Home network admin - can he browse my files?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I'll be staying with a family for a few weeks and they have a Home
Network that I'll be connecting to in order to access the internet. Can
the network administrator log on through the network to my laptop as
"administrator" (or something else) and access my files? I know he can
intercept my internet communications (including passwords) and that
doesn't bother me, but I don't want him accessing my files. I checked
the properties for my C:\ drive and it is not shared, yet I have this
feeling there's another door somewhere...

I use XP Home, NTFS filesystem.

Re: Home network admin - can he browse my files?

myahact@yahoo.ca wrote in news:1141912785.558503.123940

Quoted text here. Click to load it

It depends.

For one thing it matters whether it is a peer-to-peer network (quite likely
for a home) or a domain one.  And it depends on the sharing mechanism
(permissions or simple file sharing).  And it can depend on other aspects
such as the Guest account.

Note that there can be hidden shares (denoted by a terminal "$" in their
name) such as ADMIN$, C$ and IPC$.


PS  While hardly exhaustive you might start with:

Securing Windows XP Professional in a Peer-to-Peer Networking Environment

For the next level:

Five steps to lock down peer-to-peer Windows networks

PPS  I'm not even considering wireless.

Re: Home network admin - can he browse my files?

nemo_outis wrote:
Quoted text here. Click to load it

I think it's peer-to-peer. I know they don't have a central computer,
just a router. Everyone goes through the router to access the internet.

Quoted text here. Click to load it

I have a Guest account and a personal password protected account. I
tried accessing my personal account from the guest account and it
wasn't possible. I only want those files to be unaccessible. I don't
care if they browse in the Program Files or Windows folder.

I guess what I want to know is if network administrator credentials can
allow logging into my personal account. I know there's always a way to
hack in somehow but I don't think he has the skills nor the patience to
do it. But he might try just simply logging in as administrator. Could
he succeed or does XP have some default protection against that?

Another thing is I'm pretty sure they have an MSHOME network...

Quoted text here. Click to load it

Re: Home network admin - can he browse my files?

myahact@yahoo.ca wrote in

Quoted text here. Click to load it

Mshome[.net] is the default name for a Windows XP peer-to-peer network, so
that's probably what it is.

I would disable the guest account.

I wouldn't worry about "network administrator" since this doesn't apply in
a peer-to-peer network.

I would make very sure I had locked down permissions (sharing).  You might
want to use an auxiliary tool such as Security Explorer.

And all of this presupposes that your friend will never have direct
physical access to the laptop itself when you leave it unattended - if he
does all bets are off.  (Paranoids like myself prefer full-HD OTFE
encryption for this reason.)


PS.   As others have advised make sure all OS patches, etc. are up to date,  
unneccessary services aren't running, you have a firewall and lock down
unused ports, etc.

Re: Home network admin - can he browse my files?

myahact@yahoo.ca wrote:
Quoted text here. Click to load it
It depends on system configuration.  Is NetBIOS exposed?  Is the
administrator account named administrator or admin?  Is your system
suitably firewalled blocking all inbound ports below 1024?  Does every
account on the system have a complex password (Each of 4 character sets
minimum of 10 character password)?  Is sharing turned on anywhere on
local system?  Is it part of the families domain and is every password
protected on their system?  Have you turned off unneeded windows services?

If NETBIOS is exposed it doesn't require an administrator (or anyone
else) any effort to determine every account name on a system and whether
or not that account has a password.

If you join the domain of the family systems the domain administrator
can get access to your system through the domain account.

If you have sharing turned on (windows default is to include everyone in
share with read only access).  There are several exploits to shares that
can allow one to expand the scope of files exposed via share.

There are many potential doors into a system.  There are ways if one
controls the hub to attack the system below the transport layer on many
flavors of NIC cards. Depending on your local machine configuration and
the expertise of your family threat there are  numerous potential holes.
  It is very difficult without more information to assess your security

If the family member is extremely knowledgeable and willful enough, you
will be hard pressed to prevent access to both the transmitted
information as well as access to local system resources.


Re: Home network admin - can he browse my files?

Winged wrote:
Quoted text here. Click to load it

Holy cow! I can't possibly verify all that. All I know is this :

Besides the Guest account, I have my personal password protected
account that is not sharable and not accessible from the Guest account.
I once created an account with administrative privileges and tried
accessing my personal account from there and it also failed.

I know any system is vulnerable but I'm worried about access by regular
logging, not hacking and cracking. Can the network administrator log on
and change some settings that would allow him to access files that are
stored in the MyDocuments folder in my personal account?

Re: Home network admin - can he browse my files?

on 3/9/2006 10:41 AM myahact@yahoo.ca said the following:
Quoted text here. Click to load it

If I understood the previous answers:  The "Administrator" you need to
worry about is the administrator of _Your_ computer, not the network.
Just because you are plugged into a network does not mean that the
"administrator" of that network acquires rights to your 'puter.

I also understand that this answer changes if being plugged in means
that you have to log into a "domain" in order to get access.  In that
case, you have given the administrator of the domain some rights when
you login.  Two points:

1. It does not sound like that's what you have going on.  Just plugging
into a home router does not log you to a domain.

2. Be aware that it would be really tough to log into a domain "by
accident"  It requires a specific password, etc.

Follow some of the other basic advice you've been given and you should
be fine.  Frankly, you're probably ok "as is" for the "threat" you have
described.  Heck, I administer my home network and I can't get into my
daughter's computer across the network, and I know everything there is
to know about that computer.  Could I do it if I tried?  maybe, but it's
easier to go kick her out of her chair if I needed . . .

Re: Home network admin - can he browse my files?

myahact@yahoo.ca wrote:
Quoted text here. Click to load it
Can family member physically touch the system at some moment (say 5
minutes unobserved), if so, then yes unless the system has been secured
properly in BIOS and/or Disk encryption.

Do you use a BIOS password?  Is the ability to boot from CD-ROM or other
devices other than the HDD enabled in BIOS.  If so, yes several common
utilities on the net could allow access to any system information unless
the disk has been encrypted and bios access locked. There are several
utilities that could allow me to create an admin account or change an
administrative password without ever booting windows.  Yes, it can be
done, without any great effort.  Once one obtains administrative access
there are several ways to hide/disguise any additional accounts.  This
does not require true hacking, tools are already widely available on the
net at little to nor charge.  This would be more a script kiddie event.


Re: Home network admin - can he browse my files?

On 9 Mar 2006, in the Usenet newsgroup alt.computer.security, in article

Quoted text here. Click to load it

Does the 'network administrator' have an account on your laptop?  Does
that person know the/a password to any account?

Quoted text here. Click to load it

As long as you are aware that all network traffic can be monitored.

Quoted text here. Click to load it

Two things.  First, do _ALL_ accounts on the laptop have "good" passwords?
By this I mean something that is not a word in any dictionary, has mixed
UPPER and lower case, at least one number, and one punctuation mark? Do
a google search for "CERT Advisory CA-2003-08" from March 2003, and see all
of the ineffectual passwords the 'deloder' worm was using to break into
computers world-wide.

Second - will anyone have unsupervised physical access to the computer?
With many computers, it takes only a few minutes to open the case, and
physically remove the hard disk - moving it to another computer where any
part of the disk can be copied to another location. The solution for that
is physical security, and an encrypted file system.

Passwords are the usual weak spot. All to many have no password, or something
absolutely any five year old can guess.  The problem with "good" passwords is
that they are harder to remember. A solution to that is to use FOR EXAMPLE
the first letter of each word of a phrase - perhaps from a song, or the
motto of your school, or similar. Thus, "Twinkle, twinkle, little star, how
I wonder what you are" can become 'Ttl*h1wwUr'  - except that I use this
example fairly often, and someone may guess it. So, use your own phrase.

Quoted text here. Click to load it

I don't, so pay attention to what the others have posted as well.

        Old guy

Re: Home network admin - can he browse my files?

myahact@yahoo.ca writes:
Quoted text here. Click to load it

You'll be a lot more at ease and informed if you download and run the
free microsoft baseline security analyzer which will help you verify
that you're locked down from a host security standpoint:


It will tell you good stuff like which accounts have blank or
short/weak passwords, admin shares open for viewing, whether you're
giving out too much NETBIOS info, and goodies like that.

Best Regards,
Todd H.
http://www.toddh.net /

Site Timeline