NetBEUI is an enhanced version of the NetBios protocol that is used by Microsoft Windows networking. It is a non-routable protocol, which means that computers that are not located on the same network segment or subnet can’t communicate.
There are two cases in which you should use the NetBEUI protocol to handle your Microsoft File and Printer sharing:
1) You are using the “Multiple IP” method of sharing.
In this case, you don’t have the option of following the instructions in Item 2, since all of your computers’ Network adapters must use TCP/IP and they are all connected to the Internet. If this is your situation and you must share Files and Printers, then you definitely should use NetBEUI for File and Printer sharing, and have strong password protection on anything you share.
2) You have separated your LAN from the Internet, but you have opened ports or have placed a computer outside your Sharing server’s firewall in order to use certain applications or services.
If you are using some method other than the Multiple IP method to share your Internet connection, you have the protection of a separate network and a firewall or proxy.
If you’re using a hardware router, you don’t need to do anything further. If you’re using a software NAT-based router like ICS or Sygate, as long as you unbind Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks from the copy of TCP/IP that is bound to the network adapter that connects you to the Internet, you’re secure. In both these cases, you don’t really need to use NetBEUI for File and Printer sharing unless you like a “belt and suspenders” approach.
However, once you start poking holes in a NAT firewall or adding TCP or UDP mapping services to a proxy server, you are making direct connections to your LAN for at least some data from the Internet. If you open the right ports (TCP or UDP ports 137, 138, and 139), you will allow access to your LAN’s computers from the Internet if you are using TCP/IP for File and Printer sharing.
In this case, you should use NetBEUI for File and Printer sharing.
Now that we’ve described why and when, read on for how to configure NetBEUI for File and Printer sharing.
How to do it.
It’s easy to use NetBEUI as the protocol for file and Printer sharing. The screen shots below show you the Network Properties windows that you’ll use. (These are Win95/98 screen shots and have been cropped to make them smaller.)
Important: Follow the instructions below for each of the computers in your LAN.
All it takes is one computer that has Microsoft Network services bound to TCP/IP to make your network unsecure!
NOTE for IPX/SPX users:
If you’re a gamer and need to use the IPX/SPX protocol, you can substitute “IPX/SPX” for “NetBEUI” in these instructions and you’ll get the same effect. Make sure you enable NetBIOS over IPX/SPX.
1) Add the NetBEUI protocol if you don’t have it installed.
Open your Network Control panel and select the Configuration tab. Look for entries that begin with NetBEUI (shown circled in red below).
If you don’t see it, you need to add it.
Open your Network Control panel, select the Configuration tab and click the Add button. Select Protocol as shown below.
Double click on Protocol to open the Network Protocol window and select Microsoft and NetBEUI as shown below.
After Windows finds the files it needs (it may ask you for your installation disk), it will ask to reboot. Let it.
2) Check the Network adapter binding to NetBEUI
After the reboot, open up the Network Control Panel again.
(Don’t close the panel until you are done with all of the following steps, because Windows will want to reboot your machine each time you make a change and close the Network Control Panel.)
Now select your Network adapter and double click it.
NetBEUI should have bound itself to this and any other Network adapters in your computer. You can see this on the Bindings tab of the Network adapter properties window. Since you’re connecting to the Internet, your Network adapter also needs the TCP/IP protocol, and you see both in the screen show below.
3) Check the NetBEUI binding to Clients and Services
Protocols can be bound to Network adapters (as we checked above). They also can be bound to Clients and Services. The Client and Service binding is important to do correctly because it is the binding that can expose you to the Internet.
The Network Control panel will show a copy of NetBEUI bound to each Network adapter that you have. The screen shot below shows two copies of NetBEUI because there are two Network adapters in the computer that the screen shots were taken on. Your computer will probably have two copies of NetBEUI, one for your Ethernet card and the other for your Dial-Up adapter. The screen shot below doesn’t show the NetBEUI-> Dial-Up adapter because it was removed.
Find the copy of NetBEUI that is bound to the Network adapter that is used for your LAN connection. In the screen shot below, this is the NetGear Ethernet adapter.
Double-click this copy of NetBEUI and you’ll see that it is bound to Client for Microsoft Networks and File and Printer sharing for Microsoft Networks. You might also have the Microsoft Family Logon client (not shown). If for some reason you don’t see these boxes checked, check them.
4) Unbind TCP/IP from Network Clients and Services
This step is very important and is what keeps your LAN safe from Internet-based intrusion.
Since NetBEUI is handling the File and Print sharing duties, there is no need for any copy of TCP/IP to be bound to them. Start with the copy of TCP/IP that is bound to the Network adapter that you’ve been working with, in this case the NetGear adapter. Double-click it to open it.
Click on the Bindings tab and uncheck Client for Microsoft Networks and File and Printer sharing for Microsoft Networks. Also uncheck Microsoft Family Logon if it is present. Close the TCP/IP properties window. You will probably get the message box shown below. Click NO.
Repeat this unbinding for each copy of TCP/IP on your computer. Be sure to do them all!
Close the Network Control Panel and let your computer reboot.
5) Strong password protect your shares
In the early days of cable modems, ISPs were still learning about network security and there were many cases reported of users seeing unknown computers in Network Neighborhood, or worse, having their files viewed, changed or deleted by curious visitors.
These Microsoft Networking holes have been pretty much closed as I write this in early 2000. However, it’s good practice to still protect anything you share with a strong password, just in case your ISP slips up. You also should check the Network Neighborhood Entire Network periodically, and if you see unknown computers there, notify your ISP ASAP and have them fix this.
Follow the above procedure for each of the computers in your LAN.
6) Check your work
There are a few services that will check to see whether you’re running a secure LAN. You can find them on the LAN Security Tools page, or just go directly to the ShieldsUp site and run the Test My Shields check to verify that you’ve properly closed the Microsoft Networking ports.
That’s it! You’re done.