Bad idea to share entire HD on the LAN?

Muse · Apr 21, 2011

I just connected a 2TB external USB HD to my server machine and went into the properties of the HD on the server machine to establish sharing with my other computers in my house (LAN). Windows XP cautioned me that it is a bad security to share the root directory and on down and I would be better off sharing a folder tree down the trunk somewhere. I could move the immediate subfolders of the root under a directory like \Data. Is this really a good idea or is this really just for bootable drives?

How could this get me into trouble?

Dark Shroud · Apr 21, 2011

People screw with your windows install or just load up your entire hard drive with files.

imagoon · Apr 22, 2011

For a home data directory maybe not. For servers you can bypass share level security if you have a root folder (or any share above another in the tree).

IE:

d: (share security: everyone read)
d:\private data (share security: domain\billy read; [everyone missing here]

go to d: share -> click "private data" folder

"everyone" now has read access to that folder.

This is assumes you didn't use file system security to lock it down.

Muse · Apr 22, 2011

Dark Shroud said:
People screw with your windows install or just load up your entire hard drive with files.

Does that apply to me? This is my private LAN. Noone else is using any of the machines.

Oric · Apr 23, 2011

in case one of your cases get hacked, it is a wise idea to hide sensitive information not shared

Muse · Apr 23, 2011

Oric said:
in case one of your cases get hacked, it is a wise idea to hide sensitive information not shared

Do you mean I should keep sensitive information in unshared folders? I suppose there's some sensitive information I could keep in unshared folders. Some of it (not so sensitive) I like accessible from all of my machines so I can access it. That would have to be in shared folders, I figure.

Muse · Apr 23, 2011

Do the same principles apply to sharing the top level directory of a partition?

Emulex · Apr 23, 2011

just because a directory is shared does not give permission to read a file. sharing and permissions are separate entirely. you give permission to do do things over a share but they might need to authenticate to modify or read as user ABC on your machine.

Ross Ridge · Apr 23, 2011

Muse said:
I just connected a 2TB external USB HD to my server machine and went into the properties of the HD on the server machine to establish sharing with my other computers in my house (LAN). Windows XP cautioned me that it is a bad security to share the root directory and on down and I would be better off sharing a folder tree down the trunk somewhere. I could move the immediate subfolders of the root under a directory like \Data. Is this really a good idea or is this really just for bootable drives? How could this get me into trouble?

If this were the root directory of your C: drive then Windows XP might have had a point, but in your case sharing the entire contents of an external USB hard drive amount to the same thing as sharing only a subdirectory.

Nothinman · Apr 23, 2011

Oric said:
in case one of your cases get hacked, it is a wise idea to hide sensitive information not shared

If they get in via either his account or an admin account they'll have full access to all of the files on the machine anyway so all you're doing is making it slightly harder to find the sensitive files.

Muse · Apr 24, 2011

Nothinman said:
If they get in via either his account or an admin account they'll have full access to all of the files on the machine anyway so all you're doing is making it slightly harder to find the sensitive files.

At one time (10 years ago, when I was a database administrator) I did have some pretty sensitive info on my machine (e.g. credit card numbers, SSNs, for thousands of people working at many of the top echelon companies in the USA), but now I have to wonder why anyone would want to look at any of my data unless it was me!

Of course, my tax returns must be considered personal and off limits to anyone but me, my agents and possibly the IRS, but I can't imagine why anyone else would give a damn about them.

Nothinman · Apr 24, 2011

Muse said:
At one time (10 years ago, when I was a database administrator) I did have some pretty sensitive info on my machine (e.g. credit card numbers, SSNs, for thousands of people working at many of the top echelon companies in the USA), but now I have to wonder why anyone would want to look at any of my data unless it was me! Of course, my tax returns must be considered personal and off limits to anyone but me, my agents and possibly the IRS, but I can't imagine why anyone else would give damn about them.

Generally it's not about you specifically, just the opportunity to add another machine to their botnet and possibly get your CC#, SSN, etc so they can use your identity to buy crap.

imagoon · Apr 24, 2011

Nothinman said:
Generally it's not about you specifically, just the opportunity to add another machine to their botnet and possibly get your CC#, SSN, etc so they can use your identity to buy crap.

This is generally the point. They are not after "Muse" specifically, just another poor sap to steal stuff with (identity credit cards etc).

Muse · Apr 24, 2011

Nothinman said:
Generally it's not about you specifically, just the opportunity to add another machine to their botnet and possibly get your CC#, SSN, etc so they can use your identity to buy crap.

Well, I do have a CC# or two on my machine but identifying it would not be a simple matter. They'd need to be very good to do that. I think the CIA would have a tough time doing that. I kind of doubt my SSN is anywhere in my data, OTOH.

Search

Bad idea to share entire HD on the LAN?

Muse

Lifer

Dark Shroud

Golden Member

imagoon

Diamond Member

Muse

Lifer

Oric

Senior member

Muse

Lifer

Muse

Lifer

Emulex

Diamond Member

Ross Ridge

Senior member

Nothinman

Elite Member

Muse

Lifer

Nothinman

Elite Member

imagoon

Diamond Member

Muse

Lifer

TRENDING THREADS