Any computer connected to your PC over a network including the several billion machines on the Internet may be able to access the files in your shared folders. Thus, the best way to protect your data is to not share it in the first place. If you need to share files, exclude folders that contain particularly sensitive data.
The first thing you need to do is set a password for your user account. Open the User Accounts control panel, select your account from the list, and then click "Create a password." Type your password twice, followed by a clue to act as a reminder down the road (you may well need it),
and then click the Create Password button when you're done. Thereafter, anyone wanting to access your files from another computer on your network will have to supply the password (with some exceptions for Windows XP Professional).
Now, unless you employ some sort of firewall anyone outside your local network namely, everyone on the Internet can access your data (and yes, no matter how uninteresting you may think the contents of your PC are, this can happen to you). Windows XP comes with the "Windows Firewall," a feeble software-based solution, but nothing beats a hardware firewall placed between you and the rest of the world. If you don't have one already, get yourself a router for this purpose.
What About Encryption?
Windows XP Professional also has some built-in data encryption features, but encryption offers no more protection than restrictive permissions when using shared folders. Rather, encryption is designed to protect your data from those who use your PC directly, either by sitting in front of it
or by remote control using Terminal Services (a.k.a. Remote Desktop).
Warning: If you're using a wireless network, anyone within range may be able to join your network and access your files.
For any more protection, you'll need to use permissions , which are special settings that control precisely who can do what to your files. Permissions are available only in Windows XP Professional (and Media Center Edition); if you're using Windows XP Home, your ability to protect your data effectively stops here.
On an XP Pro system, every file, folder, and drive has two sets of permissions you can set: permissions for local users (other people sitting at your PC), and permissions for anyone accessing your files through a shared folder. To set the permissions for a shared folder, right-click the folder, select Properties, choose the Sharing tab, and then click the Permissions button. The Share Permissions window, shown in Figure, shows a list of configured users in the top list, and the specific things the selected user is allowed to do down below.
First, make sure your own username appears in the upper list; if it doesn't, or if it merely shows "Everyone" (like the one in Figure), click the Add button. Type your usernameor the username of the person you want to be able to access your stuff in the "Enter the object names to select" field, and then click the Check Names button. If Windows underlines what you've typed, the username is okay; otherwise, you'll get a "Name not Found" message. Click OK when you're done adding names.
Next, highlight your username in the "Group or user names" list, and place checkmarks in the boxes in the Allow column below as you see fit. Want others to be able to read the files in this folder but not change any of them? Put a checkmark in the Read box, but not in the Full Control
or Change boxes.
Note: In most cases, you won't have to bother with the checkboxes in the Deny column unless you start messing with "groups" of users. Permission to carry out a given action is implicitly denied as long as there's no checkmark in the corresponding Allow box .
If you want to deny any user access to your files particularly the self-explanatory "Everyone"highlight the username, and click the Remove button. Now, any user who is not expressly listed here (or included in any groups listed here) will not have access to your shared files.
When you're done, click OK. The changes take effect immediately and apply to the selected folder share, as well as to all subfolders and files contained therein.
Note: By adding someone else's username to the Permissions window, you can protect your data without handing over your username and password. If your PC is part of an NT domain (typical in a corporate environment), you can add users from your domain or even another domain by clicking the Locations button to change the scope of the user validation. But on a home network, you'll need to create a new user account on your PC (using the User Accounts control panel) before you can type it into the Permissions window .
0 comments:
Post a Comment