Two networking questons.

Hi all,
I have three pcs, one desktop (Win XP Pro) connected directly to wireless
router (Linksys WRT54G), one desktop (Win XP Pro) connected to network via
Linksys Wireless "B" USB adapter, and a notebook (Win 2000 Pro) connected to
network via Linksys "G" PC card. All pcs have a good internet connection and
share my printers and files just fine with the exception below. I also run
the Windows XP Pro firewall.
There are two "issues" that I would like to figure out:

1. In order to see the files on any pc I have to disable the windows
firewall. Is there a way around this without compromising security?

2. Whenever I try to see a shared folder on the Win 2000 laptop, I am
prompted for a password. There is not password assigned to that pc. It's in
the same workgroup, folder is shared with full access. What am I missing?

Thanks for any help.

Gary

"algae" <(E-Mail Removed)> wrote in message
news:gK4Yb.528490$X%5.344484@pd7tw2no...
> Hi all,
> I have three pcs, one desktop (Win XP Pro) connected directly to wireless
> router (Linksys WRT54G), one desktop (Win XP Pro) connected to network via
> Linksys Wireless "B" USB adapter, and a notebook (Win 2000 Pro) connected
to
> network via Linksys "G" PC card. All pcs have a good internet connection
and
> share my printers and files just fine with the exception below. I also run
> the Windows XP Pro firewall.
> There are two "issues" that I would like to figure out:
>
> 1. In order to see the files on any pc I have to disable the windows
> firewall. Is there a way around this without compromising security?

Allow port 137 to 139 inbound and outbound. You can allow (if your firewall
is capable of) only your local subnet these ports.
>
> 2. Whenever I try to see a shared folder on the Win 2000 laptop, I am
> prompted for a password. There is not password assigned to that pc. It's
in
> the same workgroup, folder is shared with full access. What am I missing?

You need identical username and password across the machines for the shares
that the mentioned user account can access. If \\comp1\test is shared to
"johndoe", johndoe's password must be the same in comp1, comp2, and comp3
for the share to work without additional password prompts. Remember to
adjust NTFS security accordingly. Giving Full permission across a netshare
could increase security risks.

"algae" <(E-Mail Removed)> wrote in
news:gK4Yb.528490$X%5.344484@pd7tw2no:

>
> 1. In order to see the files on any pc I have to disable the windows
> firewall. Is there a way around this without compromising security?


http://www.petri.co.il/block_ping_tr...with_ipsec.htm

The link provids a zip file that can be applied to the O/S(s) that
protects the Win Networking Ports, but also allows the machines to
communicate on the LAN.

IPsec can also block inbound or outbound to and from a machine by port,
protocol, IP, DNS, etc.

http://www.analogx.com/contents/articles/ipsec.htm

You can use Active Ports (free use Google) to watch inbound and outbound
to and from the machine and stop it with IPsec until you find any malware
that's trying to connect outbound.

So, you don't need to enable or install any host based FW(s) on the NT
based O/S(s) since you have the router and IPsec running on them.

http://www.homenethelp.com/web/explain/about-NAT.asp

You should go to the O/S(s) and secure them properly by *hardening* then
to attack.

http://www.uksecurityonline.com/husdg/windows2000.php

use the Host

http://mvps.org/winhelp2002/hosts.htm
http://accs-net.com/hosts/HostsToggle/

Duane




Duane