guest on all 3 computers, and accept the fact that any data shared to
anybody is accessible by everybody. And the fact that some data (noted above)
will not be available to anybody except by local access.

If I were you, I would disable Simple File Sharing on Laptop, disable the Guest
account on Desktop 1 and Laptop 1, and not use Desktop 2 for file sharing.

To minimally secure your wireless LAN, you should do as many of the following as
possible.

Change the router management password, and disable remote (WAN) management.
Click to expand...

====Did this when I set it up.
Enable WEP (minimal) / WPA (preferable). Use non-trivial (non-guessable) values
for encryption. (No "My dog has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.
Click to expand...

===Did this too when setup
Disable DHCP, and assign an address to each computer manually.
Click to expand...

===Cable ISP needs DHCP
Install a software firewall on every computer. Put manually assigned ip
addresses in the Local (highly trusted) Zone. Open the firewall for file
sharing, only in the Local Zone.
Click to expand...

=====Also done
Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice
here). Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.
Click to expand...

===I believe I tried renaming Administrator on the W2Kpro (where all
data/apps needing high security reside) machine but it wouldn't accept a
change, will try again.
 
C

Chuck

Thanks for both replies, see responses below. As I say below, my setup should
be pretty common these days, shouldn't it be alot easier to impliment this
functionality?
Bill



== This sucks, I disable Guest for security reasons. You would think my
setup is a pretty common one these days and they would make this
functionality available.

===I'm not going to try and prevent all conceivable possabilities, just the
most likely. I'm in farm country, it's a little too remote for someone to
drive around looking fo a hot-spot, besides, critical data/apps on my PC's
have their own protection.

====Did this when I set it up.

===Did this too when setup

===Cable ISP needs DHCP

=====Also done

===I believe I tried renaming Administrator on the W2Kpro (where all
data/apps needing high security reside) machine but it wouldn't accept a
change, will try again.
Click to expand...

Bill,

XP Home, and Simple File Sharing, sucks.
<http://nitecruzr.blogspot.com/2005/04/windows-xp-file-sharing-anything-but.html>
XP Home on a wireless LAN is a bad idea.

It is fairly easy to implement this functionality - upgrade to XP Pro.

Other than that, it sounds like you have a good handle on things - short of the
bad guys finding a nearby parking lot to hang out in and hijack your signal,
you're probably safe.

I will comment on one issue which you don't appear to understand.
===Cable ISP needs DHCP
Click to expand...

Whether or not your WAN (connected to your Cable ISP) uses DHCP, you can, and
should, use fixed ip assignment on your LAN. The router makes that possible.
Please use a fixed ip address on your LAN, where you're vulnerable to attack.

Renaming the vulnerable accounts may or may not be a useful strategy. If this
doen't work for you, don't frustrate yourself too much. But do try and use
fixed ip addresses, and turn DHCP off on your LAN.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

simple network configuration 2
Network Gaming 7
Problem with networking 3 XP Pro Computers 4
XP LAN Problem 3
sharing a network folder with users 1
sharing folders with other users 1
Which firewall zones for best network interoperability? 4
Network Novice 3

Top