Open Shares not acceptable on Cornell networks

Cornell's IT Security Office will restrict the network access of any computer on our networks that is found to be running an open share -- a folder where anyone on the network can add, delete or change files, without needing a username and password.

In today's hostile Internet, an open share -- like any other major vulnerability -- is guaranteed to be exploited by a worm or some other intrusion. Open shares are a door into taking control of your computer, potentially allowing it to be used for disruptive or illegal purposes as well as for stealing your own private or personal information. You can be held liable for any improper activity on the system, including its use for illegal file sharing (copyright violations), even when it was being exploited without your knowledge or consent. Compromised systems also present a threat to other people on the network.

This is most commonly a problem with some versions of Microsoft Windows that ship with an open folder called Shared Documents. In this context, you may see reference to a writable NetBIOS or SMB share.

If you need to set up a directory where other people can both copy and add files, it has to be protected with a username and password. The better practice is to give each individual who should have access his or her own unique identity. Consider, as well, whether your needs couldn't be met by setting a folder with read-only privileges, so that others can retrieve copies of files you want to share but not add their own or make other changes on your system.