Packet routing and local network security: TCP/IP vs. NetBEUI

P

Paul

I've heard NetBEUI described as an "unroutable" network protocol where
supposedly machines on a local network using NetBEUI cannot talk to
the Internet by any means, but machines using TCP/IP can.

Suppose I have a local network of 4 machines. I want all 4 to be able
to talk to each other, but I only want 2 of them to talk to the
Internet. The reason to keep 2 machines from talking to the Internet
is I'm hoping this will prevent anyone from breaking into those 2
regardless what new Windows security bugs may be found.

The local network of 4 machines goes through a network switch to the
router which goes to the cable modem to the Internet. I always un-bind
TCP/IP from File and Printer Sharing under Windows 2000 and only use
NetBEUI for that service, but I leave both TCP/IP and NetBEUI bound to
the NIC adapter. If I un-bind TCP/IP from the NIC of the 2 machines I
want isolated, they can no longer talk to the Internet but they can
talk to the other 3 machines on the local network. On the surface this
appears to do what I want, but I'm wonder how secure it really is.

Question #1: Are my 2 machines with only NetBEUI bound to the NIC 100%
secure from any outside attacks since NetBEUI is unroutable and data
to/from these 2 machines cannot go outside my local network?

I know that routers are supposed to provide some firewall protection,
but that assumes the firmware does not have backdoors in it.

Question 2: Is the average router (mine is a Linksys BEFSR11) capable
of intercepting NetBEUI packets and translating them into TCP/IP to go
over the network or do routers by definition only handle TCP/IP?
 
S

Steven L Umbach

While your setup would work keep in mind that any compromised machine on
your network could potentionaly then compromise another machine on the
network that it can communicate with via a common protocol and the "router"
will ignore or drop netbeui unless it is encapsulated in a vpn tunnel in
which case it would not even know about it. Hardened and patched macines
with strong passwords are still extremely important in protecting your
network. Unless you have port forwarding open to your internal network it is
extremely unlikely that anyone is going to get into your network even with a
nat router, though I prefer a true SPI device such as the affordable Negear
proSafe line. By far the greatest risk to most small networks that do not
offer services to the internet would be email attachements which need a
quality up to date antivirus proram to scan all emails. The other threat is
unsafe internet browsing practices and installing junk software on the
computer from kazzaa and the likes. See the link below on how to harden your
Internet Explorer settings. --- Steve

http://www.mvps.org/winhelp2002/unwanted.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

TCP/IP slower than NetBEUI...? 6
networking XP Pro/SP2 and NT 4.0 via NetBEUI 4
TCP/IP & NetBEUI Problems 2
unable to home network Vista & XP using NetBEUI as only bound prot 5
Networking mixed W2K and XP 2
ICS b/w 2 win2k pros, while one is part of a domain? 5
NT4 on a 2000 Domain 6
NetBEUI network-can't 'see' other Workgroup PCs, but Search finds 7

Top