Using TCP/IP for File sharing behind Netgear Router-Modem?

I have internet access using a Netgear DG834 Modem-Router with two
desktops connected.
I have 'File and printer sharing' enabled using the TCP/IP protocol.
But I once read that one should un-bind services such as 'File and
printer sharing' from TCP/IP as it can be a security risk...
So my question would be, Is this safe? I would assume that being
behind the Netgear DG834 router, using NAT would be safe.

I would appreciate any info

Regards,



ZX

"ZX" <(E-Mail Removed)> wrote in message
news:Xns9939148353E9Canonanonan123mailcom@193.252. 117.183...
>I have internet access using a Netgear DG834 Modem-Router with two
> desktops connected.
> I have 'File and printer sharing' enabled using the TCP/IP protocol.
> But I once read that one should un-bind services such as 'File and
> printer sharing' from TCP/IP as it can be a security risk...

If you want to network the machines in a LAN situation, you need TCP.

> So my question would be, Is this safe? I would assume that being
> behind the Netgear DG834 router, using NAT would be safe.
>

Normally your network is safe behind a NAT router. It would be true if it
was an all wire router.

Wireless is attackable where someone can join your wireless network and be
all over the top of your machines wire or wireless.

You should try to harden the O/S to attack on the machines as much as
possible.

http://labmice.techtarget.com/articl...ychecklist.htm

On May 22, 11:26 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
> "ZX" <anonano...@google.com> wrote in message
>
> news:Xns9939148353E9Canonanonan123mailcom@193.252. 117.183...
>
> >I have internet access using a Netgear DG834 Modem-Router with two
> > desktops connected.
> > I have 'File and printer sharing' enabled using the TCP/IP protocol.
> > But I once read that one should un-bind services such as 'File and
> > printer sharing' from TCP/IP as it can be a security risk...
>
> If you want to network the machines in a LAN situation, you need TCP.

Not really. For Windows boxes, there's IPX/SPX, which an IP router
will
not route. There's also, possibly, NETBEUI, which is NOT routable. So
any such machines on the same physical and logical subnet can "talk."


> > So my question would be, Is this safe? I would assume that being
> > behind the Netgear DG834 router, using NAT would be safe.
>
> Normally your network is safe behind a NAT router. It would be true if it
> was an all wire router.

Safe from _some_ stuff from the WAN port, that is. It's all relative,
and it
changes. For protection from wireless intruders, WAP and serious key,
period.

A good, readily configurable, 2-way "personal" firewall, like the
Comodo freebie
is a good option, so long as users don't permit questionable traffic
on notice
of attempt by process to access Internet. (User provides OJT for
firewall.)

Depending on the server OS version and filesystem (FAT32, NTFS) you
can
and should use password-protected access to shares and subtrees
within.

Else, expect bad things.

> Wireless is attackable where someone can join your wireless network and be
> all over the top of your machines wire or wireless.
>
> You should try to harden the O/S to attack on the machines as much as
> possible.
>
> http://labmice.techtarget.com/articl...ychecklist.htm

HTH,
J

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> On May 22, 11:26 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
>> "ZX" <anonano...@google.com> wrote in message
>>
>> news:Xns9939148353E9Canonanonan123mailcom@193.252. 117.183...
>>
>> >I have internet access using a Netgear DG834 Modem-Router with two
>> > desktops connected.
>> > I have 'File and printer sharing' enabled using the TCP/IP protocol.
>> > But I once read that one should un-bind services such as 'File and
>> > printer sharing' from TCP/IP as it can be a security risk...
>>
>> If you want to network the machines in a LAN situation, you need TCP.
>
> Not really. For Windows boxes, there's IPX/SPX, which an IP router
> will
> not route.

I have used MS NWlink IPX/SPX Netbios when wireless became a problem with
networking, but I prefer TCP. So, your right, but most don't know about it.

> There's also, possibly, NETBEUI, which is NOT routable. So
> any such machines on the same physical and logical subnet can "talk."

You're right there as well, but it became a problem on the wireless, because
it's not a routable protocol, well it was a problem for the old Linksys
11S4(s).

>
>
>> > So my question would be, Is this safe? I would assume that being
>> > behind the Netgear DG834 router, using NAT would be safe.
>>
>> Normally your network is safe behind a NAT router. It would be true if it
>> was an all wire router.
>
> Safe from _some_ stuff from the WAN port, that is. It's all relative,
> and it
> changes. For protection from wireless intruders, WAP and serious key,
> period.

But someone with any expertise that wanted to come after WAP and crack it,
then they can do it I hear. But I don't think they would be after with a
home user's network.

>
> A good, readily configurable, 2-way "personal" firewall, like the
> Comodo freebie
> is a good option, so long as users don't permit questionable traffic
> on notice
> of attempt by process to access Internet. (User provides OJT for
> firewall.)
>
> Depending on the server OS version and filesystem (FAT32, NTFS) you
> can
> and should use password-protected access to shares and subtrees
> within.
>
> Else, expect bad things.
>
>> Wireless is attackable where someone can join your wireless network and
>> be
>> all over the top of your machines wire or wireless.
>>
>> You should try to harden the O/S to attack on the machines as much as
>> possible.
>>
>> http://labmice.techtarget.com/articl...ychecklist.htm
>
> HTH,
> J
>

"Mr. Arnold" <MR. (E-Mail Removed)> hath wroth:

>> There's also, possibly, NETBEUI, which is NOT routable. So
>> any such machines on the same physical and logical subnet can "talk."
>
>You're right there as well, but it became a problem on the wireless, because
>it's not a routable protocol, well it was a problem for the old Linksys
>11S4(s).

Ummmm... you're both correct, but I don't think anyone else would
understand the issue. Maybe I can explain.

802.11 wireless is bridging, not routing. That means that an access
point could care less what networking protocol is being used as long
as it's built on top of using Layer 2 MAC addresses. More crudely,
anything with a MAC address can be bridged through a common wireless
access point.

Build on top of Layer 2 bridging is Layer 3 routeing. Most cheap
wireless routers will only route IP. There are many other protocols
that can slither their way through a bridge, but only IP will go
through the typical wireless bridge. Features such as firewalls and
NAT are totally dependent on IP and will not work with an IP only
bridge.

If you setup just an access point, it will have no problem running
NETBEUI, IPX/SPX, DECNET, AppleTalk, DLC, ad nausium. The only thing
an access point has to do with TCP/IP is that it's used for
administration and setup.

Now it gets messy. Windoze networking was at one time totally NETBIOS
based. NETBIOS would work over any supported protocol (TCP/IP,
NETBEUI, IPX/SPX) for Windoze 95, 98, and ME. However, in Windoze
2000 and XP, NETBIOS was removed and replaced with SMB direct.
However, MS did a lousy job of removing NETBIOS, so I leave it
enabled:
<http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Network/NETBIOSLeaveOnorTurnOff.html>
I've also run into networking weirdness that could only be fixed by
enabling NETBIOS over TCP (NBT).

The Linksys BEFW11S4 is a wireless IP router and will not work with
NETBEUI or NWLink (IPX/SPX). It's IP only.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

>
> The Linksys BEFW11S4 is a wireless IP router and will not work with
> NETBEUI or NWLink (IPX/SPX). It's IP only.

I don't know about now with the newer 11S4's, because my 11S4 was of the
2001 vintage

But MS NWLink IPX/SPX was the what I used to get Win 2K machines one wired
the other one wireless to network with each other. That was after NETBEUI
was removed, because with NETBEUI there when installing MS NWlink IPX/SPX,
things hosed the TCP Stack and the Stack had to be reset.

"Mr. Arnold" <MR. (E-Mail Removed)> hath wroth:

>>
>> The Linksys BEFW11S4 is a wireless IP router and will not work with
>> NETBEUI or NWLink (IPX/SPX). It's IP only.
>
>I don't know about now with the newer 11S4's, because my 11S4 was of the
>2001 vintage

Yours was probably a BEFW11S4 v2. Mine are BEFW11S4 v4 (I now have 3
of them and awaiting a 4th for a firmware test).

>But MS NWLink IPX/SPX was the what I used to get Win 2K machines one wired
>the other one wireless to network with each other. That was after NETBEUI
>was removed, because with NETBEUI there when installing MS NWlink IPX/SPX,
>things hosed the TCP Stack and the Stack had to be reset.

Yeah, that happens. As I recall (not sure), W2K only allows 3
transport protocols. It's possible to add a 4th but I read that
things sometimes break. However, with 3 protocols, it should have
worked. I don't think it was NETBEUI that broke. I've used it many
times when I have to connect from DOS workstations (mostly cash
registers).

NWLink is another story. I think the XP version is busted. Instead,
I download the Novell Client, which has the added bonus of adding
IPX/SPX support to Windoze XP Home, which MS removed.
<http://www.novell.com/products/clients/>
Configuring the Novell Client is another horror stories as there are a
huge number of options and settings. It still have some ancient
servers running Novell 3.11 which requires considerable tweaking to
get the client to connect.

IPX/SPX works just fine as long as you're on the LAN side of the
wireless router. That's probably what you were doing. If all the LAN
side boxes supported IPX/SPX, you wouldn't need TCP/IP for anything
besides access to the internet. Actually, you could get away with no
TCP/IP on the clients if you use a gateway machine that converts
IPX/SPX to TCP/IP.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On 22 May 2007 23:59:16 GMT, in alt.internet.wireless , ZX
<(E-Mail Removed)> wrote:

>I have internet access using a Netgear DG834 Modem-Router with two
>desktops connected.
>I have 'File and printer sharing' enabled using the TCP/IP protocol.
>But I once read that one should un-bind services such as 'File and
>printer sharing' from TCP/IP as it can be a security risk...

you've heard misinformation. Its perfectly safe and indeed perfectly
normal.

>So my question would be, Is this safe?

Yes. Just don't open the netbios ports on your router (135-139 and
445)
--
Mark McIntyre

Mark McIntyre <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On 22 May 2007 23:59:16 GMT, in alt.internet.wireless , ZX
> <(E-Mail Removed)> wrote:
>
>>I have internet access using a Netgear DG834 Modem-Router with
>>two desktops connected.
>>I have 'File and printer sharing' enabled using the TCP/IP
>>protocol. But I once read that one should un-bind services
>>such as 'File and printer sharing' from TCP/IP as it can be a
>>security risk...
>
> you've heard misinformation. Its perfectly safe and indeed
> perfectly normal.
>
>>So my question would be, Is this safe?
>
> Yes. Just don't open the netbios ports on your router (135-139
> and 445)

Thanks, that's what I wanted to hear...
Anyway it's for a retired couple - friends of mine - I gave them my
old win98 machine and they also bought a new Vista machine and I
wired them using the netgear router ( wi-fi not used)
Nobody is going to try anything serious, as it's just a home network
with no interest for anyone else...

Regards

"ZX" <(E-Mail Removed)> wrote in message
news:Xns993A19895E13anonanonan123mailcom@193.252.1 17.183...
> Mark McIntyre <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> On 22 May 2007 23:59:16 GMT, in alt.internet.wireless , ZX
>> <(E-Mail Removed)> wrote:
>>
>>>I have internet access using a Netgear DG834 Modem-Router with
>>>two desktops connected.
>>>I have 'File and printer sharing' enabled using the TCP/IP
>>>protocol. But I once read that one should un-bind services
>>>such as 'File and printer sharing' from TCP/IP as it can be a
>>>security risk...
>>
>> you've heard misinformation. Its perfectly safe and indeed
>> perfectly normal.
>>
>>>So my question would be, Is this safe?
>>
>> Yes. Just don't open the netbios ports on your router (135-139
>> and 445)
>
> Thanks, that's what I wanted to hear...
> Anyway it's for a retired couple - friends of mine - I gave them my
> old win98 machine and they also bought a new Vista machine and I
> wired them using the netgear router ( wi-fi not used)
> Nobody is going to try anything serious, as it's just a home network
> with no interest for anyone else...

Really? It sounds to me they are the ones that will click on everything
under the Sun that can lead to a compromise on the computer. Just don't have
them doing their stock portfolio, retirement plan or banking over the
Internet, because they could have them all wiped out.