OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Problem with 2000 Pro client on NT 4 domain
From: Henry Sieff (hsieffORTHODON.COM)
Date: Tue Jul 11 2000 - 16:10:07 CDT

>-----Original Message-----
>From: Scott Sanchez [mailto:SSanchezOPUS360.COM]
>Sent: Tuesday, July 11, 2000 1:23 PM
>To: FOCUS-MSSECURITYFOCUS.COM
>Subject: Re: Problem with 2000 Pro client on NT 4 domain
>
>
>Unless something serious has changed between NT4 and W2K that
>I'm not aware
>of, you don't need Netbios or Netbeui installed or passing
>packets to do
>Windows networking... you can bind it all to TCP/IP.

True, however WINS will not function without NETBIOS. If you don't
need this, then there is no need for netbios. Also, anything which
relies on WINS won't work.

>This is a fine example of how you should not always act on
>everything you
>read in lists like this. Netbios and Netbeui as compared to TCP/IP
are
>highly insecure.

Apples and oranges; netbios is a session level protocol. TCP/IP and
Netbeui are both lower level. FWIW, TCP/IP is pretty insecure unless
you are using ipsec or some such. Also, NetBIOS is as secure (for
internal) as the TCP/IP implementation it rides on.

> Stick with IP if you can, and turn
>everything else off!

Definitely block it all at the perimeter, but for internal purposes, I
like NetBIOS, esp. in smaller installations.

Henry