Wireless security regarding files

My wireless network is secured using WPA-PSK TKIP but there has been some
publicity here in the UK over the last few days regarding unsecured
networks. Most of it revolves around the intruder gaining access to the
internet through unsecured networks but there has been mention of people
being able to gain access into the computer.

My understanding is that no-one can get into my files or folders unless I
*specifically and conciously* set up a share for those. I have "Printer and
File Sharing" enabled and my printer is actively shared (as denoted by the
"hand" icon under it) but I have not actively shared any other files or
folders and I had always believed these to be "safe" - am I wrong?

John

"John" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> My wireless network is secured using WPA-PSK TKIP but there has been some
> publicity here in the UK over the last few days regarding unsecured
> networks. Most of it revolves around the intruder gaining access to the
> internet through unsecured networks but there has been mention of people
> being able to gain access into the computer.
>
> My understanding is that no-one can get into my files or folders unless I
> *specifically and conciously* set up a share for those. I have "Printer
> and File Sharing" enabled and my printer is actively shared (as denoted by
> the "hand" icon under it) but I have not actively shared any other files
> or folders and I had always believed these to be "safe" - am I wrong?
>
> John
>

In addition to what you have done I also recommend configuring the XP SP2
Windows Firewall (or any other software firewall) to block all incoming
traffic, ie. set for No Exceptions, on any laptop you might own.

http://theillustratednetwork.mvps.or...Exceptions.JPG

As far as desktops are concerned I configure each desktop, wireless or
otherwise, to only allow File & Print Sharing access only from specific
local LAN IP addresses or VPN client addresses.

http://theillustratednetwork.mvps.or...ustomScope.JPG

With Vista the OS is smart enough to change from a public network to a
private network when I connect to my home wireless LAN. The private network
completely blocks incoming probes, while the private network allows File &
Print Sharing, etc. That works very well IMHO...

http://www.microsoft.com/technet/com...uy/cg0906.mspx

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Sooner Al [MVP]" <(E-Mail Removed)> wrote in message
news:AE1DE878-B1B4-4E61-BBE7-(E-Mail Removed)...
> "John" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> My wireless network is secured using WPA-PSK TKIP but there has been some
>> publicity here in the UK over the last few days regarding unsecured
>> networks. Most of it revolves around the intruder gaining access to the
>> internet through unsecured networks but there has been mention of people
>> being able to gain access into the computer.
>>
>> My understanding is that no-one can get into my files or folders unless I
>> *specifically and conciously* set up a share for those. I have "Printer
>> and File Sharing" enabled and my printer is actively shared (as denoted
>> by the "hand" icon under it) but I have not actively shared any other
>> files or folders and I had always believed these to be "safe" - am I
>> wrong?
>>
>> John
>>
>
> In addition to what you have done I also recommend configuring the XP SP2
> Windows Firewall (or any other software firewall) to block all incoming
> traffic, ie. set for No Exceptions, on any laptop you might own.
>
> http://theillustratednetwork.mvps.or...Exceptions.JPG
>
> As far as desktops are concerned I configure each desktop, wireless or
> otherwise, to only allow File & Print Sharing access only from specific
> local LAN IP addresses or VPN client addresses.
>
> http://theillustratednetwork.mvps.or...ustomScope.JPG
>
> With Vista the OS is smart enough to change from a public network to a
> private network when I connect to my home wireless LAN. The private
> network completely blocks incoming probes, while the private network
> allows File & Print Sharing, etc. That works very well IMHO...
>
> http://www.microsoft.com/technet/com...uy/cg0906.mspx
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>

CORRECTION...

The last sentence should read... Note the change to "public" in the second
word...

"The public network completely blocks incoming probes, while the private
network allows File & Print Sharing, etc."

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

John wrote:
> My wireless network is secured using WPA-PSK TKIP but there has been some
> publicity here in the UK over the last few days regarding unsecured
> networks. Most of it revolves around the intruder gaining access to the
> internet through unsecured networks but there has been mention of people
> being able to gain access into the computer.
>
> My understanding is that no-one can get into my files or folders unless I
> *specifically and conciously* set up a share for those. I have "Printer and
> File Sharing" enabled and my printer is actively shared (as denoted by the
> "hand" icon under it) but I have not actively shared any other files or
> folders and I had always believed these to be "safe" - am I wrong?
>
> John
>
>

The only way to really protect a computer system from attack is to not
connect it to any other systems. And even then, it's vulnerable to
attack by an authorized insider.

Of course, disconnecting your computer from the Internet is antithetical
to what you probably bought your computer for in the first instance.

With a computer connected to the Internet, there is no way that you can
*guarantee* that information stored on the computer can not be accessed
or compromised by unauthorized intruders. The best that you can do is
to make such activity as difficult as possible. The recommended path to
achieving this goal is to use what is called a "layered" approach to
security. The NTFS file system available in Windows XP provides tools
-- access permissions -- to implement one layer of protection.
Encrypting your wireless transmissions provides another. For more
information, see
http://nitecruzr.blogspot.com/2005/0...ayer-your.html
or
http://www.google.com/search?hl=en&q...ty&btnG=Search

Are you "safe"? Depends on what you mean and how far you're willing to
go. Rent Marathon Man: http://www.imdb.com/title/tt0074860/

--
Lem MS MVP -- Networking

To the moon and back with 64 Kbits of RAM and 512 Kbits of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer

"Lem" <(E-Mail Removed)> wrote in message
news:uQe%(E-Mail Removed)...
> John wrote:
>> My wireless network is secured using WPA-PSK TKIP but there has been some
>> publicity here in the UK over the last few days regarding unsecured
>> networks. Most of it revolves around the intruder gaining access to the
>> internet through unsecured networks but there has been mention of people
>> being able to gain access into the computer.
>>
>> My understanding is that no-one can get into my files or folders unless I
>> *specifically and conciously* set up a share for those. I have "Printer
>> and File Sharing" enabled and my printer is actively shared (as denoted
>> by the "hand" icon under it) but I have not actively shared any other
>> files or folders and I had always believed these to be "safe" - am I
>> wrong?
>>
>> John
>
> The only way to really protect a computer system from attack is to not
> connect it to any other systems. And even then, it's vulnerable to attack
> by an authorized insider.
>
> Of course, disconnecting your computer from the Internet is antithetical
> to what you probably bought your computer for in the first instance.
>
> With a computer connected to the Internet, there is no way that you can
> *guarantee* that information stored on the computer can not be accessed or
> compromised by unauthorized intruders. The best that you can do is to
> make such activity as difficult as possible. The recommended path to
> achieving this goal is to use what is called a "layered" approach to
> security. The NTFS file system available in Windows XP provides tools --
> access permissions -- to implement one layer of protection. Encrypting
> your wireless transmissions provides another. For more information, see
> http://nitecruzr.blogspot.com/2005/0...ayer-your.html
> or
> http://www.google.com/search?hl=en&q...ty&btnG=Search
>
> Are you "safe"? Depends on what you mean and how far you're willing to
> go. Rent Marathon Man: http://www.imdb.com/title/tt0074860/

Thanks Al, and you too Lem. I actually use the free version of ZoneAlarm as
my preferred firewall (rather than XP's own) because it monitors outgoing
traffic as well as incoming, but I was really just asking in a general
sense.

A piece on a TV news slot showed a guy sat in a car with a laptop getting
access into various folders and files of someone's machine, then knocking on
the door to alert the owner that they had a completely unprotected system. I
knew that it's possible to jump on an unencrypted wireless connection to get
out to the internet, but I didn't know it was possible to get in to the
computer without having specific shares set up. I'll have a good read of the
links you've provided.

Cheers,

John