Windows vulnerability and NetBIOS
Windows operating systems use an application called Network Basic Input Output System (NetBIOS) to accomplish many Windows Networking operations. Among other things, NetBIOS allows Windows computers to share files and printers over a local area network. Unfortunately, if you're connected to the Internet and you're also facilitating file and print sharing with NetBIOS, you may be exposed to unnecessary security risks.
NetBIOS is preconfigured to interconnect, or bind, nine components of your PC. These components reside on three layers: the network services layer, the transport layer, and the hardware layer. Because all NetBIOS components are bound together, each component is essentially connected to TCP/IP, the component that enables Internet data transmission. That means whenever you're connected to the Internet using NetBIOS, hackers can access your passwords, upload malicious code to your computer, and more (port 139).
Fortunately, you can reconfigure your NetBIOS settings to patch this security hole and you won't lose any Microsoft Networking functionality in the process. In fact, most systems do not need NetBIOS to connect to the Internet. (Please note, however, some older cable modem systems may require some components of NetBIOS to connect to the Web.)
To patch your NetBIOS security hole, reconfigure your computer so the minimum number of networking components are connected to one another, and in turn, to the TCP/IP component. Once you've reconfigured NetBIOS, your system will no longer be exposed when you're online.
Network Component Layers
Out-of-the-box, NetBIOS is configured to interconnect, or bind, nine components of your PC, which are located on three layers: the hardware layer, the transport protocol layer and the network services layer.
This layer determines who has access to what among networked computers. The components of the Network Services layer are:
This layer communicates between components of your computer and the Internet. The components of the Transport Protocol layer are:
This layer is the hardware that transmits data to the Internet. The components of the Hardware Adapter layer are:
The insecure components in the pre-configured NetBIOS are: Microsoft Networks application and file and printer sharing. Since all nine NetBIOS components--including TCP/IP--are interconnected, your data is vulnerable when you're online. Each time you're connected to the Internet with the pre-configured NetBIOS, hackers can easily access your passwords, upload malicious code to your computer and more. Your computer is exposed to any, and all, cyber-threats.
The good news is that you can re-configure your NetBIOS to patch up the security holes--and you won't lose any functionality of Microsoft Networking. The goal is to configure your computer so that the minimum number of networking components are connected to each other--and to the TCP/IP protocol. In the new NetBIOS configuration, insecure components will not be exposed, or accessible, when you're online.
Instead of nine interconnected components connected through TCP/IP, you'll re-configure NetBIOS. TCP/IP will only be connected to the dial-up adapter. The NetBEUI transport will also be connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe local file and network sharing, your files will not be exposed in this configuration. The Microsoft Network application, file and print sharing and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol will be removed from the networking component list.
After re-configuring the NetBIOS, you will still be able to connect to the Internet and access the LAN just like you always have. The difference in functionality happens behind the scenes. A hacker will not be able to access your entire computer when you're online, since the components that are not needed to connect online will be inaccessible.
Reconfigure NetBIOS on Windows XP
In Windows XP, NetBIOS is not necessary for networking unless you have NT 4.0 Workstation, Windows 2000 Pro or Windows 98 computers on your network. So, in order to close security holes, simply disable NetBIOS. Before disabling NetBIOS, you must configure TCP/IP to use WINS.
Configure TCP/IP to use WINS
If you already have TCP/IP configured to use WINS, skip to the next section: Disable NetBIOS.