S 5.37 Restricting Peer-to-Peer functions when using WfW, Windows 95 or Windows NT in a server-supported network

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

If Windows for Workgroups, Windows 95 or Windows NT are used as the user interface in a server-supported LAN, alongside the server-supported network, a Peer-to-Peer network can be operated. This creates new communications possibilities apart from those provided in the client-server (CS) network. These are not logged on the server (CS).

With this kind of configuration, operating the two network structures in parallel is often not advisable as the required functionality can generally be provided by the server-supported LAN. Therefore, Peer-to-Peer functions should not be installed in a server-supported LAN. The administrator should, in individual cases, decide if certain connected WfW, Windows 95 and Windows NT computers should activatethe Peer-to-Peer functions "File sharing" and "Network-DDE-support". In some cases "Printer sharing" can be a sensible addition.

Under Windows NT only administrators can share resources for network access (by using File-manager or Explorer). Before sharing a resource, it should be examined whether the share is in accordance with the established security strategies (see also S 2.67 Determining a security strategy for the Peer-to-Peer network and S 2.91 Determining a security strategy for the Windows NT Client-Server-network).

Additional controls:

• Who decided whether Peer-to-Peer functions should be used in a server-supported network?