Re: NetBIOS name resoultion problem
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 07/02/04
- Next message: Herb Martin: "Re: Different DNS and AD domain structures"
- Previous message: Ace Fekay [MVP]: "Re: NetBIOS name resoultion problem"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: NetBIOS name resoultion problem"
- Next in thread: Ace Fekay [MVP]: "Re: NetBIOS name resoultion problem"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Jul 2004 21:58:50 -0400
In news:2499201c45fba$f3e3e0d0$a301280a@phx.gbl,
anonymous@discussions.microsoft.com in <anonymous@discussions.microsoft.com>
posted their thoughts, then I offered mine
> According to our company security team, SMB Ports and
> Netbios ports needs to be blocked as most of hacker
> attached are performed as open ports such as these.
>
> Even after disabling Netbios port, all workstation are
> able to connect to this server, which is Active directory,
> domain controller, but another server on our network lost
> connection to this server.
>
> Thanks for your help.
I can understand blocking NetBIOS from the Internet, which I do myself as
well, as do many others. AD doesn't use NetBIOS for domain communication
functionality, but other apps do. Assuming your security team has an awesome
firewall and/or ISA or Proxy server in place blocking everything from the
outside world, turning off NetBIOS and SMB internally will harm
productivity, since I bet many folks probably rely on Network Neighborhood,
which will not function, and UNC shares using NetBIOS will also not
function. Weighing the security advantages compared to functionality and
productivity, I would keep NetBIOS and SMB enabled and let the firewall
protect the network. An inside intruder will, as Kevin said, if determined,
doesn';t matter what you turn off, can still phish for stuff. I do it all
the time to test things ...
-- Regards, Ace Please direct all replies ONLY to the Microsoft public newsgroup so all can benefit. This posting is provided "AS-IS" with no warranties and confers no rights. Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: Herb Martin: "Re: Different DNS and AD domain structures"
- Previous message: Ace Fekay [MVP]: "Re: NetBIOS name resoultion problem"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: NetBIOS name resoultion problem"
- Next in thread: Ace Fekay [MVP]: "Re: NetBIOS name resoultion problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
