NBT vs SMB - security

  • Thread starter Thread starter Gary
  • Start date Start date
G

Gary

Microsoft advise that NBT (NetBIOS over TCP) and SMB (445)
should be disabled on machines that are in less protected
networks. I have a network which has a firewall permiting
only web access to a web server behind it. I would like to
also disable NBT and SMB on this machine to limit attack
vectors. However the web server needs to be able to access
a file share on another adjacent machine so this will not
be possible? If I were to disable one of these transports
over the other which one is more secure?
 
Since you don't need it on your web server, uninstall file and print sharing and
disable netbios over tcp/ip. You can still access the share on the other computer but
will not be able to browse for it in Network Places, however you can map a drive or
create a shortcut to it using unc as in \\servername\share or even by local IP
address as on \\xxx.xxx.xxx.xxx\sharename as long as Client for Microsoft Networks is
enabled. Just in case you have not read about the IIS Lockdown tool, you will want
to run that on your server also ONLY after a full backup including the System State
and backing up IIS configuration via the IIS Management Console. --- Steve

http://www.microsoft.com/technet/security/tools/locktool.mspx
 
Back
Top