On Mon, 16 Jul 2001, Dwayne Reid wrote:

> At 03:50 PM 7/16/01 +0100, Richard Phillips wrote:
>
> >It's a good idea to remove the NetBEUI protocol completely unless you
> >actually need it - it's got plenty of security holes.
>
> Actually, Steve Gibson at GRC says exactly the opposite: use NetBUI for all
> your internal network operations and allow TCP/IP to be used only for
> internet connections.  He has a VERY detailed description of how do set up
> the bindings in a Win 9x machine - and the reasons for doing it that
> way.  Check out www.grc.com for more details.

This is correct.  That's how I did it for several years when I ran an ISP.
Our internal network was NetBEUI, with TCP/IP only for Internet traffic
--in other words, don't bind TCP/IP to Windows networking.  Don't bind
TCP/IP to *anything*.  This prevents anyone from outside your own network
from getting access to your Windoze network shares and such, since NetBEUI
is not routable.

We were an ISP, had our entire office directly connected to the net (yeah,
it was a simpler time then), were constantly probed, and our office PCs
were never once compromised.  We knew exactly how everything was set up,
and *we* couldn't break in.  Of course I would not suggest this to
amateurs, if you don't do it right you've just shot yourself in the foot.

Dale
--
A train stops at a train station.  A bus stops at a bus station.
On my desk I have a workstation...

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads