The Top Five
Here are the top five ways you can improve file sharing security. Hopefully you are already aware of these tips–they’re not new ideas. If not, or you’re just learning, these are some of the fundamental security concepts in file sharing. Other than tip five, these tips apply to any operating system that supports file sharing. These security concepts are important for OSX and Linux just as much as Windows.
5. Disable Default Administrative Shares
One of the more subtle risks that many Windows users are unaware of is the presence of default “Administrative” shares. The shares are not visible on the network, but they are there. These shares are convenient for businesses and companies that use them for their intended administrative purposes. Most users would never need them. If the Administrator (or other user in the Administrators group) password is cracked the entire system is accessible from the network. In current versions of Windows if you disable these default shares they will be enabled again when you restart the Server service or restart. The way to prevent this is either disable or stop the Server service (which stops all file sharing), or with a Registry hack. For more information see this Microsoft support article.
4. Don’t Share Root Directories
It seems so simple to click Sharing & Security on a drive, click New Share, and set one up. Don’t give in to the temptation. Shares like this are risky because the entire drive, including system and program directories are made accessible from the network. Current versions of Windows have more restrictive permissions set for the system directories, but don’t take the chance. Have specific directories set up for file sharing.
3. Don’t Grant Write Access for Everyone
Shares use an access control list (ACL) to define who has what kind of access. The ACL controls which users can see the contents of the share, read and copy files from the share, whether they can change files, or add new files to the share. Individual user accounts or groups can be set up with different levels of access. Default access for the “Guest” account and the group “Everyone” only allows for Read access in modern versions of Windows. More complex ACLs take more time to set up, but it’s worth the time.
2. Use Password Protection for Your Shares
Don’t use “open” shares! An open share is one that is set up allowing access without requiring a username and password on access. You should never set up shares this way. It may seem easier for your friends, family and especially children to access, but don’t do it. If someone you want to can access your files without giving a username and password, so can someone you don’t want to.
1. Don’t Share Files When You Don’t Need To
Don’t have shares enabled or set up when you don’t need them! This is definitely the most important file sharing security tip. A share’s security can’t be violated if the share isn’t enabled or isn’t set up. Think about it–if you are on the Web with your laptop at a coffee shop, if you don’t have any file shares set up and turned on, you don’t even have to worry about security tips three, and two! Passwords can’t be cracked if they can’t be tried. Unauthorized users can’t create or change files on shares that aren’t there. A related concept to tips five and four, this one is more fundamental: if you’re not using it, turn it off!
If you don’t understand these tips or they are too complicated for you, use tip number one and only turn on sharing right when you need it, and turn it off when you’re done. Or find a friend that can help. There are so many times these days when our computers may be exposed, especially with a laptop when we’re on open Wi-Fi networks at coffee shops, libraries, and so forth. There is much more we can do with file sharing security, but these tips are a great start, especially for a home user.