securing laptop for public WiFi spots

Archived from groups: alt.internet.wireless (More info?)

At home I have created a wireless network and configured XP SP2 to do
simple file and printer sharing. Firewall is configured to trust the
local network behind the router.

When I'm on the road, what should I do to secure my laptop when
connecting to public WiFi spots? It would be a PITA to turn off
sharing on every folder I created for the home network.

What do you guys do to manage these two "profiles"? How do you do it?

Archived from groups: alt.internet.wireless (More info?)

speeder <no.spam@invalid.com> wrote:
> At home I have created a wireless network and configured XP SP2 to do
> simple file and printer sharing. Firewall is configured to trust the
> local network behind the router.

Anyone that manages to get onto your WiFi network at home is therefore
trusted. I have a long lease time for DHCP, and configured just a couple
of trusted addresses.

If your home network happens to be one of the widely popular numbers, that
might not be a good thing either. I always move away from 192.168.0.x on
any router I set up, just so I don't get confused. You might wind up
"blessing" the wrong network.

> When I'm on the road, what should I do to secure my laptop when
> connecting to public WiFi spots? It would be a PITA to turn off
> sharing on every folder I created for the home network.

You could always run a cmd prompt "net stop server". That stops print and
file sharing, and a couple of other things you probably don't need at
Starbucks. When you reboot it would come back, or you could start it and
its dependents from start-run-services.msc

> What do you guys do to manage these two "profiles"? How do you do it?

With ZoneLabs it was pretty simple. Whenever I connected to a new network,
it would show up as a new subnet, and get appropriate permissions.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

Archived from groups: alt.internet.wireless (More info?)

On Wed, 31 Aug 2005 19:02:17 -0300, speeder <no.spam@invalid.com>
wrote:

>What do you guys do to manage these two "profiles"? How do you do it?

Others have covered some of the methods and requirements. I'll just
offer some useful tools:

1. Belarc Advisor.
http://www.belarc.com
This is really an inventory control program that give you a list of
what inside your laptop. However, the latest version has a "security
benchmark" feature that lists a considerable number of potential local
security related settings and options. It's real easy to forget an
open share or an account with an insecure password. Use it like a
checklist. It's not necessary to have all the holes plugged, but you
should be aware of the possibilities listed.

2. Netswitcher.
http://www.netswitcher.com
This allows you to switch network setups between multiple locations on
the fly. It includes the usual protocols and IP's, but also mail
serves and printers. Useful if you connect your laptop to multiple
LAN's and WLAN's. This is really your "profile" manager.

3. Newt security scanner.
http://www.tenablesecurity.com
This will scan your machine and those on your LAN for known
vulnerabilities.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice Skype: JeffLiebermann
# http://www.LearnByDestroying.com AE6KS
# http://802.11junk.com
# jeffl@comix.santa-cruz.ca.us
# jeffl@cruzio.com

Archived from groups: alt.internet.wireless (More info?)

On Wed, 31 Aug 2005 19:02:17 -0300, speeder <no.spam@invalid.com>
wrote:

>At home I have created a wireless network and configured XP SP2 to do
>simple file and printer sharing. Firewall is configured to trust the
>local network behind the router.
>
>When I'm on the road, what should I do to secure my laptop when
>connecting to public WiFi spots? It would be a PITA to turn off
>sharing on every folder I created for the home network.
>
>What do you guys do to manage these two "profiles"? How do you do it?

Good stuff, thanks everyone. I just found out my laptop is XP Home and
according to one of those links:

"Unfortunately, XP Home Edition doesn't allow you to disable Simple
File Sharing and is unable to join a domain, so the best you can hope
for is to make sure you set your shared folders to be read only, hide
the file shares by using a $ sign after the folder name, or if your
using the NTFS file system, use the 'Make Private" option in the
folder properties."

I guess the secure and simplest solution is to configure my firewall
to untrust local networks.

Archived from groups: alt.internet.wireless (More info?)

On Thu, 01 Sep 2005 18:27:52 -0300, speeder <no.spam@invalid.com>
wrote:

>On Wed, 31 Aug 2005 23:29:46 +0000 (UTC),
>dold@XReXXsecur.usenet.us.com wrote:
>
>>> When I'm on the road, what should I do to secure my laptop when
>>> connecting to public WiFi spots? It would be a PITA to turn off
>>> sharing on every folder I created for the home network.
>>
>>You could always run a cmd prompt "net stop server". That stops print and
>>file sharing, and a couple of other things you probably don't need at
>>Starbucks. When you reboot it would come back, or you could start it and
>>its dependents from start-run-services.msc
>
>I liked this idea but when I tried it I could still see shares.
>Perhaps other services need to be stopped as well?

....correction. I could see the shares on the desktop but not the other
way around! I guess I'll use this trick with the firewall config
thing.

thanks

Archived from groups: alt.internet.wireless (More info?)

> I liked this idea but when I tried it I could still see shares.
> Perhaps other services need to be stopped as well?

seeing isn't the same as being able to connect.

The server service handles connections.