Internet access has come a long way over the past few years with wireless (WIFI) hot spots, airports, hotels, and many other public locations offering free Internet access to anyone. While we have come to expect this level of service with today's technology, Computer security is never consider before we plug-in and connect to public access points.
Many people do not realize, after connecting to public access points how incredibly easy it is to access other people's Windows Computers, on the same subnet, by browsing the Network (Network Neighborhood)….including their own Computer.
So how do you prevent your shared folders from becoming a shared free for all? One easy way is to disable File and Print Sharing.
NOTE: The following methods can be run either before or during connecting to a Public Internet access point (either a physical connection or wireless). It's best to disable File and Print Sharing before connecting to lessen the risk of some one accessing your shares.
Two methods exist:
1 – On Windows XP or Vista, the easiest way to disable share access is to stop the Server service. With the Server service stopped, no one can access any shares on your Computer, regardless of which Network adapter you are using (you will still be able to browse and connect to shares on other Computers).
To disable, open a command prompt by clicking on:
Start \ Run… and in the run box type cmd then click OK.
At the command prompt window type the following:
net stop server
To enable the Server service when you have disconnected from the Public access point, type:
net start server
Or you can stop/start the Server service using the Services console by clicking on:
Start \ Run… and in the run box type services.msc then click OK.
When the Services window opens, scroll down until you see the Server service, right click it and select Stop:
To enable, right click on Server and select Start.
2 – The second method on XP or Vista, is to disable File and Printer Sharing in Windows Firewall. To open Windows Firewall click on:
Start \ Run… and in the run box type firewall.cpl then click OK.
On XP – When Windows Firewall opens, click on the Exceptions tab and uncheck File and Printer Sharing, then click OK.
On Vista – click on Allow a program through Windows Firewall:
Then click on the Exceptions tab and uncheck File and Printer Sharing, and click OK.
When you have disconnecting from the Public Internet access, don't forget to enable File and Printer Sharing in the firewall.
If you want to disable Windows Firewall File and Printer Sharing from the command prompt, type the following command:
netsh firewall set service FILEANDPRINT DISABLE
To enable File and Printer Sharing:
netsh firewall set service FILEANDPRINT ENABLE
If you run a different firewall software other than Windows Firewall, you can block access to File and Print sharing by creating rule to not allow TCP ports 137, 138, 139 and 445.
Remember, the best security can only be implemented in layers. Disabling or locking down Windows shares is one way to prevent unautorized access or data loss. Running a firewall is another way.
Although running anti-virus or spyware software won't stop someone from stealing your data, it can prevent a malicious person attempting to plant a virus or unwanted program through an unprotected share.