How do I share files (securely) using wifi modem/router?

I connect to the internet via a Netgear wifi modem/router.
My own PC (Win98SE) is connected to this by wire, my wife's
laptop(WinXPSP2) is connected by wifi.
This works OK - both machines can access the internet fine.
But,I would like to be able to send files from the PC to the laptop.

How do I congifure things to enable files to be sent from the PC to
the laptop without have the laptop or PC vulnerable on the internet?

I would appreciate any help

Regards,
Terry

On 16 Jul 2006 01:08:44 GMT, Terry <(E-Mail Removed)> wrote in
<Xns98022032948E0handmadeoperamailco@193.252.117.1 83>:

>I connect to the internet via a Netgear wifi modem/router.
>My own PC (Win98SE) is connected to this by wire, my wife's
>laptop(WinXPSP2) is connected by wifi.
>This works OK - both machines can access the internet fine.
>But,I would like to be able to send files from the PC to the laptop.
>
>How do I congifure things to enable files to be sent from the PC to
>the laptop without have the laptop or PC vulnerable on the internet?

At a minimum, you should:

(a) use WPA on your wireless with a strong passphrase (at least 20
characters, 30 is better);

(b) use strong passwords on all your shares (at least 12 random
characters);

(c) not open "holes" in your wireless router to computers on your LAN,
or use the horribly misnamed "DMZ" feature;

(d) use software ("personal") firewalls on all computers.

See "Making File and Printer Sharing Safer in Windows XP Service Pack 2"
<http://www.microsoft.com/windowsxp/using/security/learnmore/sp2firewall.mspx>

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

Terry <(E-Mail Removed)> wrote:

> I connect to the internet via a Netgear wifi modem/router.
> My own PC (Win98SE) is connected to this by wire, my wife's
> laptop(WinXPSP2) is connected by wifi.
> This works OK - both machines can access the internet fine.
> But,I would like to be able to send files from the PC to the laptop.
>
> How do I congifure things to enable files to be sent from the PC to
> the laptop without have the laptop or PC vulnerable on the internet?

If the router provides NAT, you can use Windows File Sharing.

(E-Mail Removed) (Axel Hammerschmidt) wrote in
news:1hin1zs.1fjyqge1shwvywN%(E-Mail Removed):

> Terry <(E-Mail Removed)> wrote:
>
>> I connect to the internet via a Netgear wifi modem/router.
>> My own PC (Win98SE) is connected to this by wire, my wife's
>> laptop(WinXPSP2) is connected by wifi.
>> This works OK - both machines can access the internet fine.
>> But,I would like to be able to send files from the PC to the
>> laptop.
>>
>> How do I congifure things to enable files to be sent from the
>> PC to the laptop without have the laptop or PC vulnerable on
>> the internet?
>
> If the router provides NAT, you can use Windows File Sharing.

Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3
as IP for my PC and the laptop.

If I now enable 'file and printer sharing' on both machines, will
this be safe regarding unwanted access via the internet?
Is it possible/necessary to limit access to just the two machines?


Thanks,

Terry

On 19 Jul 2006 01:49:23 GMT, Terry <(E-Mail Removed)> wrote in
<Xns98052717F9157handmadeoperamailco@193.252.117.1 83>:

>(E-Mail Removed) (Axel Hammerschmidt) wrote in
>news:1hin1zs.1fjyqge1shwvywN%(E-Mail Removed):
>
>> Terry <(E-Mail Removed)> wrote:
>>
>>> I connect to the internet via a Netgear wifi modem/router.
>>> My own PC (Win98SE) is connected to this by wire, my wife's
>>> laptop(WinXPSP2) is connected by wifi.
>>> This works OK - both machines can access the internet fine.
>>> But,I would like to be able to send files from the PC to the
>>> laptop.
>>>
>>> How do I congifure things to enable files to be sent from the
>>> PC to the laptop without have the laptop or PC vulnerable on
>>> the internet?
>>
>> If the router provides NAT, you can use Windows File Sharing.
>
>Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3
>as IP for my PC and the laptop.
>
>If I now enable 'file and printer sharing' on both machines, will
>this be safe regarding unwanted access via the internet?

No.

>Is it possible/necessary to limit access to just the two machines?

See my prior response.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

John Navas <(E-Mail Removed)> wrote:

> On 19 Jul 2006 01:49:23 GMT, Terry <(E-Mail Removed)> wrote in
> <Xns98052717F9157handmadeoperamailco@193.252.117.1 83>:
>
> >(E-Mail Removed) (Axel Hammerschmidt) wrote in
> >news:1hin1zs.1fjyqge1shwvywN%(E-Mail Removed):
> >
> >> Terry <(E-Mail Removed)> wrote:

<snip>

> >>> How do I congifure things to enable files to be sent from the
> >>> PC to the laptop without have the laptop or PC vulnerable on
> >>> the internet?
> >>
> >> If the router provides NAT, you can use Windows File Sharing.
> >
> >Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3
> >as IP for my PC and the laptop.
> >
> >If I now enable 'file and printer sharing' on both machines, will
> >this be safe regarding unwanted access via the internet?
>
> No.

The OP stipulates "on the internet" and "via the internet". Since when
has a PC behind a router with NAT been accessable from the internet?

On Thu, 20 Jul 2006 14:14:56 +0200, (E-Mail Removed) (Axel
Hammerschmidt) wrote in <1his1we.1t6lo0c1jzz0wcN%(E-Mail Removed)>:

>John Navas <(E-Mail Removed)> wrote:
>
>> On 19 Jul 2006 01:49:23 GMT, Terry <(E-Mail Removed)> wrote in
>> <Xns98052717F9157handmadeoperamailco@193.252.117.1 83>:
>>
>> >(E-Mail Removed) (Axel Hammerschmidt) wrote in
>> >news:1hin1zs.1fjyqge1shwvywN%(E-Mail Removed):
>> >
>> >> Terry <(E-Mail Removed)> wrote:
>
><snip>
>
>> >>> How do I congifure things to enable files to be sent from the
>> >>> PC to the laptop without have the laptop or PC vulnerable on
>> >>> the internet?
>> >>
>> >> If the router provides NAT, you can use Windows File Sharing.
>> >
>> >Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3
>> >as IP for my PC and the laptop.
>> >
>> >If I now enable 'file and printer sharing' on both machines, will
>> >this be safe regarding unwanted access via the internet?
>>
>> No.
>
>The OP stipulates "on the internet" and "via the internet". Since when
>has a PC behind a router with NAT been accessable from the internet?

There are ways to get through NAT (PAT) from the outside (and before you
ask, I'm not going to detail that here). Marketing claims
notwithstanding, NAT alone is not as effective as a real SPI firewall.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

John Navas <(E-Mail Removed)> wrote:

> On Thu, 20 Jul 2006 14:14:56 +0200, (E-Mail Removed) (Axel
> Hammerschmidt) wrote in <1his1we.1t6lo0c1jzz0wcN%(E-Mail Removed)>:
>
> >John Navas <(E-Mail Removed)> wrote:
> >
> >> On 19 Jul 2006 01:49:23 GMT, Terry <(E-Mail Removed)> wrote in
> >> <Xns98052717F9157handmadeoperamailco@193.252.117.1 83>:

<snip>

> >> >Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3
> >> >as IP for my PC and the laptop.
> >> >
> >> >If I now enable 'file and printer sharing' on both machines, will
> >> >this be safe regarding unwanted access via the internet?
> >>
> >> No.
> >
> >The OP stipulates "on the internet" and "via the internet". Since when
> >has a PC behind a router with NAT been accessable from the internet?
>
> There are ways to get through NAT (PAT) from the outside (and before you
> ask, I'm not going to detail that here).

You answered "no" to being "safe regarding unwanted access via the
internet" when file and printer sharing are enabled. Now you vaguely
refer to something you call "ways to get through NAT". And then you try
to duck out by pretending that you could somehow be able "to detail that
here".

Are you not really a wannabee, Mr Navas?

http://catb.org/jargon/html/W/wannabee.html

> Marketing claims notwithstanding, NAT alone is not as effective as a real
> SPI firewall.

Again, the difference between network address translation and statefull
packet inspection has nothing to do with the question you answered "no"
to.

A link explaining NAT- and SPI firewalls:

http://www.practicallynetworked.com/...g/firewall.htm

(E-Mail Removed) (Axel Hammerschmidt) wrote in
news:1hisn7b.zy2oit14k1juqN%(E-Mail Removed):

> John Navas <(E-Mail Removed)> wrote:
>
>> On Thu, 20 Jul 2006 14:14:56 +0200, (E-Mail Removed) (Axel
>> Hammerschmidt) wrote in
>> <1his1we.1t6lo0c1jzz0wcN%(E-Mail Removed)>:
>>
>> >John Navas <(E-Mail Removed)> wrote:
>> >
>> >> On 19 Jul 2006 01:49:23 GMT, Terry <(E-Mail Removed)>
>> >> wrote in
>> >> <Xns98052717F9157handmadeoperamailco@193.252.117.1 83>:
>
> <snip>
>
>> >> >Yes, the router has NAT - I have set 192.168.0.2 and
>> >> >192.168.0.3 as IP for my PC and the laptop.
>> >> >
>> >> >If I now enable 'file and printer sharing' on both
>> >> >machines, will this be safe regarding unwanted access via
>> >> >the internet?
>> >>
>> >> No.
>> >
>> >The OP stipulates "on the internet" and "via the internet".
>> >Since when has a PC behind a router with NAT been accessable
>> >from the internet?
>>
>> There are ways to get through NAT (PAT) from the outside (and
>> before you ask, I'm not going to detail that here).
>
> You answered "no" to being "safe regarding unwanted access via
> the internet" when file and printer sharing are enabled. Now you
> vaguely refer to something you call "ways to get through NAT".
> And then you try to duck out by pretending that you could
> somehow be able "to detail that here".
>
> Are you not really a wannabee, Mr Navas?
>
> http://catb.org/jargon/html/W/wannabee.html
>
>> Marketing claims notwithstanding, NAT alone is not as effective
>> as a real SPI firewall.
>
> Again, the difference between network address translation and
> statefull packet inspection has nothing to do with the question
> you answered "no" to.
>
> A link explaining NAT- and SPI firewalls:
>
> http://www.practicallynetworked.com/...g/firewall.htm

The router I'm using (Netgear DG834G) uses SPI according to the
spec.

As there's no reason anyone would want to target my PC, am I safe
from a random or casual attack, as regards having 'file and printer
sharing' enabled?

And, just out of interest, is it really possible for someone to get
past NAT and access to files?

Regards,

Terry

On 20 Jul 2006 22:23:59 GMT, Terry <(E-Mail Removed)> wrote in
<Xns980744552318handmadeoperamailco@193.252.117.18 3>:

>(E-Mail Removed) (Axel Hammerschmidt) wrote in
>news:1hisn7b.zy2oit14k1juqN%(E-Mail Removed):
>
>> John Navas <(E-Mail Removed)> wrote:

>>> There are ways to get through NAT (PAT) from the outside (and
>>> before you ask, I'm not going to detail that here).
>>
>> You answered "no" to being "safe regarding unwanted access via
>> the internet" when file and printer sharing are enabled. Now you
>> vaguely refer to something you call "ways to get through NAT".
>> And then you try to duck out by pretending that you could
>> somehow be able "to detail that here".
>>
>> Are you not really a wannabee, Mr Navas?
>>
>> http://catb.org/jargon/html/W/wannabee.html
>>
>>> Marketing claims notwithstanding, NAT alone is not as effective
>>> as a real SPI firewall.
>>
>> Again, the difference between network address translation and
>> statefull packet inspection has nothing to do with the question
>> you answered "no" to.
>>
>> A link explaining NAT- and SPI firewalls:
>>
>> http://www.practicallynetworked.com/...g/firewall.htm
>
>The router I'm using (Netgear DG834G) uses SPI according to the
>spec.

Good. Properly implemented, it *should* be considerably more robust
than NAT alone. (To have real confidence in the firewall, you need
independent certification; e.g., by ICSA Labs.)

>As there's no reason anyone would want to target my PC, am I safe
>from a random or casual attack, as regards having 'file and printer
>sharing' enabled?

Just because you don't think anyone is after you personally, a big
problem is the opportunity to make serious dirty money from zombie
networks. There are lots of such nasty folk out there -- my firewall
(an ICSA-certified SonicWALL) has typically logged multiple attacks per
day, and while many of them are just probes for security
vulnerabilities, some of them are pretty sophisticated. And of course
I have no way of knowing what might not have been logged.

>And, just out of interest, is it really possible for someone to get
>past NAT and access to files?

Here's what Cisco says (in "Anatomy: A Look Inside Network Address
Translators", September 2004):

Learning from NATs
At this stage we can observe a few relevant lessons about NATs:
...
Secondly, a little bit of security is often far worse than no
security. NATs are very poor security devices, and in terms of their
----------------------------------------------------------
behavior with UDP, NATs afford only minor levels of protection. The
---------------------------------------------------------------
task of securing a site from various forms of attack and disruption
remains one of a careful exercise of assessment of acceptable risk
coupled with detailed consideration of site-management functions. NATs
are not a quick way out of this effort.

<http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-3/anatomy.html>

For more context, see Section 9.0 (Security Considerations) of RFC 2663
(NAT Terminology and Considerations), a 7-year old document (ancient in
Internet terms). See also tcptraceroute, which can traverse NAT.

I could go on, but as I said before, I'm not going to go into real
detail here. Take that however you wish.


The three laws of prediction:

1. When a distinguished but elderly scientist states that something
is possible, he is almost certainly right. When he states that something
is impossible, he is very probably wrong.

2. The only way of discovering the limits of the possible is to
venture a little way past them into the impossible.

3. Any sufficiently advanced technology is indistinguishable from
magic.

-Arthur C. Clarke

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>