E
ehgoodrich
I've been googling for several hours now on this subject and can't
find a thread that answers all my concerns in this area. NETBEUI
seems to be a good solution for small office or home networks that
want to share files/printers internally in addition to sharing an
internet connection. Here are the pros and cons as I see them.
PRO:
It seems to me that NETBEUI offers an additional level of security for
small networks connected to the internet, even those using a hardware
router/firewall. Most people seem to agree that a protocol other than
TCP/IP is recommended when all your computers have a separate external
IP address (no NAT translation). However, even if you do have a NAT
firewall, it seems to me that someone could format packets designed to
access your internal IP addresses. If they were successful, and you
are using TCP/IP for Microsoft Networking, they now have access to all
your network resources. However, if you are using NETBEUI (or some
other protocol) for Microsoft Networking, they have some additional
work to do in order to get to those same resources.
In addition, if you start messing with your firewall (opening ports,
etc. as many gamers, VPN users, etc. must do), it is difficult to know
exactly what security holes you have opened up. Again, if you're
using NETBEUI for internal file/printer sharing, it's simple: your
network resources are protected because Microsoft Networking is not
bound to TCP/IP. (NOTE: I realize that if you open up a big enough
hole in your firewall, someone could get onto one of your machines and
reconfigure MS Networking to do whatever they wanted. However, I
think most would agree this is more difficult than just getting past
the firewall.)
I also use a software firewall (NIS 2004) on my computers, especially
my laptop that is frequently connected directly to the internet away
from the house without any hardware router/firewall. In that program
(and most other simple software firewalls), I have to put my local
Microsoft Networked computers in a "Trusted Zone" to allow
file/printer sharing over TCP/IP. I'm not sure (and have never gotten
exact information from Symantec) what this does, but I have to assume
the worst: there are NO firewall limitations AT ALL on communications
between computers in the "Trusted Zone". This does not seem
acceptable to me, since it is easy to invision a scenario whereby my
daughter takes her laptop to school and picks up some malicious code
and returns to my network, or a friend comes over with his infected
wireless laptop and connects to my network to print something. In
either case, if all computers in my local subnet are in my "Trusted
Zone", the malicious code can spread throughout the network with no
restrictions. HOWEVER, if I use NETBEUI for internal file/print
sharing, I don't have to put ANYONE in the "Trusted Zone", and the
same scenario would result in my NIS firewall (hopefully) raising a
flag when the malicious code attempts to spread itself inside my home
network.
CON:
Microsoft no longer "supports" NETBEUI... SO WHAT??!! Microsoft
support has never been that great anyway for home users and
furthermore, WHAT's to support? Whenever I have used NETBEUI in the
past (since ~ 1996, when I began moving away from IPX/SPX), it has
worked. (read "it has worked period"). It's trivial to install
NETBEUI on XP from the Install Disk (or as someone pointed out, you
can use the NETBEUI files from a W2K installation).
So, please tell me why I shouldn't use NETBEUI to reduce my security
concerns in this day when security is the single biggest problem
computer users face??
Please be specific: I've already seen too many general answers like:
"too many protocols slows down your network" (I only want to use two)
"NETBEUI is not supported" (see above)
"NETBEUI causes problems, especially with XP" (Please give specific
example)
(Feel free to chime in here, Steve)
Thanx for any comments,
emmette
find a thread that answers all my concerns in this area. NETBEUI
seems to be a good solution for small office or home networks that
want to share files/printers internally in addition to sharing an
internet connection. Here are the pros and cons as I see them.
PRO:
It seems to me that NETBEUI offers an additional level of security for
small networks connected to the internet, even those using a hardware
router/firewall. Most people seem to agree that a protocol other than
TCP/IP is recommended when all your computers have a separate external
IP address (no NAT translation). However, even if you do have a NAT
firewall, it seems to me that someone could format packets designed to
access your internal IP addresses. If they were successful, and you
are using TCP/IP for Microsoft Networking, they now have access to all
your network resources. However, if you are using NETBEUI (or some
other protocol) for Microsoft Networking, they have some additional
work to do in order to get to those same resources.
In addition, if you start messing with your firewall (opening ports,
etc. as many gamers, VPN users, etc. must do), it is difficult to know
exactly what security holes you have opened up. Again, if you're
using NETBEUI for internal file/printer sharing, it's simple: your
network resources are protected because Microsoft Networking is not
bound to TCP/IP. (NOTE: I realize that if you open up a big enough
hole in your firewall, someone could get onto one of your machines and
reconfigure MS Networking to do whatever they wanted. However, I
think most would agree this is more difficult than just getting past
the firewall.)
I also use a software firewall (NIS 2004) on my computers, especially
my laptop that is frequently connected directly to the internet away
from the house without any hardware router/firewall. In that program
(and most other simple software firewalls), I have to put my local
Microsoft Networked computers in a "Trusted Zone" to allow
file/printer sharing over TCP/IP. I'm not sure (and have never gotten
exact information from Symantec) what this does, but I have to assume
the worst: there are NO firewall limitations AT ALL on communications
between computers in the "Trusted Zone". This does not seem
acceptable to me, since it is easy to invision a scenario whereby my
daughter takes her laptop to school and picks up some malicious code
and returns to my network, or a friend comes over with his infected
wireless laptop and connects to my network to print something. In
either case, if all computers in my local subnet are in my "Trusted
Zone", the malicious code can spread throughout the network with no
restrictions. HOWEVER, if I use NETBEUI for internal file/print
sharing, I don't have to put ANYONE in the "Trusted Zone", and the
same scenario would result in my NIS firewall (hopefully) raising a
flag when the malicious code attempts to spread itself inside my home
network.
CON:
Microsoft no longer "supports" NETBEUI... SO WHAT??!! Microsoft
support has never been that great anyway for home users and
furthermore, WHAT's to support? Whenever I have used NETBEUI in the
past (since ~ 1996, when I began moving away from IPX/SPX), it has
worked. (read "it has worked period"). It's trivial to install
NETBEUI on XP from the Install Disk (or as someone pointed out, you
can use the NETBEUI files from a W2K installation).
So, please tell me why I shouldn't use NETBEUI to reduce my security
concerns in this day when security is the single biggest problem
computer users face??
Please be specific: I've already seen too many general answers like:
"too many protocols slows down your network" (I only want to use two)
"NETBEUI is not supported" (see above)
"NETBEUI causes problems, especially with XP" (Please give specific
example)
(Feel free to chime in here, Steve)
Thanx for any comments,
emmette