Security Risk?

How did you secure your AP? That's the first device in line to be a risk. Secure it with WPA / WEP. WPA is better , but since you are running ME (why ? this can be considered a security breach) this isn't possible, there are no clients for it....

Second the firewalls help, but here also the settings are vital. For the laptop, don't worry. Just download SP2 for Microsoft Windows XP. This a great security patch for your pc and includes a firewall

Mike - There are a number of links here. It's a lot of reading, but there are some good articles.

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=File+Printer+sharing+security

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=XP+File+Printer+sharing+security

With your system properly configured, you can enable and control File & Printer Sharing on your LAN with no significant increased risk to security. NetBIOS over NetBEUI and NetBIOS over TCP/IP both have convincing advocates.

One school of thought is to isolate the bindings.
Steve Gibson addresses this on his site - www.grc.com (In the Shields UP / Network Bondage area - http://www.grc.com/su-bondage.htm ) The first article in the first link above adresses this issue also.
M$ does not encourage NetBEUI on XP, but instructions can be obtained from the web.
http://www.scotsnewsletter.com/38.htm#tipadaweek

This article indicates that binding isolation is not necessary, as long as a router is in place between the internet nad any of the local network machines.
http://www.homenethelp.com/web/howto/net.asp

If you apply either of the precautions proscribed you should be fine. The only problem I see with the second method is when a home user is troubleshooting a router failure and bypasses the router to verify the failure. While concentrating on the troubleshooting procedure, one might forget the precaution to never directly connect a computer configured and enabled in this manner to a modem. On the other hand, if your PC migrates between a home network and a business network on a regular basis, you may be inclined to match rather than regularly reconfigure your network bindings.

I hope someone with a bit more perspective than I comments here on this issue. I've read the articles and posted here on the topic previously, and I'm still convinced both arguments are correct. Of course, one could also consider using another communication protocol.

Isn't the next version of Windows due out in 2006? How soon can I get a patch for that?

GM

After reading some of the links provided it answered some of my questions and posed a few more. I deecided not to share the printer attached to the Win ME machine. I am sharing the printer on the XP desktop with the XP laptop. I haven't enabled netBIOS over TCP/IP; not sure what this is about. Is this something I need to do? Does it have to be done on all the computers?

Another question is about which computer is the master browser. Tom's Hardware seems to say one computer should be the master browser and it shouldn't be connected wirelessly. When I ran the command prompt that was shown it indicated the two XP computers which connect wirelessly were master browsers. But the ME computer which is wired to the Router did not show as the master browser.

Totally confused now. If my main goal is to share an Internet connection among three computers (and this is working) how concerned should I be about the netBIOS over TCP/IP and the Master Browser issue?

Thanks for you time.

One more thing: is mshome some sort of default group name? and should it be changed?

 

Message Edited by Mike Lambed on 08-13-2004 06:12 PM

I haven't enabled netBIOS over TCP/IP; not sure what this is about. Is this something I need to do? Does it have to be done on all the computers?

If all the systems were Windows 2000 or later, you wouldn't need to enable NetBIOS over TCP. But Windows ME predates Windows 2000, so you'll need to enable it on all three machines, if you want file and printer sharing available on all of them.

Another question is about which computer is the master browser. Tom's Hardware seems to say one computer should be the master browser and it shouldn't be connected wirelessly. When I ran the command prompt that was shown it indicated the two XP computers which connect wirelessly were master browsers. But the ME computer which is wired to the Router did not show as the master browser.

Totally confused now. If my main goal is to share an Internet connection among three computers (and this is working) how concerned should I be about the netBIOS over TCP/IP and the Master Browser issue?

In networks lacking a "domain controller", browse mastership is carried out by an election process among all the machines in the "workgroup". One of the weighting factors is the operating system version. So XP systems will "win" elections over ME systems. The issue of NetBIOS over TCP is different from Internet access (as you've found out!), but in order to get file and printer sharing working, you'll need it enabled, or the ME system won't be able to be accessed, and won't show up in the list of "computers near me", which is generated by the "workgroup browser election" process. The reason for the suggestion that the "master browser" be a wired machine is to improve browsing stability, but because of the "election weight" issue, the "browse master" election will also depend on what operating system the machines are running.

One more thing: is mshome some sort of default group name? and should it be changed?

Yes, that's just a default name (the "workgroup" name). If you change it, the name needs to be the same on all the systems. It should be a short name (less than fifteen characters).

Jim

Thanks for that detailed answer. It explains a lot of things for me. What's your take on this statement from Home Net Help.."A folder or printer must be shared on each computer for them to show up in your network neighborhood."

Right now the WinME system does not show up on either of the XP machines when I click on "show workgroup computers". Although the XP machines do show each other. Do I have to "share a folder" for the Millenium system to show?

Thanks much.

What's your take on this statement from Home Net Help.."A folder or printer must be shared on each computer for them to show up in your network neighborhood."

That's almost a truism (no insult to you!). If nothing's being shared from a machine, it won't be advertising any resources, and may not show up in the "neighborhood". That assumes that the machines are all using a compatible protocol for Windows Networking. Since ME needs it, you need NetBIOS over TCP enabled on all of them.

Right now the WinME system does not show up on either of the XP machines when I click on "show workgroup computers". Although the XP machines do show each other. Do I have to "share a folder" for the Millenium system to show?

The most likely reason is that NetBIOS over TCP isn't enabled on all the machines. If it is, and there are resources being offered on the ME machine (by "sharing a folder"), and they still aren't appearing on the XP systems, let us know. There are more advanced steps for investigating problems like this available if needed.

If the XP firewall is enabled on the XP systems, it'll interfere with seeing other machines' shared resources on your LAN. Since your router's providing protection from these resources being available on the Internet, try disabling the XP firewall.

(edit) I don't think the XP firewall's enabled, or the XP machines wouldn't even see each other!

Jim

Message Edited by jimw on 08-13-2004 08:58 PM

I''ll enable netBIOS over TCP/IP and see what happens. You are right about XP Firewall not being on. Thanks for your help. Will post back again with results.

The XP firewall (as of SP2) is smart enough to allow firesharing and netbios if you enable the services.

Each machine is behind a router so internet-threats are not a real concern.  Of higher concern will be people using your wireless network and gaining LAN-side access.  You can set up your router to deny access and take other security steps.  You can also (at least with most personal firewall programs) only allow filesharing/printing access from a select group of IPs (i.e. your three computers).