Following on from my previous thread, my friends now have a secure wireless connection with my PC. This is to enable them to access the internet. However, can anyone tell me whether this now allows them to access the data on my computer, which, of course, I don't want. I have Windows Firewall as a standard for my own internet connections, but I'm not sure that this would prevent them access.

I do trust them obviously, otherwise I wouldn't allow them access. But I do want to protect my computer's privacy.

Anyone any thoughts?

I could be wrong but for them to view your files/folders, you must allow access to them yourself. I think you can do this by right-clicking a folder and allowing to share it. If you have not done this they cant see it.

Thanks for that- I should have mentioned a further complication- I have a laptop myself that I wish to share files with from time to time. Trouble is, if I enable sharing with my own laptop, presumably the other computers can read my files as well?

XP? If so, when you set up file sharing, you create in effect a folder called my network places which is the only location that the other pc can look in. So you only drop in the files that you want them to have access in there & you'll be ok.

Can I set up what would be an outgoing firewall, that allows only my laptop to "see" my shared files?

Just as a matter of interest the BBC showed a demo recently of a freely available download from the internet cracking a 128 bit wep code in around 10 mnutes. Secure? Think again

I think you can block IP addresses in xp via the firewall & your anti virus should allow it & a router will certainly allow it. Any of those methods can be used to limit connections to a networked machine.

To clarify, in XP there are a number of things that need to be in place before you can share files over a network SECURELY.

1) XP Pro - to be able to implement NTFS file security on a per-user basis

2) NTFS - to be able to assign individual users access rights to files & directories

3) File and printer sharing to be enabled - to create Shares

4) network connection configured

Assuming that the network is in place, and one computer can see another, and Shares have been created, then anyone can see the contents of the share.

UNLESS you configure user-level access rights using Security - that means that files can only be viewed by those providing a valid username and password - EVEN if the Share itself is setup to allow All Users full access.

Distinguish between Sharing and Security - put simply, Shares define What can be seen over the network, while Security defines Who can access them. Yes, it is not quite as simple as that, but it is not too far off the mark.

Of course it is possible to have Share-level access control only (this is a key difference between XP Home and XP Pro), and you can only have this with FAT 32, as it doesn't support file security.

There's lots of good info about this in the XP help and the MS website.

I hope that has helped, not muddied the water!


SD

Well, what I've done is to switch off File Sharing on my C and F drives, which I used to share with my laptop. If I find that I need to share files in the next wee while, I'll switch File Sharing back on again. This leaves my friends with access only to the Internet, via my router, per BRL's comment above. Am I right??

Yes.

There are better ways of achieving what you want, without losing your own ability to share files (using windows firewall and/or file-level security), but if you are comfortable with how you are doing it, that's fine!

Make sure that you turn of F&PS on your laptop too, btw.

SD

Just spotted this on the BBC website:

Wi-fi security system is 'broken'

http://news.bbc.co.uk/1/hi/technology/7052223.stm

Somewhat of a "scare-mongering" article. Refers purely to WEP.

But then we all know journos on THIS site, don't we!

Yes, WEP security is no longer much of a deterrent, as highlighted many times here on this forum. WPA (or better still WPA2) is necessary to be reasonably secure.

While anyone snooping the WEP-enabled network traffic could see packets from your computer to the access point, any such packets that are encrypted by IPSec (e.g. https) will still be encrypted, and nigh-on impossible to crack.

Also, providing that you have reasonable security on your PC (no open access), your PC and its data will also be reasonably impervious to snooping, even if the WEP key is broken.

But obviously it is much the best to implement WPA - and probably a wise investment to upgrade any wifi components that don't currently support it (OS, wifi cards and the wifi access point).

SD

Mind you the IPs themselves don't help, I recently upgraded my BT account to include VOIP. BT sent me a new Router that I could plug the VOIP phone into.
Reading the manual there is no mention of WPA at all, it suggests that for encryption you should enter the serial number of the router into the WEP encryption box (it's about 10 digits long) . :ugh:

I had to dig about in the routers set up to find the WPA section.

From the Beeb article:
While the chance that someone will piggyback on your wi-fi network is low, there have been cases in the UK where this has happened.

In a block of flats I would think quite the reverse. One has heard of people (without malicious intent) using others WiFi internet access.
It is astonishing how many users permit their router to broadcast its SSID and also fail to restrict it to authorised MAC numbers (which I believe is also known as Physical Address).

I am led to believe that WPA can be cracked as well, it takes some special software, time, and a dictionary. The way to beat that is to make up your password, and replace letters with numbers.

For home users, you would have to have something special to warrant the attention needed.

There are ways for protecting shared info, however, im not sure how to do that.

So, presumably, even though I've blocked File Sharing, anyone in the vicinity can pick up my wireless signal, and go on to the internet through it?

If so, what else do I need to do (step by step- I'm not well versed with the nomenclature and initials of the router set-up!)

Thanks,

Tosh

There's a wonderful little (freeware) program called "NetStumbler" which will convert your wireless laptop into a WiFi scanner. I've used this and gone for a drive round the local area with very interesting results. About 25-30% of all WiFi connections have NO security at all, and more worryingly some folk change the SSID to their name or house number!!!! Why not just put a big illuminated sign on the roof saying "I've got a computer, please break in"
I suspect that many customers get their "free wireless router" and have no idea that it will be enabled by default, thereby making their internet connection available to all. I have WPA and MAC code addressing setup, I also turn the router off at night or when it's not being used for a while.

Tosh - the best thing will be to follow the instructions for your router, to set up a type of security called WPA/TKIP. WEP, the older security type, keeps out casual snoopers, but can be cracked by someone who really wants to. We can't give you step-by-step instructions, since every router is different, but if you look for something like a "wireless security" page, it ought to be straightforward.

Once you do that, Windows will ask you for the key you put in to the router, before it will let connect. Or, if your PC has extra wireless hardware configuration bits installed, you need to follow the instructions for that.

Effin PPRuNe!!!
I'd just written a description of how to disable SSID broadcast, MAC address etc - when I tried to post the server had logged me out and lost all the work :ugh:

Thanks anyway, Basil, but if it's any consolation, I now type all my input in Word, and then copy and paste onto the web. Much easier to edit in Word anyway!!

when I tried to post the server had logged me out and lost all the work

Done that! But the solution is to log back in at the page which is then displayed, then go back using the 'back' button at the top left of the browser. This displays your typed in text, which you can submit using the button as usual.

That way nothing is lost.

PM

pilotmike,
Thanks for the pointer.
I thought I'd tried something like that but must have had a bit of finger trouble :uhoh:

Basil - "when I tried to post the server had logged me out"

Confirm you are ticking the 'remember me' box and have cookies enabled for the site? You should then stay 'logged in'.