Microsoft KB Archive/925077
Article ID: 925077
Article Last Modified on 11/21/2006
This article describes some best practices and security issues to consider when you configure FolderShare on a network.
FolderShare is a Windows Live service and an add-in for Microsoft Desktop Search. If you use FolderShare incorrectly, you might unintentionally disclose information on a network.
FolderShare is a free Microsoft program. FolderShare keeps files synchronized, lets you share files with friends and colleagues, and lets you remotely download files through any Web browser. However, FolderShare could enable remote access to files that are stored on Microsoft Windows-based computers and on Mac OS X-based computers.
FolderShare eases the burden of working remotely by letting you access particular files from anywhere in the world. FolderShare also provides a simpler method by which to share large files with other parties. Because FolderShare lets you share large files instantly, you no longer have to send large files as e-mail attachments, to burn them to CD or DVD and then mail the disc, or to upload these files to a Web site.
FolderShare lets you create a private peer-to-peer network that, in turn, lets you synchronize files across multiple devices. By this method, you can access or share files with colleagues and friends.
For more information about FolderShare, visit the following Web site:
The following best practices address the security considerations of system administrators who have FolderShare installed on their networks:
- If your organization has egress filters enabled on a firewall, you can effectively block outgoing traffic to FolderShare. To permanently block the FolderShare satellite from running in a particular environment, block access to the following host name on port TCP/443:
- Use ingress and egress filters on your firewalls and proxy servers to block incoming and outgoing connections. You can also enforce software restriction policies through the Active Directory directory service to prevent FolderShare from running.
- Use other security controls to deny egress of data from workstations. For example, a user must decide which folders to share. If a user does not understand the implications of explicitly sharing information that might be sensitive, revisit your organization's user education and security policies to raise user awareness.
- Make sure that your organization's user education and security policies are updated to explicitly warn users against installing unapproved peer-to-peer software.
Keywords: kbsecurity kbhowto kbinfo KB925077