Making Sure Windows Firewall Is Turned On
Your Windows Home Server network probably connects to the Internet using a broadband—cable
modem or DSL—service. This means that you have an always-on connection,
so there’s a much greater chance that a malicious hacker could find
your computer and have his way with it. You might think that with
millions of people connected to the Internet at any given moment, there
would be little chance of a “script kiddy” finding you in the herd.
Unfortunately, one of the most common weapons in a black-hat hacker’s
arsenal is a program that runs through millions of IP addresses
automatically, looking for live connections. The fact that many cable
systems and some DSL systems use IP addresses in a narrow range
compounds the problem by making it easier to find always-on connections.
When a cracker finds your address, he has many
avenues from which to access your computer. Specifically, your
connection uses many different ports for sending and receiving data.
For example, File Transfer Protocol (FTP)
uses ports 20 and 21, web data and commands typically use port 80,
email uses ports 25 and 110, the domain name system (DNS) uses port 53,
remote connections to the network use ports 443 and 4125, and so on. In
all, there are dozens of these ports, and every one is an opening
through which a clever cracker can gain access to your computer.
As if that weren’t enough, attackers can check your
system for the installation of some kind of Trojan horse or virus.
(Malicious email attachments sometimes install these programs on your
machine.) If the nefarious hacker finds one, he can effectively take
control of your machine (turning it into a zombie computer) and either wreak havoc on its contents or use your computer to attack other systems.
Again, if you think your computer is too obscure or
worthless for someone else to bother with, think again. Hackers with
malicious intent probe a typical computer connected to the Internet for
vulnerable ports or installed Trojan horses at least a few times every
day. If you want to see just how vulnerable your computer is, several
good sites on the Web can test your security:
The good news is that Windows Home Server comes with
Windows Firewall. This program is a personal firewall that can lock
down your ports and prevent unauthorized access to your machine. In
effect, your computer becomes invisible to the Internet (although you can still surf the Web and work with email normally).
Windows Firewall is activated by default in Windows
Home Server. However, it pays to be safe, so here are the steps to
follow to ensure that it’s turned on:
1. | Log on to Windows Home Server.
|
2. | Select Start, Control Panel, Windows Firewall. Windows Home Server displays the Windows Firewall dialog box.
|
3. | Click Turn Windows Firewall On or Off.
|
4. | In
the Home or Work (Private) Network Location Settings group, make sure
the Turn On Windows Firewall option is activated, as shown in Figure 1.
|
5. | Click OK.
|
Caution
Activating
Windows Firewall on Windows Home Server only protects the server; it
doesn’t do anything for the security of your client computers.
Therefore, it’s a good idea to check your Windows 7, Vista, and XP
machines to ensure that Windows Firewall is activated on each. (Note,
however, that Windows Home Server lets you know if any Windows 7 or
Vista machine has its firewall turned off.)
Disabling the Hidden Administrative Shares
By default, Windows Home Server sets up automatic
administrative shares for the root folders of the C: and D: drives, as
well as C:\Windows. These shares have a dollar sign ($) at the end of their names (C$, D$, and ADMIN$), so they’re hidden from the list of shares you see when you access \\SERVER. To see them, select Start, Command Prompt to open a command prompt session, type net share, and press Enter. You’ll see a listing similar to this:
Share name Resource Remark
---------------------------------------------------------
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
E$ E:\ Default share
F$ F:\ Default share
G$ G:\ Default share
Documents E:\ServerFolders\Documents Documents
Music E:\ServerFolders\Music Music
Pictures E:\ServerFolders\Pictures Pictures
Recorded TV E:\ServerFolders\Recorded TV Recorded TV
Videos E:\ServerFolders\Videos Videos
Although the C$ and ADMIN$ shares
are otherwise hidden, they’re well known, and they represent a small
security risk should an intruder get access to your system. To close
this hole, you can force Windows Home Server to disable these shares.
Here are the steps to follow:
1. | Log on to Windows Home Server.
|
2. | Select Start, type regedit, and then press Enter. Windows Home Server opens the Registry Editor.
|
3. | Navigate to the following key:
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
|
4. | Select Edit, New, DWORD (32-bit) Value.
|
5. | Type AutoShareServer, and press Enter. (You can leave this setting with its default value of 0.)
|
6. | Restart Windows Home Server to put the new setting into effect.
|
Once again, select Start, Command Prompt to open a command prompt session, type net share, and press Enter. The output now looks like this:
Share name Resource Remark
---------------------------------------------------------
IPC$ Remote IPC
Documents E:\ServerFolders\Documents Documents
Music E:\ServerFolders\Music Music
Pictures E:\ServerFolders\Pictures Pictures
Recorded TV E:\ServerFolders\Recorded TV Recorded TV
Videos E:\ServerFolders\Videos Videos
Caution
Some programs expect the administrative
shares to be present, so disabling those shares may cause those
programs to fail or generate error messages. If that happens, enable
the shares by opening the Registry Editor and either deleting the AutoShareServer setting or changing its value to 1.
