|
PureBytes Links
Trading Reference Links
|
Chris -
I, too, am running NT 4.0 (SP6), but I can't recognize some of the items you
mention. Under Control Panel, "Network" icon, and Bindings Tab, you say to
disable the cable modem network card under "Server", but I find no "server"
item there. Under "bindings" I have a choice of bindings for services,
protocols, or adapters. Under "adapters" I find my ethernet card. I also
find that card shown at the "adapters" tab, but no "server" anywhere.
Under "server" on the control panel there is a "shared resources" window
which shows IPC$, but no reference to the ethernet card. So where am I
going astray???
Incidentally, I found some time ago that the "server" service is required
for communication between an APC UPS and the computer (for logging of power
incidents).
Regards,
Carroll Slemaker
----- Original Message -----
From: Chris Baker <chrisbak52@xxxxxxxxxxxxxxx>
To: Omega List <omega-list@xxxxxxxxxx>
Sent: Wednesday, December 29, 1999 2:18 PM
Subject: Re: Last Minute Y2K Updates - Fulks security test link
> For those with NT and a cable modem, unwanted NetBios access from the
> internet to your computer is a significant problem. In fact my Firewall
> program may offer little protection in this area. However considerable
or
> full security against NetBios attacks can be obtained through partially or
> fully disabling the Server service, as explained below. NetBios access
> seems to be tested under "Test my Shields" on the security link Bob Fulks
> posted (copied after my e-mail). At least I received a report that my
> computer was "Very Secure" from unwanted NetBios access after running that
> test.
>
> If you run this test and don't receive a report that your NetBios access
is
> "Very Secure", then you might want to read "disabling unwanted NetBios
> access" below. I'm not a security expert, but what I found seems to
work.
> Also this significant NetBios security vulnerability is further explained
> under Number 2 "Explain this to me" in the security link Bob Fulks posted.
>
> Note that running "Probe my Ports" on the security link Bob Fulks posted
is
> a different matter. Running that test did cause my Firewall program to
> bring up a number of alerts. Therefore protection from unwanted
NetBios
> access does NOT prevent another computer on the internet from trying to
> access your computer through it's (virtual) Ports. Especially with a
> cable modem a Firewall program is needed for that purpose.
>
>
> Disabling unwanted NetBios access:
>
> The Server service exists to allow other computers to access your computer
> over a network. However there is no reason why anyone on the internet
> needs to access your computer using NetBios, unless you administer or
access
> your computer remotely. As I understand it NetBios access over the
> internet leaves your computer open to hackers trying to break your
password
> or trying to figure out enough about your computer configuration as to
find
> it's vulnerabilities.
>
> With NT I've found security against unwanted NetBios access can be much
> improved by first opening Control Panel, the "Network" icon, and the
> Bindings Tab. If you have a cable modem, it's especially important to
> disable your cable modem network card under "Server". When I used to run
> that way with Media One, internet access worked just fine.
>
> However I now completely disable the Server service on my computer used to
> access the internet - as explained under "note" at the end. I have
never
> had a "Blue Screen" or a crash of NT or any such problem changing Server
> "Bindings" or disabling the Server service. I have also downloaded at up
> to 100 KB/second so there seems to no affect on my internet access, which
I
> have running all day. However all my experimenting in this area has
been
> with a cable modem. With dial-up access the WINS Client (TCP/IP) under
> Server "Bindings" must be left enabled, but you should be able to disable
> everything else.
>
> However disabling your LAN protocol under Server "Bindings" should also
> prevent other computers on your LAN from accessing the computer. However
> the computer can still access the other computers on the LAN.
|