Securing a stand-alone computer is challenging enough, but when you begin connecting computers in a network, the security risks increase dramatically. Setting up a secure network requires that you strike a delicate balance between providing authorized users with easy access to shared resources and locking out those who have no business poking around in your files.
In this chapter, we discuss procedures for setting up and securing a local area network (LAN) over which you have administrative rights. Our focus is on computers that are part of a small group, whether in your home, in a small office, or in a department within a larger enterprise. In this scenario, users often have a need to share some resources freely and a corresponding need to protect personal and confidential information from other users on the same network. (On large networks, you're more likely to be part of a Microsoft Windows domain, with dedicated servers and a staff of support professionals whose sole job is keeping the network running smoothly.)
After your LAN is up and running, you can choose one of several ways to configure the network so that all computers can access the Internet, making it a wide area network (WAN). Although we briefly touch on issues related to the LAN-to-WAN connection in this chapter, a full discussion of the subject is in Chapter 15, "Sharing an Internet Connection."
Security Checklist
--------------------------------------------------------------------------------
Don't let your network fall prey to outside attackers. Follow these steps to secure your borders.
On a computer running Windows XP, use the Network Setup Wizard to configure your network properly. This wizard sets permissions, enables file sharing, configures the Guest account, and turns on the Internet Connection Firewall, if needed.
If you share an Internet connection through a hub or switch (not a recommended configuration) disable sharing on TCP/IP and install IPX/SPX instead.
Disable file sharing on your Internet connection.
On a computer running Windows XP Professional, consider disabling Simple File Sharing for extra security.
Don't share the root folder of any drive unless that drive contains only nonsensitive data files.
On systems that contain extremely sensitive data, consider disabling all administrative shares.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment