Is it time to get rid of NetBIOS?

From https://isc.sans.edu/diary.html?storyid=12454:

 

NETBIOS is still needed for File and Printer Sharing. Also, it allows finding things by NETBIOS name, and some router manufacturers use that to allow people to reach their device. That said, I don't use File and Printer sharing, I use 'sneaker net', so no NETBIOS in my network.

I haven't figured out if Win7's HomeGroup uses NETBIOS or not. Hopefully it is a clean break from that old protocol.

 

Immediately disabled after installing Windows along with a few other unused services. I have 0 use for these services and I've read enough exploits that use them.

 

Actually disabling the NetBIOS service doesn't entirely disable it, you need to disable it on a per-connection basis also. That involves going into your advanced connection properties for IPv4 and selecting "Disable NetBIOS over TCP/IP" in the "WINS" tab.

I wouldn't know of the possible negatives this would cause as I don't share anything over my network. Though I have been considering setting up a data server (Windows Server 8 looks awesome) for the house with network storage so I may find out at some point, hopefully it doesn't break anything.

 

There is no security breach Enabling NetBIOS over TCP/IP

What an shame that some of these legendary techies do not understand or take advantage of an shared network.

Some of these legendary techies preach how people of lower experience and intellegence of their own should harden
their operating systems by disabling 'necessary' services and install horse release software while allowing their
fingers to run wild over the keyboard spewing out information that is legendary only in their own minds.

For example, Microsoft provides an secure way for both experienced and inexperienced computer users the privalage
of instant File and Printer Sharing right out of the box via the NetBIOS over TCP/IP that works in conjunction with
the Computer Browser Service.

Disabling NetBIOS over TCP/IP will break File and Printer Sharing and the Computer Browser Service.

The Computer Browser Service is responsable for populating the My Network Places with the shared resources.

Enable the built-in security features of the Microsoft Windows Operating System including Automatic Updates and
enjoy the privalege of freedom while preserving the virginity of the operating system.

Installing foreign files into the operating system is the first breach in security.

For some, enjoying freedom for the first time by sharing files and printers across an shared network would enlighten
with astonishment to one of the things the operating system is actually capable of doing.

Todays households exist more than one computer, phone, television, all of which can share information across an
shared network.....it is the wave of the future that is passing by the legendaries locked up in an sandbox.


HKEY1952

 

It's been shown time and time again to have vulnerabilities.
https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP#Security_vulnerabilities

A simple wikipedia search will show you that much.

I have absolutely 0 need for this as I don't print from this computer or try to communicate with any other devices.

Even if it weren't known to be exploited I'd shut it off because it's just not necessary for me and the fact is that any running code is prime attack surface that I just don't need.

You mentioned the Computer Browser service (another one I immediately shut off) interestingly enough I was actually taught to shut it off in preparation for the CompTIA Security+ test lol

It's actually almost comical how many times that service has been exploited.

HKEY, no clue what half of your message was even trying to get at but, yes, the NetBIOS service has been exploited (and yes I am legendary.)

 

I don't see this option but I have ports 137,8,9 all blocked on my firewall.

 

I always disable NetBIOS as well. Sharing can be done though the wireless N router when needed, I always prefer buying devices that support this sort of connection.

 

I think HKEY1952 and elapsed are refering to this. All built-in. Screenies from WinXP





Every adapter can be so setup, wired, wireless, whatever.
In Windows firewall, Custom list is handy on wireless in case someone jumps on your network.

Firewall rules for restrictions also help, of course.

 

Thanks, I was too lazy to take screenshots Though I don't bother with the ports, mainly because Windows Firewall on public mode blocks it.

 

Thanks - I missed the "Advanced" button in my settings. All set now.

 

In most situations, the network is not the resource at risk; rather, it is the endpoints of the network that are threatened. There will be bugs, either in the network programs or in the administration of the system. It is this way with computer security: the attacker only has to win once. It does not matter how thick are your walls, or how lofty your battlements; if an attacker finds one weakness your system will be penetrated. Unfortunately, that is not the end of your woes.

 

As depicted in Post #9 with the screen shots by act8192, thank you act8192, that whole ball of wax is the security
shell for NetBIOS over TCP/IP.

That whole ball of wax is further protected by the operating systems security model for file and printer sharing
referred to as: 'Simple File Sharing'.

Simple File Sharing activates the 'Guest Account' in the background with the default guest account settings insuring
the security of the network. The guest account default settings exists 'Read and Write' NTFS Permissions only and
the guest account can not access no other parts of the operating system such as the Windows Directory.

The guest account activated in the background by simple file sharing should not, and must not, be confused with the
'Guest Account' log on at the keyboard with the Microsoft Windows Log On Screen. For security reasons the
locally-logged-on 'Guest Account' should be Disabled.

In an nutshell, Simple File Sharing, when enabled, and is enabled by default, mitigates, or in simpler terms, lowers
NetBIOS over TCP/IP to an submissive state under the authority of the 'Guest Account' and 'Windows Firewall'
in four ways:

01) Simple File Sharing treats anyone attempting to use shared resources over the network as an 'Guest'.

02) Simple File Sharing enables the 'Guest Account' in the background for Network Use Only, with read and optionally
write access. One can separately activate the 'Guest Account' as an locally-logged-on User, however,
the locally-logged-on 'Guest Account' is Disabled by Default.

03) Simple File Sharing removes 'Everyone' from the NTFS Permissions Lists for access to the hard disk drives Root
Folder and the Windows Directory. That action renders only authorized locally-logged-on users access to most of the
hard disk drive, and most importantely, the Microsoft Windows Directory. When folders are shared, Microsoft Windows
automatically applies the correct NTFS Permissions to the shared folder so that 'Everyone', for example 'Guest', can
read and optionally write to the shared folders only.

04) Simple File Sharing insists that the Windows Firewall be enabled and mitigates, or lowers, NetBIOS over TCP/IP
with an Inbound Firewall Rule restricting NetBIOS over TCP/IP communications to the 'Subnet' of the network only.
In other words, NetBIOS over TCP/IP mitigated, or lowered, to the 'Subnet Only' with the Windows Firewall Inbound
Deny Rule for File and Printer Sharing having the Scope to Allow Inbound Communications for 'Subnet Only', restricts
communications with shared resources to the Local Area Network Only, voiding/blocking any Wide Area Network attempts
to the local shares.

Without an inbound firewall deny rule in place, everyone on the Internet will have the same rights to the shared
resources as the locally-logged-on user, and those rights are: read and optionally write. However, while anybody
with access to the network can access the shared resources, the damage an intruder, or an careless locally-logged-on
user can do, is limited to stealing or modifying only the files that are known to be public. The Root Folder of any
and all hard disk drives, the Windows Directory, and any other files and folders outside of the shared folders are
not public, and not shared, and therefore not accessable.

Even if an Administrative User with Full Administrative Rights attempts to access an shared folder FROM another
computer on which that Administrator also has/uses the same Username and Password, that Administrative User will not
be granted full rights to the shared resources as that Administrative User would have locally. In other words, that
Administrative User will be treated like anyone else.....an 'GUEST'.....only with read and optionally write access
in regards to file and printer sharing with remote computer shares.

Finally, the handy whole-drive administrative shares such as "C$" do not work with the Simple File Sharing Model.


HKEY1952