Tom's Easy Home Networking
An Editorial by Thomas Blakely
2001-04-29 08:03 by Tom Blakely
So you want to set up a home LAN for games and whatnot but are worried about people sneaking in? Well let's get you set up and secure! First, believe it or not, I would not install a password on my home computers for file and print sharing. It's just a bother and we're going to prevent internet access to your files anyways. First the steps, then the explanations.
DO NOT REBOOT UNTIL ALL THE STEPS ARE COMPLETED
Home Networking in Five Steps:
Make sure that each computer has the same "Workgroup" name:
Click: Control Panel - Network - Identification tab.
If not listed in the Configuration screen, add NetBEUI. It's explained at the bottom if you want to know what NetBEUI is.
Click: Add - Protocol - Microsoft - NetBEUI
Now for the "Properties" of NetBEUI, make sure that Client for Microsoft Networks and File and printer sharing for Microsoft Networks ARE checked.
Enable "Sharing" for each drive.
On your desktop, click My Computer -
Click ONCE on the drive to be shared -
RIGHT-Click and select "Sharing" -
Check the "Shared As" box.
THE FOLLOWING PROVIDES INTERNET SECURITY:
DO NOT bind TCP/IP to file and print sharing:
Click: Control Panel - Network - Configuration tab.
For each mention of "TCP/IP":
Uncheck BOTH Client for Microsoft Networks and File and printer sharing for Microsoft Networks.
CLOSE AND REBOOT.
From now on, if you want to see the other systems you will have to use a password when you start Windows. If you DON'T already have a logon password, the first time you re-start, you will be asked for one and whatever you put in there will be your password from then on. It IS case sensitive. If you DON'T enter the correct password or click cancel you will still get into Windows, but the local network (the other systems in your house) will NOT be accessible. It's a security issue. You must logon correctly to use Local network resources.
You should now be able to see each computer in Network Neighborhood. Click on the computer, and you should see the shared drives. Enjoy!
Notes on what we just did and why we did it this way
Each computer MUST be in the same Workgroup. It IS case sensitive, so make sure the Workgroups are spelled exactly the same. "HomeNet" or "House" are good names, though it can be anything you want as long as it is identical on all the systems.
So you know, NetBEUI is a non-routable protocol, which means it won't cross a router, it is inherently more secure than TCP/IP for this reason. By enabling NetBEUI, and binding it to your File and Printer sharing AND DISABLING TCP/IP File and Printer sharing (See step D for more info), we ensure that your systems can share within the house, but people outside your LAN can't access these resources. In addition, NetBEUI is actually faster than TCP/IP, so it's more efficient to do it this way!
Yes, you have to tell windows to give others access to your hard drives, and vice versa. Once it's shared to the network, all should be able to use it. If you only want to allow them to access a particular directory, you can do that as well.
Understand, TCP/IP can be routed, which is why it is used on the Internet so much. However, it also means that if you bind File and Printer sharing to TCP/IP someone from Timbuktu could theoretically get access to your files. That's why we DISABLE this protocol for File and Printer Sharing.
Thomas (Bouncer) Blakely, CCNA, CCDA