Accessing File System Using Host Name

Hi

Im able to access the file system of one of our remote win 2K web servers without having to VPN to it, just by Using the host name ie \\www.myserver.com , it prompts for a username & password

Is this normal behaviour ? if not how can I resrict this to only the VPN connections

Cheers

Len
LVL 10
lengreenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

You mean you can access the file system over a public network connection?

Isn't there a Firewall there?
0
lengreenAuthor Commented:
We have 2 Webservers hosted by an ISP, they have opened them up for us to connect via VPN, but on one of them we can connect over the public network, so something is not right.

cheers

Len
0
kapesCommented:
Definitely... you should not be able to connect over PUBLIC network....

So, either... disable the "SERVER & WORKSTAION" services on server...
or
block the ports related to them in firewall...
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

Chris DentPowerShell DeveloperCommented:

I'd go with the Block the Ports option. The only ports that should be publicly available on a server are the ones you specifically define (like Port 80 (HTTP) and 443 (HTTPS)).

Directly accessing the file system like that implies that your machine is pretty much open to anything anyone wants to throw at it, which is a big risk even if you have the machine patched and completely up to date.
0
bbaoIT ConsultantCommented:
if \\www.myserver.com is workable on the public internet, it means the server www.myserver.com is not protected by your ISP's firewall at all, at least its NETBIOS related ports (135~19) are open. the best way is to enable firewall protection: to ask your ISP check it and protect it.

you do not need to disable workstation/server/NETBIOS serivces, else the clients can not access the server through VPN.
0
map000Commented:
I suppose that's the normal behavior if somebody else configured the network (meaning that's done through a VPN)
0
map000Commented:
but what does it mean remote web servers; (in your network but other location; ISP hosting ....)?
0
Rich RumbleSecurity SamuraiCommented:
Have the isp block all port's except those that you need- like port 80, and whatever the VPN is designed to connect to. Ports 135-139 and 445 should not be allowed. They are doing you a great dis-service by allowing these ports. If you need Terminal service/RemoteDesktop opened, do so on a custom port, not the default 3389.
Read my comments here about securing and changing TS/RD ports
http://experts-exchange.com/Security/Win_Security/Q_21098770.html

If you think that just by doing \\my.server and connecting is bad... you should use the computer managment tool to connect, or even the registry... if you can see it, chances are anyone else can to, unless the hosting company is allowing you IP specifically.

regedit.exe ->file->connect network registry->enter \\ip or \\name ->OWN The Box
Even better
open computer manager, right-click computermanagment local, connect to remote computer, enter ip or name, own the box, turn off/on a service, with no real creditals at all.

-rich


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lengreenAuthor Commented:
Cheers Guys
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.