Re: Why not use NETBEUI on Windows XP ??
From: Steve Winograd [MVP] (winograd_at_pobox.com)
Date: 11/27/04
- Next message: Mauricio Freitas: "Re: ICS No go :-("
- Previous message: John John: "Re: Why not use NETBEUI on Windows XP ??"
- In reply to: ehgoodrich_at_hotmail.com: "Why not use NETBEUI on Windows XP ??"
- Next in thread: Jeff Cochran: "Re: Why not use NETBEUI on Windows XP ??"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 27 Nov 2004 12:41:12 -0700
In article <5cf0ce93.0411271052.104c04a1@posting.google.com>,
ehgoodrich@hotmail.com wrote:
>I've been googling for several hours now on this subject and can't
>find a thread that answers all my concerns in this area. NETBEUI
>seems to be a good solution for small office or home networks that
>want to share files/printers internally in addition to sharing an
>internet connection. Here are the pros and cons as I see them.
>
>PRO:
>
>It seems to me that NETBEUI offers an additional level of security for
>small networks connected to the internet, even those using a hardware
>router/firewall. Most people seem to agree that a protocol other than
>TCP/IP is recommended when all your computers have a separate external
>IP address (no NAT translation). However, even if you do have a NAT
>firewall, it seems to me that someone could format packets designed to
>access your internal IP addresses. If they were successful, and you
>are using TCP/IP for Microsoft Networking, they now have access to all
>your network resources. However, if you are using NETBEUI (or some
>other protocol) for Microsoft Networking, they have some additional
>work to do in order to get to those same resources.
>
>In addition, if you start messing with your firewall (opening ports,
>etc. as many gamers, VPN users, etc. must do), it is difficult to know
>exactly what security holes you have opened up. Again, if you're
>using NETBEUI for internal file/printer sharing, it's simple: your
>network resources are protected because Microsoft Networking is not
>bound to TCP/IP. (NOTE: I realize that if you open up a big enough
>hole in your firewall, someone could get onto one of your machines and
>reconfigure MS Networking to do whatever they wanted. However, I
>think most would agree this is more difficult than just getting past
>the firewall.)
>
>I also use a software firewall (NIS 2004) on my computers, especially
>my laptop that is frequently connected directly to the internet away
>from the house without any hardware router/firewall. In that program
>(and most other simple software firewalls), I have to put my local
>Microsoft Networked computers in a "Trusted Zone" to allow
>file/printer sharing over TCP/IP. I'm not sure (and have never gotten
>exact information from Symantec) what this does, but I have to assume
>the worst: there are NO firewall limitations AT ALL on communications
>between computers in the "Trusted Zone". This does not seem
>acceptable to me, since it is easy to invision a scenario whereby my
>daughter takes her laptop to school and picks up some malicious code
>and returns to my network, or a friend comes over with his infected
>wireless laptop and connects to my network to print something. In
>either case, if all computers in my local subnet are in my "Trusted
>Zone", the malicious code can spread throughout the network with no
>restrictions. HOWEVER, if I use NETBEUI for internal file/print
>sharing, I don't have to put ANYONE in the "Trusted Zone", and the
>same scenario would result in my NIS firewall (hopefully) raising a
>flag when the malicious code attempts to spread itself inside my home
>network.
>
>CON:
>
>Microsoft no longer "supports" NETBEUI... SO WHAT??!! Microsoft
>support has never been that great anyway for home users and
>furthermore, WHAT's to support? Whenever I have used NETBEUI in the
>past (since ~ 1996, when I began moving away from IPX/SPX), it has
>worked. (read "it has worked period"). It's trivial to install
>NETBEUI on XP from the Install Disk (or as someone pointed out, you
>can use the NETBEUI files from a W2K installation).
>
>So, please tell me why I shouldn't use NETBEUI to reduce my security
>concerns in this day when security is the single biggest problem
>computer users face??
>
>Please be specific: I've already seen too many general answers like:
>
>"too many protocols slows down your network" (I only want to use two)
>"NETBEUI is not supported" (see above)
>"NETBEUI causes problems, especially with XP" (Please give specific
>example)
>
>(Feel free to chime in here, Steve)
>
>Thanx for any comments,
>emmette
Your network setup sounds fine to me. You've done it right --
un-binding sharing from TCP/IP and installing the NetBEUI files from
the XP CD-ROM -- which can be hard for people with less technical
knowledge than you have.
What I've said repeatedly is that it's never necessary to use NetBEUI,
not that there's anything wrong with using it.
You make a good point about protecting LAN computers from an infected
machine that joins the local subnet. The Blaster worm and other
nasties can spread that way. Microsoft took that into account in
designing the Windows Firewall in XP Service Pack 2, where you can
enable selected exceptions in the firewall (e.g. File and Printer
Sharing) while blocking other types of communication (e.g. RPC) that
can spread worms.
-- Best Wishes, Steve Winograd, MS-MVP (Windows Networking) Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com
- Next message: Mauricio Freitas: "Re: ICS No go :-("
- Previous message: John John: "Re: Why not use NETBEUI on Windows XP ??"
- In reply to: ehgoodrich_at_hotmail.com: "Why not use NETBEUI on Windows XP ??"
- Next in thread: Jeff Cochran: "Re: Why not use NETBEUI on Windows XP ??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
