Windows
95 and 98 Systems
Windows
NT Systems
<<
Back to Windows Security
________
Windows
95 and 98 Systems
In Windows terminology, a "share" is a mechanism
that allows a user to connect to file systems and printers
on other systems. An "unprotected share" is a share
on a system that allows anyone to connect to that system.
From a
security viewpoint, having unprotected shares means that there
is more likelihood that a system can be attacked by hackers,
worms, and other sources. Unprotected shares are currently
the major cause of security-related incidents at LBNL.
Anyone
outside the Lab can connect to an LBNL system having unprotected
shares. And LBNL is a U.S. Department of Energy site, so that
makes it potentially a worldwide target for hackers!
Many LBNL
Windows 95 and 98 users have unprotected shares on their systems
even though they do not really need them. Read below to learn
how to check your system for unprotected shares and howtoget
rid of them.
Checking
Your System for Unprotected Shares
- To
check whether unprotected shares exist in your Windows 95/98
system:
- From Start, go to the Control Panel.
- In
the Control Panel, double click on Network.
- c.
Once the Network dialog box comes up, double click on
the File and Print Sharing Box. If the "I want
to be able to give others access to my files" option
is *not* checked, your system does not have unprotected
shares. (The same is true for the "I want to be
able to allow others to print to my printer" option.)
- BUT, if the "I want to be able to give others access
to my files" option is checked, your system could possibly
have unprotected shares. You'll need to go through a few
more steps to find out:
- Go
to My Computer and double click.
-
Move the pointer to the folder labeled "Volume
1: C" (or whatever your C drive has been named)
and click once.
-
Go to File at the top, then pull down the options to
Properties.
- Once
the properties panel is displayed, click on the Sharing
tab at the top. If the "Shared As" option
is clicked and the "Access Type" is "Full,"
your computer's C drive is accessible via an unprotected
share. Additionally, it is also accessible if the Access
Type is "Depends on Password," but no password
has been entered.
NOTE:
If your computer has a D drive, it is important to repeat
these steps to check whether there is an unprotected share
to this drive, too.
Getting
Rid of Unprotected Shares
- Option
One—Turning Off Sharing Altogether
If
allowing access to your system's files or printer is not
really necessary, you can click on the checkmark next to
the "I want to be able to give others access to my
files option" to turn this option off. No check should
now be visible. This will improve the security of your system
considerably. You need to read no further here-the problem
will be solved.
- Option
Two—Making Sharing Safer
If
your system has one or more unprotected shares, but you
cannot disable sharing because you need others to reach
your files and/ or printer, you can make sharing somewhat
safer by limiting access to your files and/or printer. To
limit access, follow these steps:
- If
you still want to share the folder, click on "Shared
As."
- You
must now choose the "Access Type," which includes
the following mutually exclusive options:
- "Read
Only" (best for security), then supply a password
in the box below.
- "Full"
(worst for security because it allows anyone who knows
the password to both Read and Write to the shared folder
and its contents)
- "Depends
on Password"-this option requires that you assign
one password for Read access and another for Write access.
Click
on the option that fits your needs best. Be sure to
enter a difficult-to guess password, then share that
password with others who need share access via phone
or in person, but not by e-mail! (Hackers "sniff"
network traffic constantly to discover passwords.)
Remember,
unprotected shares are the number one cause of security-related
incidents at LBNL. Taking a few minutes to take care of your
computer's security helps prevent incidents, incidents that
can result in unauthorized data modification or data loss,
disruption of your ability to get your work done, and other
undesirable outcomes.
Windows NT
Unprotected
Shares—Checking for and Removing
- From
Start, go to Control Panel/ Server/Sharing. You'll
see all your shared resources. By clicking on these shared
resources, you can choose to disconnect one or all of them.
- Alternatively,
open Widows Explorer. Shared folders are designated by an
open-folder icon, held by a little hand. Right click on
the folder, select Properties, click on Sharing, then click
on Not Shared.
Hidden
Shares
WARNING:
Windows NT "Hidden Shares" ( ADMIN$, C$, IPC$ ),
also known as "Administrative Shares" or "$ shares may be
required by some Windows NT-based network applications. Therefore,
if you connect to a lot of other Windows-based network services,
you probably want to keep these particular shares "on."
By
default, Windows NT has these hidden shares, although they
are restricted to administrative functions and will not appear
to other computers on the network. However, because they are
set by default, it is no secret that they exist. Therefore,
they can be attacked from the network, although an attacker
would need the Administrator password to access the hidden
shares.
Administrative
shares do represent a vulnerability and can be deleted if
they are not necessary (no SMB network connections are needed).
However, since they do need a password, they are somewhat
protected.
Removing
Hidden, or "Administrative," Shares
- The
administrative shares can be removed using the Policy Editor
(from the Resource Kit) by adjusting the Windows NT Network/Sharing/Create
Hidden Drive Shares option.
- The
administrative shares can also be removed without the Policy
Editor by modifying the registry.
WARNING:
If you aren't familiar with editing the registry, DON'T try
this! Get someone who knows what they are doing to help. Your
machine can be rendered unbootable if you make a mistake in
the registry.
To
remove the hidden shares, set up the following registry key
value:
Hive:
HKEY_LOCAL_MACHINE\SYSTEM
Key: CurrentControlSet\Services\LanmanServer\Parameters
Name: AutoShareWks
Type REG_DWORD
Value: 0
|
