Shared Windows Folders & Public Networks: Security Risks

TL;DR

Yes, sharing a Windows folder on a public network is risky. Attackers can potentially access your files and even control your computer. It’s best to avoid this if possible. If you must share, use strong passwords, limit permissions, and consider alternatives like cloud storage.

Understanding the Risks

When you share a folder on a network, you’re allowing other computers (and their users) access to files within that folder. A public network means anyone connected to that network could potentially see and interact with your shared folders if they know how.

• Malware: Attackers can install malicious software on your computer through the shared folder.
• Data Theft: Sensitive files (documents, photos, etc.) can be copied without your knowledge.
• Ransomware: Your files could be encrypted and held for ransom.
• Full System Control: In some cases, an attacker might gain complete control of your computer.

How to Check if You Have Shared Folders

1. Open File Explorer: Press the Windows key + E.
2. Right-click on a folder: Choose ‘Properties’.
3. Go to the ‘Sharing’ tab: This will show you if the folder is shared and with whom.
4. Advanced Sharing: Click ‘Advanced Sharing…’ for more details about permissions.

Steps to Secure (or Remove) Shared Folders

1. Remove Unnecessary Shares: If you don’t need a folder shared, stop sharing it immediately.
   • In the ‘Sharing’ tab of the folder properties, click ‘Stop Sharing’.
2. Limit Permissions: Only grant access to people who absolutely need it. Avoid giving ‘Everyone’ read/write access.
   • In ‘Advanced Sharing’, click ‘Permissions’.
   • Remove the ‘Everyone’ group if present.
   • Add specific user accounts and assign appropriate permissions (Read, Change, Full Control). Be cautious with ‘Full Control’.
3. Use Strong Passwords: If password protection is enabled for a share, use a strong, unique password.
   • In ‘Advanced Sharing’, ensure ‘Share this folder’ is checked.
   • Click ‘Permissions’.
   • If prompted, set a password for access.
4. Network Discovery & File and Printer Sharing: Turn these off when on public networks.
   • Open ‘Control Panel’ > ‘Network and Internet’ > ‘Network and Sharing Center’.
   • Click ‘Change advanced sharing settings’.
   • For the current profile (likely ‘Public’), select ‘Turn off network discovery’.
   • Select ‘Turn off file and printer sharing’.
   • Save changes.
5. Firewall: Ensure your Windows Firewall is enabled.
   • Search for ‘Windows Defender Firewall’ in the Start menu.
   • Check that the firewall is turned on for both private and public networks.
6. Consider Alternatives: Use cloud storage services (like OneDrive, Google Drive, Dropbox) or a USB drive instead of sharing folders over a network.

Checking Network Profile

Make sure Windows correctly identifies the network as ‘Public’. Sometimes it might incorrectly label a public network as ‘Private’, reducing security.

1. Open ‘Settings’ > ‘Network & Internet’ > ‘Ethernet’ (or Wi-Fi if connected wirelessly).
2. Click on your active connection.
3. Under ‘Network profile’, verify it says ‘Public’. If not, change it to ‘Public’.

Command Line Check (Advanced)

You can use the command line to view shared resources.

net share

This will list all currently active shares on your computer. Review this output carefully and remove any unnecessary or insecure shares.