I have internet access using a Netgear DG834 Modem-Router with two desktops connected. I have 'File and printer sharing' enabled using the TCP/IP protocol. But I once read that one should un-bind services such as 'File and printer sharing' from TCP/IP as it can be a security risk... So my question would be, Is this safe? I would assume that being behind the Netgear DG834 router, using NAT would be safe.
Not really. For Windows boxes, there's IPX/SPX, which an IP router will not route. There's also, possibly, NETBEUI, which is NOT routable. So any such machines on the same physical and logical subnet can "talk."
Safe from _some_ stuff from the WAN port, that is. It's all relative, and it changes. For protection from wireless intruders, WAP and serious key, period.
A good, readily configurable, 2-way "personal" firewall, like the Comodo freebie is a good option, so long as users don't permit questionable traffic on notice of attempt by process to access Internet. (User provides OJT for firewall.)
Depending on the server OS version and filesystem (FAT32, NTFS) you can and should use password-protected access to shares and subtrees within.
Ummmm... you're both correct, but I don't think anyone else would understand the issue. Maybe I can explain.
802.11 wireless is bridging, not routing. That means that an access point could care less what networking protocol is being used as long as it's built on top of using Layer 2 MAC addresses. More crudely, anything with a MAC address can be bridged through a common wireless access point.
Build on top of Layer 2 bridging is Layer 3 routeing. Most cheap wireless routers will only route IP. There are many other protocols that can slither their way through a bridge, but only IP will go through the typical wireless bridge. Features such as firewalls and NAT are totally dependent on IP and will not work with an IP only bridge.
If you setup just an access point, it will have no problem running NETBEUI, IPX/SPX, DECNET, AppleTalk, DLC, ad nausium. The only thing an access point has to do with TCP/IP is that it's used for administration and setup.
Now it gets messy. Windoze networking was at one time totally NETBIOS based. NETBIOS would work over any supported protocol (TCP/IP, NETBEUI, IPX/SPX) for Windoze 95, 98, and ME. However, in Windoze
2000 and XP, NETBIOS was removed and replaced with SMB direct. However, MS did a lousy job of removing NETBIOS, so I leave it enabled:
I've also run into networking weirdness that could only be fixed by enabling NETBIOS over TCP (NBT).
The Linksys BEFW11S4 is a wireless IP router and will not work with NETBEUI or NWLink (IPX/SPX). It's IP only.
I don't know about now with the newer 11S4's, because my 11S4 was of the
But MS NWLink IPX/SPX was the what I used to get Win 2K machines one wired the other one wireless to network with each other. That was after NETBEUI was removed, because with NETBEUI there when installing MS NWlink IPX/SPX, things hosed the TCP Stack and the Stack had to be reset.
Yours was probably a BEFW11S4 v2. Mine are BEFW11S4 v4 (I now have 3 of them and awaiting a 4th for a firmware test).
Yeah, that happens. As I recall (not sure), W2K only allows 3 transport protocols. It's possible to add a 4th but I read that things sometimes break. However, with 3 protocols, it should have worked. I don't think it was NETBEUI that broke. I've used it many times when I have to connect from DOS workstations (mostly cash registers).
NWLink is another story. I think the XP version is busted. Instead, I download the Novell Client, which has the added bonus of adding IPX/SPX support to Windoze XP Home, which MS removed.
Configuring the Novell Client is another horror stories as there are a huge number of options and settings. It still have some ancient servers running Novell 3.11 which requires considerable tweaking to get the client to connect.
IPX/SPX works just fine as long as you're on the LAN side of the wireless router. That's probably what you were doing. If all the LAN side boxes supported IPX/SPX, you wouldn't need TCP/IP for anything besides access to the internet. Actually, you could get away with no TCP/IP on the clients if you use a gateway machine that converts IPX/SPX to TCP/IP.
Mark McIntyre wrote in news: firstname.lastname@example.org:
Thanks, that's what I wanted to hear... Anyway it's for a retired couple - friends of mine - I gave them my old win98 machine and they also bought a new Vista machine and I wired them using the netgear router ( wi-fi not used) Nobody is going to try anything serious, as it's just a home network with no interest for anyone else...
Really? It sounds to me they are the ones that will click on everything under the Sun that can lead to a compromise on the computer. Just don't have them doing their stock portfolio, retirement plan or banking over the Internet, because they could have them all wiped out. :)
Yep. The clueless are everywhere: Hundreds Click on 'Click Here to Get Infected' Ad
The real problem is that many users (if not most users) do not seem to understand that even if they have a firewall, encryption, web filter, anti-virus, anti-spyware, and anti-trojan horse band-aids installed, they all run on the assumption that the user has a clue what they are doing. If the user clicks on something stupid, there's always a chance that the band-aids will save the users posterior. However, that's about it. It's only a chance.
Maybe the next release should be called "Microsoft XP Training Wheel Edition".
Perception is everything. The same problem happens on the Mac. It's all part of marketing and social engineering. Incidentally, speaking of social engineering, I'm reading "The Art of Deception" by Kevin Mitnick and William L. Simon. It's very much a text book on the art of fooling computer users. The best time to do social engineering is when the victim thinks they are safe.
It's an interesting distinction based on some very bad design by Microsoft. In Unix systems, from the very beginning, the idea behind user accounts and passwords was something like "trash your own stuff but stay out of everyone else's stuff". Mostly, user accounts were to keep users from destroying the entire system. It worked fairly well unless the user elevated their account privileges. Finally, Microsoft discovers in Vista what Unix admins have known for over 20 years, that users should NOT be running as root when doing ordinary mundane tasks. One small step for Vista. One feeble step for securing the user, instead of securing the system. Now, if "run as Administrator" worked and didn't break some installs, it might be a giant step. Of course, the "Run as Admin" feature has to be used so often, that like Chicken Little and "the sky is falling", it will become habit, thus destroying its value as a security feature. The right way to have done this would be, when running as Admin, to have the desktop background turn bright red, huge warning signs appear all over the desktop, the sound system blare "Warning.... You are about to...", and display a very intimidating looking "Are you sure?" box for just about everything deemed dangerous. However, that would diminish the user experience somewhat, might imply that the system isn't perfectly safe, and probably would panic the average user.
MS should do what Apple did. Dump their home grown operating system and buy into a Unix OS base. Build their GUI and applications on a secure base. Cease doing their support, embrace, extend butchery to established standards. Probably not in my lifetime.