Solved

File and Print Sharing enabled on your network

Posted on 2006-11-10
8
214 Views
Last Modified: 2010-04-11
I have 120 PCs on AD. They are behind a firewall and then each PC has its own firewall. I would like to open port 135 on the firewall and enable File and Print Sharing on each computer so I can run maintenance scripts with PSTools. Do you guys think it is a bad idea to have File and Print Sharing enabled on your network?
0
Comment
Question by:caldwels1895
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 50 total points
Comment Utility
No that's not a bad idea, as long as you don't open it on your external firewall.
OK, there is some malware making use of shares, but limiting an important functionality just because of this?
Not using File and Print Sharing in a network, to me is like saying: lets turn of all computers to prevent malware. I'm exagerating but you get the idea.
You probably have file and print sharing on your servers. So what's the difference?
You should prevent from getting the malware in the first place by following best practices.

J.

0
 
LVL 3

Expert Comment

by:mahe2000
Comment Utility
It's an awful idea to open port 135 on your external firewall it is very bad for security and performance won't be good neither. If you want to do something like that maybe you can turn on terminal services (remote desktop) in a pc inside your network (if you can move the port of terminal services to a high one better) and then you can run the scripts from there.
0
 

Author Comment

by:caldwels1895
Comment Utility
I'm sorry I’m sorry I should have explained it better. I want to open the port on the computer not the external firewall.
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
That's what I assumed in my response :-)

J.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 50 total points
Comment Utility
opening 135 could help some worms, if you really need it, may be you can open that port to be accessed from just one single computer (the ones that starts scripts) and be sure to have it clean.
a good antivirus policy (configuration, update, ...... ) will help you.
0
 
LVL 8

Accepted Solution

by:
deadite earned 100 total points
Comment Utility
I assume you will control the XP workstation firewalls using AD group policy.  When you do this,  you are given the option to add your local subnet to the allow only list.  Make sure you do this rather than saying any IP can get to those ports.

Please note, as earlier said, do not allow port 135 and Print and file sharing through your external firewall onto your servers or workstations.

I would also suggest you check your open ports and security using some kind of network scanners like Nessus nmap and MBSA:
http://www.nessus.org/download/
http://insecure.org/nmap/
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Nessus will tell you open ports and known vulnerabilities
nmap will give more info than you'll prob ever need
MBSA is good to check for missing patches, user pw's, etc

0
 
LVL 8

Assisted Solution

by:ViRoy
ViRoy earned 50 total points
Comment Utility


Opening those ports internally should not cause any trouble. It will cause alot of discovery frames to be broadcast so you really should enable WINS to avoid that.
Other than that, if you are using virus scans and good security practices... you will not face any problems.
I have this same setup at our office and map everyone via logon profile to a public share that has company data/forms available.
0
 

Author Comment

by:caldwels1895
Comment Utility
Thanks All!
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now