Windows vulnerability and NetBIOS
Windows
operating systems use an application called Network Basic Input Output System
(NetBIOS) to accomplish many Windows Networking operations. Among other things,
NetBIOS allows Windows computers to share files and printers over a local area
network. Unfortunately, if you're connected to the Internet and you're also
facilitating file and print sharing with NetBIOS, you may be exposed to
unnecessary security risks.
NetBIOS
is preconfigured to interconnect, or bind, nine components of your PC. These
components reside on three layers: the network
services layer, the transport
layer, and the hardware
layer. Because all NetBIOS components are bound together, each component is
essentially connected to TCP/IP, the component that enables Internet data
transmission. That means whenever you're connected to the Internet using
NetBIOS, hackers can access your passwords, upload malicious code to your
computer, and more (port 139).
Fortunately,
you can reconfigure
your NetBIOS settings to patch this security hole and you won't lose any
Microsoft Networking functionality in the process. In fact, most systems do not
need NetBIOS to connect to the Internet. (Please note, however, some older
cable modem systems may require some components of NetBIOS to connect to the
Web.)
To
patch your NetBIOS security hole, reconfigure your computer so the minimum
number of networking components are connected to one another, and in turn, to
the TCP/IP component. Once you've reconfigured NetBIOS, your system will no
longer be exposed when you're online.
Network Component Layers
Out-of-the-box,
NetBIOS is configured to interconnect, or bind, nine components of your PC,
which are located on three layers: the hardware layer, the transport protocol
layer and the network services layer.
This layer determines who has access
to what among networked computers. The components of the Network Services layer
are:
This layer communicates between
components of your computer and the Internet. The components of the Transport
Protocol layer are:
This layer is the hardware that
transmits data to the Internet. The components of the Hardware Adapter layer
are:
The insecure components in the
pre-configured NetBIOS are: Microsoft Networks application and file and printer
sharing. Since all nine NetBIOS components--including TCP/IP--are
interconnected, your data is vulnerable when you're online. Each time you're
connected to the Internet with the pre-configured NetBIOS, hackers can easily
access your passwords, upload malicious code to your computer and more. Your
computer is exposed to any, and all, cyber-threats.
The good news is that you can
re-configure your NetBIOS to patch up the security holes--and you won't lose
any functionality of Microsoft Networking. The goal is to configure your
computer so that the minimum number of networking components are connected to
each other--and to the TCP/IP protocol. In the new NetBIOS configuration,
insecure components will not be exposed, or accessible, when you're online.
Instead of nine interconnected
components connected through TCP/IP, you'll re-configure NetBIOS. TCP/IP will
only be connected to the dial-up adapter. The NetBEUI transport will also be
connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides
safe local file and network sharing, your files will not be exposed in this
configuration. The Microsoft Network application, file and print sharing and
Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol
will be removed from the networking component list.
After re-configuring the NetBIOS,
you will still be able to connect to the Internet and access the LAN just like
you always have. The difference in functionality happens behind the scenes. A
hacker will not be able to access your entire computer when you're online,
since the components that are not needed to connect online will be
inaccessible.
Reconfigure NetBIOS on Windows XP
In
Windows XP, NetBIOS is not necessary for networking unless you have NT 4.0
Workstation, Windows 2000 Pro or Windows 98 computers on your network. So, in
order to close security holes, simply disable NetBIOS. Before disabling
NetBIOS, you must configure TCP/IP to use WINS.
Configure TCP/IP to use WINS
If
you already have TCP/IP configured to use WINS, skip to the next section: Disable
NetBIOS.