On 12 Mar 2002, at 23:50, Steve Siegel wrote: > I'd appreciate some input on the safest LAN protocol to use behind > a firewall/router (e.g. Sonic Wall, Zywall). I've read, on Steve > Gibson's site, that netbeui is "safe" because it's not routed. > Others have said nothing's safe, and they disconnect Internet > access before enabling any LAN communication. Still others say that > if you're behind a hardware firewall, anything's safe -- excluding > an intentional sophisticated attack, in which case nothing's safe.
NetBEUI isn't routable, and so shouldn't be spoofable from outside - - directly. But if you run both TCP/IP and NetBEUI on a single box, and that box gets compromised, the attacker might be able to use that box to access your "safe" NetBEUI traffic. NetBEUI not being routable means that you can use it as your LAN protocol ONLY if your LAN is restricted to a single segment. No DMZ for you! In fact, since it relies on broadcasts for all traffic, it gets neither performance nor security benefits from the use of a switch in place of a hub.... > Additionally, using MS OS's, one can enable/disable file sharing, and > even if enabled, can limit access to specific folders. I wonder how > "safe" manipulating these OS options are. Although it's convenient to share specific folders, this is mainly a way of attaching names and permissions. Behind the scenes, at least some of Microfot's OSes create a "hidden" share of every hard drive volume, available to anyone who hacks the necessary password. You can limit *specific users* to accessing specific folders, but that does not mean that the rest of your files do not participate in file sharing. > On another note, somewhat off topic for "firewalls", I'm in a situation > where I connect a windows 95 PC to other PCs, across the entire spectrum > of MS operating systems. Seems, at times, simply enabling file sharing > causes the other PCs to be visible; other times, the PCs all seem to > need to be rebooted. Is there any robust way to get a PC to make itself > known on the LAN and/or interrogate the :LAN for other PCs? Yes, it's off-topic. It sounds rather like a master browser (no, not WEB browser!) or NetBIOS/WINS (not NetBEUI!) issue.... DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
