Solved

File and Print Sharing enabled on your network

Posted on 2006-11-10
8
218 Views
Last Modified: 2010-04-11
I have 120 PCs on AD. They are behind a firewall and then each PC has its own firewall. I would like to open port 135 on the firewall and enable File and Print Sharing on each computer so I can run maintenance scripts with PSTools. Do you guys think it is a bad idea to have File and Print Sharing enabled on your network?
0
Comment
Question by:caldwels1895
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 50 total points
ID: 17914335
No that's not a bad idea, as long as you don't open it on your external firewall.
OK, there is some malware making use of shares, but limiting an important functionality just because of this?
Not using File and Print Sharing in a network, to me is like saying: lets turn of all computers to prevent malware. I'm exagerating but you get the idea.
You probably have file and print sharing on your servers. So what's the difference?
You should prevent from getting the malware in the first place by following best practices.

J.

0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17914412
It's an awful idea to open port 135 on your external firewall it is very bad for security and performance won't be good neither. If you want to do something like that maybe you can turn on terminal services (remote desktop) in a pc inside your network (if you can move the port of terminal services to a high one better) and then you can run the scripts from there.
0
 

Author Comment

by:caldwels1895
ID: 17914429
I'm sorry I’m sorry I should have explained it better. I want to open the port on the computer not the external firewall.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 18

Expert Comment

by:PowerIT
ID: 17914771
That's what I assumed in my response :-)

J.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 50 total points
ID: 17915099
opening 135 could help some worms, if you really need it, may be you can open that port to be accessed from just one single computer (the ones that starts scripts) and be sure to have it clean.
a good antivirus policy (configuration, update, ...... ) will help you.
0
 
LVL 8

Accepted Solution

by:
deadite earned 100 total points
ID: 17925461
I assume you will control the XP workstation firewalls using AD group policy.  When you do this,  you are given the option to add your local subnet to the allow only list.  Make sure you do this rather than saying any IP can get to those ports.

Please note, as earlier said, do not allow port 135 and Print and file sharing through your external firewall onto your servers or workstations.

I would also suggest you check your open ports and security using some kind of network scanners like Nessus nmap and MBSA:
http://www.nessus.org/download/
http://insecure.org/nmap/
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Nessus will tell you open ports and known vulnerabilities
nmap will give more info than you'll prob ever need
MBSA is good to check for missing patches, user pw's, etc

0
 
LVL 8

Assisted Solution

by:ViRoy
ViRoy earned 50 total points
ID: 17926823


Opening those ports internally should not cause any trouble. It will cause alot of discovery frames to be broadcast so you really should enable WINS to avoid that.
Other than that, if you are using virus scans and good security practices... you will not face any problems.
I have this same setup at our office and map everyone via logon profile to a public share that has company data/forms available.
0
 

Author Comment

by:caldwels1895
ID: 17931196
Thanks All!
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASP server side get value 15 46
Need extreme network security for home 16 112
Allow an App or Feature through Windows 10 Firewall Settings 7 65
firewall log 4 33
OnPage: Incident management and secure messaging on your smartphone
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question