From: RB on
Running XP Pro sp3
Peer to Peer (no server software) Lan with password logon enabled,
Client for MS Networks and File & Print Sharing, all nodes are in the
same named Workgroup, running a NAT firewall enabled Linksys router
out connected to cable modem and all nodes connected into router either
by hard wire ethernet or wireless (wireless running TKIP encryption (WPA))

I have two questions: (subject may be because of dated material I'm reading)
1. One some of the text I'm reading shows screens of Network Bindings to all services
But in my properties of network connections I cannot find any such screen,
the nearest I can come to it is the Enable or Disable Netbios over TCP/IP, but
this does not give binging or unbinding for any of the services running ?
Where can I get to this ?
2. I've read that Netbios is a security issue over TCP since it could allow inside
Lan stuff to outside. Has Netbios been upgraded to alleviate this or is installing
Netbeui a more secure solution since I need local Lan sharing of some folders.



From: David H. Lipman on
From: "RB" <NoMail(a)NoSpam>

| Running XP Pro sp3
| Peer to Peer (no server software) Lan with password logon enabled,
| Client for MS Networks and File & Print Sharing, all nodes are in the
| same named Workgroup, running a NAT firewall enabled Linksys router
| out connected to cable modem and all nodes connected into router either
| by hard wire ethernet or wireless (wireless running TKIP encryption (WPA))

| I have two questions: (subject may be because of dated material I'm reading)
| 1. One some of the text I'm reading shows screens of Network Bindings to all services
| But in my properties of network connections I cannot find any such screen,
| the nearest I can come to it is the Enable or Disable Netbios over TCP/IP, but
| this does not give binging or unbinding for any of the services running ?
| Where can I get to this ?
| 2. I've read that Netbios is a security issue over TCP since it could allow inside
| Lan stuff to outside. Has Netbios been upgraded to alleviate this or is installing
| Netbeui a more secure solution since I need local Lan sharing of some folders.

If you are worried, specifically block TCP and UDP port 135 ~ 138 and 445 on the Linksys
Router.

This way no NetBIOS over IP can leak out to the Internet and no hacker from the Internet
can access via these ports.

Use a PreShared authentication key for WireLess that is long and strong in conjunction
with AES encryption and you may want to use MAC Authentication as well.

Also disable all remote management protocols to the Router (that is POV of the WAN side)
and disable WAN ICMP and UDP traceroute capabilities.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Lem on
RB wrote:
> Running XP Pro sp3
> Peer to Peer (no server software) Lan with password logon enabled,
> Client for MS Networks and File & Print Sharing, all nodes are in the
> same named Workgroup, running a NAT firewall enabled Linksys router
> out connected to cable modem and all nodes connected into router either
> by hard wire ethernet or wireless (wireless running TKIP encryption (WPA))
>
> I have two questions: (subject may be because of dated material I'm reading)
> 1. One some of the text I'm reading shows screens of Network Bindings to all services
> But in my properties of network connections I cannot find any such screen,
> the nearest I can come to it is the Enable or Disable Netbios over TCP/IP, but
> this does not give binging or unbinding for any of the services running ?
> Where can I get to this ?
> 2. I've read that Netbios is a security issue over TCP since it could allow inside
> Lan stuff to outside. Has Netbios been upgraded to alleviate this or is installing
> Netbeui a more secure solution since I need local Lan sharing of some folders.
>
>
>

A few minor points to add to David's good advice.

- It sounds as if you've been reading Steve Gibson's advice at
www.grc.com. That is pretty dated - it's for NT/4 and there have been
quite a few changes since then.

- As David suggests, change your encryption from WPA-TKIP to WPA-AES. If
you have properly updated Windows XP and your wireless hardware is less
than 7 years old or so, it probably will support AES.

- With respect to NetBIOS over TCP/IP, start reading here:
http://networking.nitecruzr.net/2006/04/netbios-over-tcpip.html

--
Lem

Apollo 11 - 40 years ago:
http://www.nasa.gov/mission_pages/apollo/40th/index.html
From: Andy Medina on
Specifically what are you reading that shows "screens of Network Bindings to
all services"? If we can view it we will be better able to answer that
question. I would guess it's probably a NT thing.

Any NAT router's firewall worth it's salt will block the NetBIOS/TCP (and
SMB) ports between the LAN and WAN segments so NetBIOS/TCP (and SMB) traffic
will stay within the LAN. I usually turn off NetBIOS/TCP on a laptop's
wireless connection since they connect to various LANs when they go mobile.
NetBIOS/TCP makes the machines visible in My Network Places. But SMB can
still get to machines on the LAN unless the File and Printer sharing
exception is turned off in the XP firewall. All the above will be mote
unless the wireless is secured since wireless connections are on the LAN
side. You have that covered with the WPA, but WPA2 would be better.

I was at a hotel once where the hotel's *business* machines showed up on the
hotel guest's LAN. Boy were they surprised (and VERY concerned) when I told
them about it. I don't think they will have the same geek wanna-bes working
on their networks anymore. :D

"RB" <NoMail(a)NoSpam> wrote in message
news:%23MQO2fhvKHA.812(a)TK2MSFTNGP06.phx.gbl...
> Running XP Pro sp3
> Peer to Peer (no server software) Lan with password logon enabled,
> Client for MS Networks and File & Print Sharing, all nodes are in the
> same named Workgroup, running a NAT firewall enabled Linksys router
> out connected to cable modem and all nodes connected into router either
> by hard wire ethernet or wireless (wireless running TKIP encryption (WPA))
>
> I have two questions: (subject may be because of dated material I'm
> reading)
> 1. One some of the text I'm reading shows screens of Network Bindings to
> all services
> But in my properties of network connections I cannot find any such
> screen,
> the nearest I can come to it is the Enable or Disable Netbios over
> TCP/IP, but
> this does not give binging or unbinding for any of the services running
> ?
> Where can I get to this ?
> 2. I've read that Netbios is a security issue over TCP since it could
> allow inside
> Lan stuff to outside. Has Netbios been upgraded to alleviate this or is
> installing
> Netbeui a more secure solution since I need local Lan sharing of some
> folders.
>
>
>

From: RB on

> If you are worried, specifically block TCP and UDP port 135 ~ 138 and 445
>on the Linksys Router.
> This way no NetBIOS over IP can leak out to the Internet and no hacker from the Internet
> can access via these ports.

Ok, it there some app or some way I can tell if any of my apps use these ports ?

> Use a PreShared authentication key for WireLess that is long and strong in conjunction
> with AES encryption and you may want to use MAC Authentication as well.

Ok, my router does support this so I could make the switch, I wondering if I keep the
same generated key could I just switch in the router without having to reconfigure all
the laptops.

> Also disable all remote management protocols to the Router (that is POV of the WAN side)
> and disable WAN ICMP and UDP traceroute capabilities.

I'm pretty sure I already have this set. Would I have to change anything if say a Tech support
(at my clicked authorization) needed to take over my PC for configurations or is that a
different thing ?


 |  Next  |  Last
Pages: 1 2 3 4 5 6 7 8
Prev: WAN connection
Next: Wireless problems, again...