-1

For a small office network (e.g. 6 machines on LAN), using Windows XP 64 bit Professional as the OS on the server machine, I want to enable sharing of files on the server machine NTFS hard-drive (quite an obvious requirement of a server machine). This would primarily achieved through the company's local network, but would ultimately also allow users to remotely connect to the system through remote desktop. At the moment this server machine is able to access the internet through a router in the office, the same as any of the other office machines.

But I have immediate concerns relating to the security of this machine as a consequence of file sharing. Indeed, checking out Windows Firewall is particularly alarming

windows firewall exceptions

I see to my horror that the firewall seems to be making an exception in relation to Port 139 - notorious for being possibly the single most dangerous port to have open!

I am fairly sure that file sharing and network security are not mutually exclusive concepts - it might seem quite an elementary question, but how do I enable both?

Stumbler
  • 113
  • 5
  • 3
    How do you expect file sharing to work without the file sharing port being open? – gparent Feb 21 '13 at 18:00
  • You're running an OS that is no longer supported (unless you have a corporate support contract) by Microsoft - No updates security or otherwise. Having file sharing ports open for a server that is sharing files should be the least of your worries. – Zypher Feb 21 '13 at 18:01
  • As Zypher says, you're running what is essentially an unsupported OS. If you're worried about security you should be worried about that more than what ports might be open on your internal LAN (you *are* only exposing your 'server' and workstations to just the LAN and not the internet, right?). What you're doing is the equivilent of worrying about a small splinter in your thumb while the arm it's connected to is broken. – Rob Moir Feb 21 '13 at 18:41
  • @Zypher : Personally I agree with you about XP - although officially support isn't due to terminate until April 8, 2014. – Stumbler Feb 21 '13 at 18:58
  • @RobM : Remote desktop to the server wouldn't be all *that* useful if limited to the local network. You're right though, that I shouldn't be worried about the machine's security, but rather that of the network. – Stumbler Feb 21 '13 at 19:03
  • 1
    @Duncan just to make sure you understand (and i know this is a bit of a tangent) Mainline support (normal people) has ended as of April 2009, Extended support (Corporations with MS Support contracts) doesn't end till April 8, 2014. – Zypher Feb 21 '13 at 20:00

1 Answers1

3

Well, if you turn off access to port 139, then you won't have Windows file sharing functionality. What you should do is block that port at your network's perimeter firewall.

... file sharing and network security are not mutually exclusive concepts - it might seem quite an elementary question, but how do I enable both?

File sharing is a service that is enabled. Network security isn't a service to be turned on, it's a combination of factors mostly based on the knowledge and effort of those implementing it.

Jeff Ferland
  • 20,239
  • 2
  • 61
  • 85
  • Of course, just block the ports on the router that are used exclusivly within the LAN, and port-forward things such as rdc. – Stumbler Feb 21 '13 at 19:10