Networking XP Home & Win2K Pro

[owensdj]

I couldn't get file and print sharing going between a machine runing Windows 2000 Professional and a machine running Windows XP Home using the NetBEUI protocol. If I used TCP/IP, the two computers could see each other and I could access shares on the Win2K Pro machine. When I went to NetBEUI for the NetBIOS networking, a NET VIEW \\[other computer name] command would say that the network path could not be found. These computers are connected to the Internet through a cable modem, so I want to use NetBEUI to avoid exposing NetBIOS(port 139) to the Internet. Any ideas why I couldn't get file and print sharing working using NetBEUI? Both computers had the same Workgroup name and different computer names.

 

[owensdj]

Wow nobody knows?

 

[Netman38]

To share resources from within Windows 2000/XP, you need to create user accounts on the other computer so you can access it's resources. It may also have something to do with having Windows XP home addition. I have Windows XP pro ad have no problems accessing files on my Win2000 box and vise a versa. Also, make sure that you disable any adaptors that you are not using. I had this problem when trying to use IPX/SPX for gaming. It didn't work until I disabled the adaptor that I wasn't using. If you want to have access to the Internet then you will need TCP/IP anyway, because NETBEUI is a non-routable protocol. Get rid of the NETBEUI and go with TCP/IP. NETBEUI is much more of a security risk than TCP/IP, also XP has a built in firewall, as well as the router firewall.

 

[Strych9]

<< NETBEUI is much more of a security risk than TCP/IP >>

How so?

 

[ktwebb]

"NETBEUI is much more of a security risk than TCP/IP"

The opposite it true. IP is much less secure since it is routable. NetBEUI is resricted to the local network.

 

[Netman38]

Let me try and clarify on the NetBEUI security issue.

Each network interface card (NIC) has protocols bound to it in Windows. By default, all installed protocols, such as TCP/IP, are bound to all NICs. It is unnecessary, even dangerous, to have NetBEUI/NetBIOS bound to the Internet interface. This protocol is used by Windows to aid in file and print sharing, among other things.

To disable unnecessary protocols on the external interface run the Network applet from Control Panel. The specific steps vary depending on the operating system, but for Windows 95, double click the external NIC and on the Bindings tab uncheck any protocols you wish to unbind. Typically, the only protocol you should need bound to the Internet interface is TCP/IP.

 

[Strych9]

NetBEUI is non-routable and therefore not the risk you claim it to be. When using NetBEUI you also unbind TCP/IP from File/Print Sharing and Client for MS Networks further securing your internal LAN from the internet. I'm afraid your argument is not making much sense to me. If set up right using NetBEUI is no less secure than TCP/IP. In fact quite the opposite.

 

[Mucman]

I too believe NetBEUI is more secure since it is not routable. On all my computers I have TCP/IP bound to nothing while NetBEUI is bound to Client for MS Networks and File and Printer Sharing.

 

[Netman38]

You guys just don't understand.

Simply put, NetBIOS on your LAN is great. NetBIOS on your WAN (or across your Internet connection), however, is a security risk of incredible proportions. All sorts of information, such as your domain, workgroup and system names, as well as account information can be obtained via NetBIOS. Thus, it is in your best interests to ensure that it does not leave your network.

If you are using a router as your Internet gateway, you will want to ensure that it does not allow in or outbound traffic via TCP ports 135-139.

If you are using a multi-homed machine (multiple network cards), you should disable NetBIOS on every NIC that is not part of your internal network.

The risk is increased even further when NetBEUI is installed. Because NetBEUI runs independently of TCP/IP, the remote computers don't need to have an IP address in the user's private IP range. As a matter of fact, the remote computer does not need an IP address at all. All that's required is a physical connection to the segment where the user's network is residing. All a potential intruder has to do is browse the network in Network Neighborhood. Because NetBEUI runs independently of TCP/IP, a firewall will not be able to block it.

I for one, prefer to use firewalls (routers) and shared password on all my network shares using NTFS. I guess that one can argue that NetBEUI can add some security, but if someone gest into your LAN through a port, your screwed. This is exactly what they taught me in my college Network security class (Cisco).

 

[realcoffee]

Can you post a link Netman 38 about this info from cisco? let us know. please