3. Should I use NetBEUI?
There are two cases in which you should use the NetBEUI protocol to handle your Microsoft File and Printer sharing:
1) You are using the "Multiple
IP" method of sharing.
2) You have separated your LAN from the Internet, but
you have opened ports or have placed a computer outside your Sharing
server's firewall in order to use certain applications or services.
If you're using a hardware router, you don't need to do anything further. If you're using a software NAT-based router like ICS or Sygate, as long as you unbind Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks from the copy of TCP/IP that is bound to the network adapter that connects you to the Internet, you're secure. In both these cases, you don't really need to use NetBEUI for File and Printer sharing unless you like a "belt and suspenders" approach.
However, once you start poking holes in a NAT firewall or adding TCP or UDP mapping services to a proxy server, you are making direct connections to your LAN for at least some data from the Internet. If you open the right ports (TCP or UDP ports 137, 138, and 139), you will allow access to your LAN's computers from the Internet if you are using TCP/IP for File and Printer sharing.
In this case, you should use NetBEUI for File and Printer sharing.
Now that we've described why and when, read on for how to configure NetBEUI for File and Printer sharing.
It's easy to use NetBEUI as the protocol for file and Printer sharing. The screen shots below show you the Network Properties windows that you'll use. (These are Win95/98 screen shots and have been cropped to make them smaller.)
Important: Follow the instructions below for
each of the computers in your LAN.
for IPX/SPX users:
1) Add the NetBEUI protocol if you don't have it installed.
Open your Network Control panel and select the Configuration tab. Look for entries that begin with NetBEUI (shown circled in red below).
If you don't see it, you need to add it.
Double click on Protocol to open the Network Protocol window and select Microsoft and NetBEUI as shown below.
After Windows finds the files it needs (it may ask you for your installation disk), it will ask to reboot. Let it.
After the reboot, open up the Network Control Panel again.
(Don't close the panel until you are done with all of the following steps, because Windows will want to reboot your machine each time you make a change and close the Network Control Panel.)
Now select your Network adapter and double click it.
NetBEUI should have bound itself to this and any other Network adapters in your computer. You can see this on the Bindings tab of the Network adapter properties window. Since you're connecting to the Internet, your Network adapter also needs the TCP/IP protocol, and you see both in the screen show below.
Protocols can be bound to Network adapters (as we checked above). They also can be bound to Clients and Services. The Client and Service binding is important to do correctly because it is the binding that can expose you to the Internet.
The Network Control panel will show a copy of NetBEUI bound to each Network adapter that you have. The screen shot below shows two copies of NetBEUI because there are two Network adapters in the computer that the screen shots were taken on. Your computer will probably have two copies of NetBEUI, one for your Ethernet card and the other for your Dial-Up adapter. The screen shot below doesn't show the NetBEUI-> Dial-Up adapter because it was removed.
Find the copy of NetBEUI that is bound to the Network adapter that is used for your LAN connection. In the screen shot below, this is the NetGear Ethernet adapter.
Double-click this copy of NetBEUI and you'll see that it is bound to Client for Microsoft Networks and File and Printer sharing for Microsoft Networks. You might also have the Microsoft Family Logon client (not shown). If for some reason you don't see these boxes checked, check them.
This step is very important and is what keeps your LAN safe from Internet-based intrusion.
Since NetBEUI is handling the File and Print sharing duties, there is no need for any copy of TCP/IP to be bound to them. Start with the copy of TCP/IP that is bound to the Network adapter that you've been working with, in this case the NetGear adapter. Double-click it to open it.
Click on the Bindings tab and uncheck Client for Microsoft Networks and File and Printer sharing for Microsoft Networks. Also uncheck Microsoft Family Logon if it is present. Close the TCP/IP properties window. You will probably get the message box shown below. Click NO.
Repeat this unbinding for each copy of TCP/IP on your computer. Be sure to do them all!
Close the Network Control Panel and let your computer reboot.
In the early days of cable modems, ISPs were still learning about network security and there were many cases reported of users seeing unknown computers in Network Neighborhood, or worse, having their files viewed, changed or deleted by curious visitors.
These Microsoft Networking holes have been pretty much closed as I write this in early 2000. However, it's good practice to still protect anything you share with a strong password, just in case your ISP slips up. You also should check the Network Neighborhood Entire Network periodically, and if you see unknown computers there, notify your ISP ASAP and have them fix this.
There are a few services that will check to see whether you're running a secure LAN. You can find them on the LAN Security Tools page, or just go directly to the ShieldsUp site and run the Test My Shields check to verify that you've properly closed the Microsoft Networking ports.
That's it! You're done.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|