NetBIOS - Recommendation to disable within TCP/IP on client PCs - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

NetBIOS - Recommendation to disable within TCP/IP on client PCs

This is a beneficial recommendation

ISC - Is it time to get rid of NetBIOS?
http://isc.sans.org/diary/Is+it+time+to+get+rid+of+NetBIOS+/12454

QUOTE: NetBIOS, and its weaknesses that allow extremely easy spoofing have been well known all the way since 2005. I recently discussed NetBIOS with a colleague of mine, Arcel, and this discussion prompted me to see if anything changed with NetBIOS and recent Windows releases. While I was almost certain that the old NetBIOS spoofing attacks do not work any more, I was stunned to see that even the latest and greatest Windows 7 still enable NetBIOS over TCP/IP by default. So what can we do to protect ourselves and our users against this? This is one of those times when auditors that bug you about settings and configuration are really right:

1. Unless you moved everything to Windows Vista or newer, make sure you disable LANMAN hashes. They are insecure and should not be used under any circumstances.

2. Disable NetBIOS over TCP/IP. I don’t think that anything really uses this any more

If you want to learn more about this attack, read the excellent post below and, once you get scared enough, take care of your network and users.

http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html

Posted: Jan 25 2012, 12:51 PM by Harry Waldron | with 1 comment(s)

Comments

Hal said:

Thank you for this tip; I really do appreciate it. I think it's important to keep in mind, though, that many people, even those whose knowledge goes beyond basic use, find networking setting information to be a topic they do not understand. People like me are happy to adopt these suggestions, but we really do not have hours to pour into learning what NetBIOS or TCP/IP are all about. So at some point, if the goal is to get people to set Windows as suggested, very clear, *double-checked,* step-by-step setting instructions need to be given. I don't see these in Harry's article or in either link in Harry's article. When I websearched "disable NetBios over TCP/IP Windows 7," I found a Microsoft webpage that gave the *wrong* instructions for making this change. I hunted around and figured how to do it.

The following sequence of steps work for me with Win 7 Pro with User accounts: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > [if prompted, enter administrator password, if any, from a User Account] > [click to highlight:] Internet Protocol Version 4 (TCP/IPv4) > Properties > Advanced > WINS tab > [change the NetBIOS setting from the Default to] Disable NetBIOS over TCP/IP > OK > OK > Close > Close > X to Close.

# January 26, 2012 8:38 PM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.