Sharing Files Over a Network
In Windows XP and Windows 2000, any user who is a member of the Administrators or Power Users group can designate a folder for shared access. (Limited users cannot create a shared folder.) Sharing a folder has no effect on users who log on to the computer locally; it affects only users who want to access data over the network.

Understanding the basics of shared folders is essential to maintaining the security of shared files:

When you share a folder, all files in that folder are available to network users with the appropriate permissions. You cannot selectively share individual files within a folder.
In Windows XP and Windows 2000, you can designate a shared folder as read-only, or you can give network users permission to change files in the shared folder.
You cannot assign a password to a shared folder (as you can in Windows 95/98 or Windows Me). You can, however, specify that some folders allow only read access, while others allow full access.
By default, Windows 2000 grants the Everyone group full access to a shared folder. You can change these permissions so that different users and groups have different levels of access (Full Control, Change, or Read) from the network.
If files in a shared folder are secured with NTFS permissions, those permissions apply to anyone accessing the files over the network. Thus, even when permissions on a shared folder allow the Everyone group full access over the network, you can still lock out unauthorized users and groups by selectively applying NTFS permissions to files or to the folder itself.
When you use Simple File Sharing, Windows XP authenticates all access to shared folders using the Guest account. As a result, any shared folder is accessible to any user who can reach it over the network. This can cause an unacceptable security risk if a folder you want to share holds sensitive files. In that case, you must disable Simple File Sharing and use the Windows 2000-style sharing interface instead. The option to disable Simple File Sharing is not available with Windows XP Home Edition.
For more details about sharing folders over a network, see Restricting Network Access to Files and Folders.

Encryption Options
On drives that use the NTFS file system, you can significantly increase the security of individual files and entire folders by encrypting those files. When you do so, Windows uses your public encryption key to encrypt the files so that they can be unlocked only by your private key, which is available only when you log on to your user account. The protection offered by the encrypting file system is essentially uncrackable. Even if intruders can gain access to the files, they will not be able to decrypt the data without your private encryption key, which is separate from your password. To an intruder, the encrypted files look like random combinations of letters and numbers and are literally unreadable. That's good news if you're trying to protect files from prying eyes. It's very bad news, however, if you lose the encryption key. If you plan to use NTFS encryption, be sure to read Before You Begin: Learn the Dangers of EFS.

Libellés : Files, Network, Sharing