Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

File and Print Sharing enabled on your network

Posted on 2006-11-10
8
Medium Priority
?
222 Views
Last Modified: 2010-04-11
I have 120 PCs on AD. They are behind a firewall and then each PC has its own firewall. I would like to open port 135 on the firewall and enable File and Print Sharing on each computer so I can run maintenance scripts with PSTools. Do you guys think it is a bad idea to have File and Print Sharing enabled on your network?
0
Comment
Question by:caldwels1895
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 200 total points
ID: 17914335
No that's not a bad idea, as long as you don't open it on your external firewall.
OK, there is some malware making use of shares, but limiting an important functionality just because of this?
Not using File and Print Sharing in a network, to me is like saying: lets turn of all computers to prevent malware. I'm exagerating but you get the idea.
You probably have file and print sharing on your servers. So what's the difference?
You should prevent from getting the malware in the first place by following best practices.

J.

0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17914412
It's an awful idea to open port 135 on your external firewall it is very bad for security and performance won't be good neither. If you want to do something like that maybe you can turn on terminal services (remote desktop) in a pc inside your network (if you can move the port of terminal services to a high one better) and then you can run the scripts from there.
0
 

Author Comment

by:caldwels1895
ID: 17914429
I'm sorry I’m sorry I should have explained it better. I want to open the port on the computer not the external firewall.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 18

Expert Comment

by:PowerIT
ID: 17914771
That's what I assumed in my response :-)

J.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 200 total points
ID: 17915099
opening 135 could help some worms, if you really need it, may be you can open that port to be accessed from just one single computer (the ones that starts scripts) and be sure to have it clean.
a good antivirus policy (configuration, update, ...... ) will help you.
0
 
LVL 8

Accepted Solution

by:
deadite earned 400 total points
ID: 17925461
I assume you will control the XP workstation firewalls using AD group policy.  When you do this,  you are given the option to add your local subnet to the allow only list.  Make sure you do this rather than saying any IP can get to those ports.

Please note, as earlier said, do not allow port 135 and Print and file sharing through your external firewall onto your servers or workstations.

I would also suggest you check your open ports and security using some kind of network scanners like Nessus nmap and MBSA:
http://www.nessus.org/download/
http://insecure.org/nmap/
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Nessus will tell you open ports and known vulnerabilities
nmap will give more info than you'll prob ever need
MBSA is good to check for missing patches, user pw's, etc

0
 
LVL 8

Assisted Solution

by:ViRoy
ViRoy earned 200 total points
ID: 17926823


Opening those ports internally should not cause any trouble. It will cause alot of discovery frames to be broadcast so you really should enable WINS to avoid that.
Other than that, if you are using virus scans and good security practices... you will not face any problems.
I have this same setup at our office and map everyone via logon profile to a public share that has company data/forms available.
0
 

Author Comment

by:caldwels1895
ID: 17931196
Thanks All!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question