<<i've heard that there are some default sharing folders in Windows 2000, XP like $C, $D, $ADMIN, $IPC. if i've just installed WINDOWS 2000 OS w/ default setting, how hacker can access my sharing folders and what hacker can do? >>
The main problem lies in using weak or no password. These are default administrative shares. If I can get to your machine I can attempt to connect to \\yourmachine\c$ at which point I would have to supply an administrative username and password. If you have blank passwords or use stuff like "password" or "123" as your password then odds are I can get in. Once I get in I would have access to anything that the administrator would have access to on that drive. A recent Internet worm (Deborm) used this method of attaching to hidden administrative shares using no or weak passwords. I believe there might be a way in the registry to remove the administrative shares altogether, but whether there is or isn't you need to make sure you have strong passwords for the administrator account and you should assign a strong password to the Guest account even if you keep the account disabled. Hope that helps- Tony Bradley, CISSP, MCSE2k, MCSA, MCP, A+ About.com Guide for Internet / Network Security http://netsecurity.about.com Click here to sign up for the weekly Internet / Network Security Newsletter: NetSecurity Newsletter --------------------------------------------------------------------------- ----------------------------------------------------------------------------