When it comes to network security, peer-to-peer networks present a special challenge. That’s because peer-to-peer networks are insecure by their very nature. However, if you need to secure resources on a peer-to-peer network, all is not lost. You can use some techniques to implement a degree of security on a peer-to-peer network. In this Daily Drill Down, I’ll discuss several techniques that you can use to enhance your network’s security.
Understanding peer-to-peer networks
Before you can even begin to discuss security in a peer-to-peer environment, it’s necessary to have a good understanding of peer-to-peer networking. For example, you need to know what security features exist in normal (client/server) networks, but not in peer-to-peer networks. Likewise, you need to understand the limitations of peer-to-peer networks. In case you’re unfamiliar with these differences, let’s briefly discuss them. I’ll begin by talking about what makes up a network and work from there.
Any computer network consists of a minimum of a couple of workstations, at least one shared resource, and a medium by which to connect the computers (usually Ethernet or token ring cable). Some types of networks, called client/server networks, also use a server. In a pure client/server network, all the shared resources exist solely on the server. For example, suppose you have a database that needs to be accessible from several workstations. If you’re running a pure client/server environment, that database would exist on a server.
Likewise, in a client/server environment, the server is responsible for all the security surrounding that shared resource. Suppose you have a database like the one I discussed earlier. Now, suppose you want Billy to have full access to the database but you want to make sure that Bob can’t touch it. In a client/server environment, you could accomplish this by setting the appropriate permissions on the database based on login name. For example, if a user with the login name Billy tried to access the database, the database would be accessible, while a user logged in as Bob wouldn’t be able to access the database because of the restrictions imposed on the database by the server’s administrator.
A peer-to-peer network works completely differently. While a client/server network is designed to support anywhere from medium-sized organizations to global organizations, a peer-to-peer network is intended for very small organizations or for a closely working group of people within a larger organization. Although the number of clients that can participate in a peer-to-peer network has no firm limit, the practical limit is 10. Once a peer-to-peer network grows beyond 10 computers, it will likely begin to suffer from performance and from administrative problems. This is because a peer-to-peer network is designed to be the simplest form of network. There’s no centralized server controlling access to shared resources. Instead, the resources reside on the local machines.
Each user is responsible for controlling access to the resources that reside on his or her own computer. Let’s suppose Billy, Jeremy, and Kendall all have computers on a peer-to-peer network. If Billy needed to check out something of Kendall’s, Kendall would have to make it available to him. Only then could Billy access resources on Kendall’s machine. Likewise, Jeremy could also make the resources on his machine available to Billy. As you can see, in a peer-to-peer network, there’s no real security, because each user decides what he or she wants to make available—and to whom.
Now that you understand a little bit about the differences between a client/server and a peer-to-peer network, let’s discuss the basic security mechanisms that are in place in a peer-to-peer environment. Because Windows 98 is the operating system that’s most commonly used for peer-to-peer networks, I’ll use Windows 98 as our network operating system for the duration of this Daily Drill Down unless otherwise stated.
In a Windows 98 environment, resources on a peer-to-peer network are made available through a share point. A share point is a name that users can use to access shared resources either through a universal naming convention or through Network Neighborhood.
For example, to share a resource, begin by going into Control Panel and double-clicking the Network icon. When you do, you’ll see the Network Properties sheet. Next, click the File And Print Sharing button to open the File And Print Sharing dialog box. Now, select the I Want To Be Able To Give Others Access To My Files and the I Want To Be Able To Allow Others To Print To My Printer check boxes and click OK. Click OK again to close the Network Properties sheet. Windows 98 will copy a few files and ask you to reboot your computer.
When the system reboots, you can begin creating shares. To do so, open My Computer and select a folder that you’d like to share. Right-click on the folder and select the Sharing command from the context menu. When you do, you’ll see the Sharing tab of the folder’s properties sheet. Next, click the Share As radio button. You must now enter a name for the share. This entry is the same name that will appear in Network Neighborhood when you double-click on the computer. You can also enter an optional comment to help you remember the purpose of the share.
Next, you must decide what type of access that others need to the share. You can grant either read-only access or full access. Naturally, some people may need to have read-only permissions while you want others to have full access. If this is the case, select the Depends On Password radio button.
The final section that you must complete is the password section. You don’t have to enter a password if everyone on your network needs access to the share. However, if you have people you want to keep out or you’re using a mixture of permissions, you’ll want to enter a password. You can specify one password for read-only permissions and another for full access. Now, when users try to access the folder from across the network, they will be prompted for a password (assuming that you assigned one). The network doesn’t care who the user is. If the user knows the password to the share, he or she will get the level of access that corresponds to that password.
Because this is a peer-to-peer environment, the network has no way of checking login names to see whether the user has permission to access the share. As you can see, peer-to-peer networks are very insecure, because if a password gets out, there’s no protection for your share. I should also mention that if any user were to sit down at your local machine, he or she would have full permissions regardless of how the user was logged on. Windows will never prompt that user for a password if he or she tries to access a shared folder locally.
Using strategic shares
Now that you know how shares work, you need a strategy for setting up a share. This is because each share functions independently of all other shares. You should also know that if you share a folder, any subfolders below that folder are automatically shared as a result. For example, suppose you have the following directory structure:
Now suppose you give a user read-only access to the FINANCE share but full control of the DEPARTMENTS share. If the user tries to access the data through the DEPARTMENTS share, she will have full control to that folder and all subfolders, including FINANCE. This is because the DEPARTMENTS share doesn’t even know that the FINANCE share exists, much less that the user has fewer rights to that share. Therefore, if the same user tries to access the same finance information through the FINANCE share, she will have the read-only permissions that were originally intended for the share. The lesson here is to beware of overlapping shares and the security holes that they open up.
Borrow someone else’s security
As you can see, you have options for improving security, but peer-to-peer networks are still very insecure. One way of making a peer-to-peer network more secure is to create a hybrid network. Suppose for a moment that you operate a small peer-to-peer network in the basement of a large office building. Now suppose that in the office above you, another company is running a client/server network. If this is the case and you have a good relationship with a key executive at the other office, you may be able to talk the company into creating a security account for each of your users on its server. These security accounts need absolutely no permissions other than to be allowed to log in to the domain. Once you have these accounts, you can run a network cable between the two offices and join the two networks.
After the two networks have been joined, go back into Control Panel’s Network applet and select the Access Control tab from the Network Properties sheet. The Access Control tab controls the type of access that applies to the various shares on the system. By default, the access type is set to Share Level Access, which allows you to protect resources by password. Once the networks have been joined, you can select User Level Access. Next, enter the name of the domain that contains your login accounts and click OK. You’ll now see a warning that indicates you’ll have to redo all your shares if you continue. Click OK to acknowledge the warning, and click OK again to close the Network Properties sheet. Windows 98 will now copy a few files and ask you to reboot the system.
As the warning indicated, once the computer reboots, you’ll have to set up your shares again. This time, however, instead of setting up a password for each share, you can actually choose which users you want to have access to the share by selecting their login names from a list. As before, you can assign some users read-only permissions while others have full access.
Use hidden shares
If you have a shared resource that really needs protecting but you can’t join your network to a Windows NT domain in the manner described in the last section, you might consider using a hidden share. A hidden share is invisible from Network Neighborhood and Windows Explorer. A hidden share is accessible only by mapping a drive letter to it or by calling it via its universal naming convention. To hide a share, simply add a dollar sign to the end of the share name.
For example, suppose you have a share called GOODSTUFF that you want to hide on a computer named PC3. You could change the share name to GOODSTUFF$ to do so. Once you’ve hidden the share, it will be invisible to the other computers. It’s accessible only if you know the share name. For instance, to access the GOODSTUFF$ share, you might enter a command such as
NET USE Q: \\PC3\GOODSTUFF$
This command would map the drive letter Q to the hidden share. You could also access the share by opening Internet Explorer and entering
in the address bar.
A word about cached passwords
Suppose you routinely access a large number of password-protected shares on your network. Depending on several factors, Windows may offer to save your passwords so that you don’t have to type them each time. If you choose to allow Windows to save passwords, it will save them in the .pwl file in the Windows directory that corresponds with your login name.
For example, such a file might have a name like C:\Windows\Brien.pwl. I recommend not using cached passwords if you’re concerned about security. If someone were to figure out your main password (the one you enter with your login name), that person would have instant access to any network shares that you have access to as long as the individual is logged in from your machine. If hackers wanted to mess with some data without being at your machine, all they would need is a copy of your .pwl file. If you have your entire C drive shared, someone could even copy this file from across the network without you ever knowing the difference. Once they have a copy of your .pwl file, there are utilities available on the Internet that can extract the passwords from it.
Of course, if hackers already know your master password, they would only have to copy the .pwl file to the Windows directory on their own machine and log in as you to gain access to any share that you have access to.
Windows NT, the secure choice
I mentioned earlier that if someone were to sit down at your local machine, he or she could access any files on the machine without a password. If this concerns you, you might consider upgrading to Windows NT Workstation or to Windows 2000 Professional. These operating systems are fully capable of running in a peer-to-peer environment, but they offer much tighter security than Windows 98 does. For starters, these operating systems require a password before you can do anything. Furthermore, if the hard disk is set up to use NTFS partitions, you can even restrict local access to files based on username. This is possible because Windows NT and Windows 2000 both contain internal security mechanisms that are much more advanced than those included in Windows 98.
Brien M. Posey is an MCSE who works as a freelance technical writer and as a network engineer for the Department of Defense. If you’d like to contact Brien, send him an e-mail. (Because of the large volume of e-mail he receives, it's impossible for him to respond to every message. However, he does read them all.)The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.