B
Bluddyhun
According to the SANS GIAC website, recently the majority of illicit
connection attempts have been aimed at the 'attack surfaces' (as microsoft
refers to it) created by smb on port 445 and the old netbios ports 139, 137
etc. Although blocking these connection attempts (say, with a packet
filtering router) is good, most of the "How-to-harden-windows" webpages,
including the one on MS itself I believe, also recommend terminating the
services themselves IF the services are not required. Since my system is a
standalone, home system that never will be part of anybodies
domain//tree//forest//garden//weedpatch, why wouldn't I want to disable
these services, in addition to blocking the connection attempts at the
router? It seems like a win-win proposition, smaller attack surface and
freed-up resources.
connection attempts have been aimed at the 'attack surfaces' (as microsoft
refers to it) created by smb on port 445 and the old netbios ports 139, 137
etc. Although blocking these connection attempts (say, with a packet
filtering router) is good, most of the "How-to-harden-windows" webpages,
including the one on MS itself I believe, also recommend terminating the
services themselves IF the services are not required. Since my system is a
standalone, home system that never will be part of anybodies
domain//tree//forest//garden//weedpatch, why wouldn't I want to disable
these services, in addition to blocking the connection attempts at the
router? It seems like a win-win proposition, smaller attack surface and
freed-up resources.