GottaBeSecure: File Sharing Security Pitfalls
If you’re a mobile PC user, you probably have a network at home. Maybe you only have one other computer connected to your home network (or maybe you have 5 more, like me), but you’d probably like to be able to share information between your various computers (for instance, sharing MP3 music files from your desktop to your tablet PC). A common way to accomplish the task is to enable file sharing. Both Windows and Mac make it easy to access files on one computer from another using their own flavor of file sharing. The catch, for the mobile user especially, is setting up file sharing securely.
In the late 90’s hackers developed and released various scanning tools to help them find computers connected to the Internet with file sharing enabled. If the detected file shares were not password protected (called “open files shares”), the hacker tool could automatically access the files and, in some cases, change or delete them. Imagine a complete stranger getting access to your TurboTax or Quicken files! Even if the file share had a password, there was a chance the password could be guessed using an automated tool that attempted common username / password pairs (thousands of attempts per hour are possible this way since computers don’t lock out after unsuccessful file share access attempts). This kind of hacker activity largely ceased after most home users began connecting their computers to the Internet through firewall routers, which filter out unsolicited scanning attempts and many hacker attacks (most Internet service providers now issue cable/DSL modems that act as firewalls).
Enter the new age of mobile computing and wireless…the old hacker practice of scanning for file shares is now alive and well again in coffee shops, hotel networks, and airports. Why has it come back? Because many mobile users aren’t security-conscious. Many of us take security shortcuts on our home network because we feel safe behind our SOHO router/firewalls. We create file shares without any passwords to make it easy to move files from computer to computer on our home networks. The trouble comes when we take our ultra-mobile or tablet PC (with those unprotected file shares) out of the home network and connect at the coffee shop, hotel, or airport. At that point, we’re on a public network with potentially unscrupulous people that can scan, find, and access our personal files.
So what can a security-conscious mobile user do? Here are three tips to ward off file scanning hackers:
1. Enable your personal firewall and make sure (make sure “File and Printer Sharing” is not checked in the list of exceptions)
2. Make one of your desktop computers into a file server on your home network, not one of your mobile computing platforms (better yet, get a network attached storage (NAS) device that always stays inside your home network)
3. Turn off your wireless and/or Bluetooth adapter when not in use (I met one security consultant that bragged to me about how many MP3 files he was able to steal via wifi and open file shares on a typical airline flight…)
Remember, when you’re mobile, you’re on the cutting edge of technology. Don’t forget, though, it’s dangerous out on the edge–public networks (whether wifi or wired) are not as safe as your home network–take steps to make sure you’re computing securely (see my series WiFi and the Rookie).