Re: XP networking without NetBIOS or Active Directory
From: v8625 (v8625_at_hotmail.com)
Date: 04/01/04
- Next message: Brandon McHenry: "Re: loss of connections"
- Previous message: Kelly: "2 separate network configurations"
- In reply to: Steven L Umbach: "Re: XP networking without NetBIOS or Active Directory"
- Next in thread: Steven L Umbach: "Re: XP networking without NetBIOS or Active Directory"
- Reply: Steven L Umbach: "Re: XP networking without NetBIOS or Active Directory"
- Messages sorted by: [ date ] [ thread ]
Date: 1 Apr 2004 10:54:46 -0800
I agree that firewall is the single most important issue in securing
(any) network. And I am working on that - besides software firewalls
on each machine, I am implementing a hardware firewall on gateway.
Currently looking for information on how to set up that without
wrecking havoc on the users - which ports to block, which ones to
allow, etc.
Your other point - from who am I going to secure the network by
disabling traffic on ports 135-139 internally - also made sense.
Especially considering that XP does not appear to have a capability to
password-protect a share - it's either open for sharing by literally
anyone or fully closed for everyone. Now this is a hard one. I was
hoping I would be able to control that.
Thanks for the useful links.
"Steven L Umbach" <n9rou@no-spam.ameritech.net> wrote in message news:<uCTsdd6FEHA.2980@TK2MSFTNGP09.phx.gbl>...
> You can disable nebios over tcp/ip if you do not have any applications that
> rely on it nor care to use My Network Places to browse for network
> resources. I am not sure how much it will secure your network and from who
> in your case. The biggest vulnerability to netbios is from the internet for
> which you are going to need a firewall anyhow. The firewall would be the
> biggest item to use to implement security followed by virus protection that
> also scans emails, keeping current with critical updates, and using complex
> passwords along with enabling auditing of logon events and having a password
> lockout policy. There is certainly much more you can do to secure your
> Windows machines beyond that, but that is a good start. Refer to the links
> below for more help on securing your XP/2003 computers. --- Steve
>
> http://www.microsoft.com/technet/security/topics/hardsys/tcg/tcgch00.mspx
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>
> "v8625" <v8625@hotmail.com> wrote in message
> news:7c6d0c8e.0403311943.5eecec1f@posting.google.com...
> > Need to network a few XP machines, Windows 2003 (standalone) server
> > and a Linux box (obviously needs Samba to talk to Windows). Setting up
> > Active Directory would require setting up a domain, a DNS server and
> > all that other good stuff that I am actually trying to avoid because
> > some of the machines, including Windows server, can be powered down at
> > times.
> > I would also like to keep things secure and block all NetBIOS traffic
> > on ports 135-139. Sufficient networking can be had with "NET USE" or
> > by running \\hostname\sharename in Windows Start>Run. I would still
> > keep port 445 for Samba.
> > 1. Does it make sense?
> > 2. Is there anything else I could do to improve
> > security/reliability/performance?
- Next message: Brandon McHenry: "Re: loss of connections"
- Previous message: Kelly: "2 separate network configurations"
- In reply to: Steven L Umbach: "Re: XP networking without NetBIOS or Active Directory"
- Next in thread: Steven L Umbach: "Re: XP networking without NetBIOS or Active Directory"
- Reply: Steven L Umbach: "Re: XP networking without NetBIOS or Active Directory"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
