|Posted on May 23, 2010 at 12:10 PM|
First Published by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer: December 19, 2004
Revised and updated: May 23, 2010
No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 4: Securing Your Network Configuration or Home LAN Security.
It's not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.
Please take note that the following information and instructions are provided for single (private) computers, and private home-based Local Area Networks (LANs), not for commercial/business networks, nor for Microsoft legacy operating systems prior to Windows XP/Server 2003. This document is provided "AS-IS" without warranty, and confers no rights.
Why Disable NetBIOS?
NetBIOS (Network Basic Input-Output System) is a set of software interfaces that can allow the sharing of files or folders across a network with other hosts (computers) through Windows Network Shares. Developed in the 1980's, and brought forwards through all of Microsoft's operating systems up to and including Windows XP and Server 2003. It does not exist as such in Windows Vista and beyond due to security concerns. The Common Internet File System is the tool of NetBIOS. This permits a host to use remote files on another PC as if it was on their own computer. This makes NetBIOS a threat to individual privacy and security on the Internet for users of XP/Server 2003 operating systems. It can leave your PC open and vulnerable to anonymous logons, remote Registry accesses, and remote procedure calls, all from total strangers.
The importance to securing your home network configuration is understanding what is meant by binding. Binding means that there is a shared and continuous connection between two or more network services, communications drivers, and adapters. The easiest way of seeing these relationships is to organize the various network components into sections.
The Network Services Groups section contains application and server services used by your computer: Applications for Microsoft Family Logons, Microsoft Networks, File and Printer Sharing for the Microsoft Networks.
The Communications Protocol contains protocol drivers that apply various network communication protocols: TCP/IP, PX/SPX, NetBEUI (NetBEUI is the NetBIOS Extended User Interface, a more advanced form of NetBIOS.)
The Hardware Adapter section contains the actual peripheral adapters which connect the system to the Internet: Cable/DSL Interface, Dial-Up Adapter, Local Network Interface.
With this sectioned, the parts in each network group are seperate and divorced from the components in the other groups. However, when you get your XP/Server 2003 computer for the first time, brand new, all of these parts are bound together and interconnected by default. Having this many bindings to drivers, services and protocols allows unauthorized uses of your computer online by hackers, or anyone else.
If you are not interested in file-sharing (think also of P2P) and wish to have a more secure Internet experience, what you need to do is to disable the bindings to all protocols, services and adapters except for TCP/IP bound to either the Dial-up Adapter, the DSL Adapter, Cable Interface, or the LAN Interface. You need to be the administrator of your PC to change these settings. If you are only a user on another administrator's PC (e.g. students, office workers) you will need to let your IT people know of your concerns, and wishes regarding this issue before anything can be done. Some places provide instructions for those who need them.
For safer and more secure communications, the system's TCP/IP protocol is bound only to the interfaces or adapters that have contact with the Internet. Since the various Internet-using applications like web browsers, e-mail and proxies etc, do not use or need the Microsoft Networking services, there is no need to bind them to the global Internet TCP/IP protocol.
Adapters, Protocols, and Service Bindings
What are Network Adapters for Windows?
On Windows XP/Server 2003 click on Start, Control Panel, then double-click Network Connections. In Windows Vista and Winows 7 double-click Network and Sharing Center.
This will open a window containing a list, The following Network components are installed. This list contains a certain number of lines with an icon on their left. Each of these lines represents a Network Adapter.
On Windows Vista and higher you get a window showing a simplified view of all the connections and shares used by your computer. You can change them here if you wish. For more info please refer to http://www.online-tech-tips.com/windows-7/network-and-sharing-center-windows-7-overview/
A Network Adapter is a program component that helps your computer link a Network peripheral to Windows. Here are some explanations for a few classic Network Adapters.
Network Adapter examples for Ethernet ISA or PCI cards. You have these Adapters if you have an ADSL Internet connection or if your PC is connected to a Local Area Network (LAN). (From one of my old computers.)
(icon) 3Com Etherlink 10 ISA
(icon) SN-3200 PCI Ethernet Adapter
Remote Access Card type Adapters are used for telephone modems or ADSL USB modems.
(icon) Remote Access Card
What are Network Protocols?
Using TCP/IP as an example. Transmission Control Protocol/Internet Protocol: is the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is used by all the Internet, making it the global standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.
All communications between devices require that the devices agree on the format of the data. The set of rules defining a format is called a protocol. At the very least, a communications protocol must define the following:
-- rate of transmission (in baud or bps) (pronounced as bode and bips)
-- whether transmission is to be synchronous or asynchronous
-- whether data is to be transmitted in half-duplex or full-duplex mode
In addition, protocols can include sophisticated techniques for detecting and recovering from transmission errors and for encoding and decoding data.
Communications Protocols are compatible formats for transmitting data between two devices. The protocol determines the following:
-- type of error checking to be used
-- data compression method, if any
-- how the sending device will indicate that it has finished sending a message
-- how the receiving device will indicate that it has received a message
There are a variety of standard protocols from which programmers can choose. Each has particular advantages and disadvantages. Some are simpler than others, some are more reliable, and some are faster.
From a user's point of view, the only interesting aspect about protocols is that your computer or device must support the right ones if you want to communicate with other computers. The protocol can be provided either in hardware or in software.
Service Bindings: What are they?
With many server applications, a binding is an association between a network connection point (the combination of an IP address and a port number, for example) and a network service (e.g. a mail server or web proxy). This defines the interface over which a server process will provide service to a computer. It stands to reason that in order for a service to be accessible to a computer, it must be “bound” to an interface that is available to it.
Bindings allow PCs to connect to network services, and allows the administrator to specify which service will respond to the connections, and on which interfaces and ports. Security issues are associated with providing remote access to services. Bindings therefore need to be considered a point of security control.
Are You Vulnerable to NETBIOS Problems?
Try these tools to determine your NetBIOS vulnerabilities:
Nmap: Free network exploration and security auditing utility. http://nmap.org/
NLtest - very powerful tool, included in Windows Server 2003 Support Tools which can be found on the product CD. NLtest can obtain a wealth of information about potential configuration vulnerabilities.
For Windows XP, and Windows Server 2003, the Microsoft Baseline Security Analyser will report hosts that are vulnerable to SMB exploits and may be used to fix the problem. The tests can be run locally or on remote hosts. http://technet.microsoft.com/en-us/security/cc184924.aspx
Windows XP and Windows Server 2003 users can simply type net share from the command prompt to see what resources are being shared. For more information about the net share command, type net share /? Windows Vista and Windows 7 have this feature disabled by default.
Important Note: This article contains information about changing shared resources. Before changing any shared resource, make sure you understand how to restore the resource, if a problem occurs. For information about shared resources, click on the following articles to view them in the Microsoft Knowledge Base:
Safely Block NetBIOS Ports Over TCP/IP to all Internet Traffic at the Firewall
This will prevent outside access to the contents of your hard drives via these ports whether you do file sharing or not. Block incoming and outgoing access to ports 135, 137, 138, 139, and 445 with your firewall.
ZoneAlarm does this by default when you set the Internet Zone Security level to high. The medium default security setting only blocks incoming access to NetBIOS ports, but you can manually change that to include outgoing. Remember that any setting lower than high is not recommended for use in the Internet Zone. Note that these configurations should be possible with other software and hardware firewalls. Please consult their manuals.
Disable NetBIOS Over TCP/IP By Using DHCP Server Options (for XP and Server 2003)
Author's Note: This article was published at a time when there was a dearth (not much) of understandable instructions on Home LAN Security issues. A lot more info is available now, but much of it still reads like technical manuals for starships. Hope this article helps you understand.
Best regards and always take care of your security.
Categories: Security Articles