Problem solve Get help with specific problems with your technologies, process and projects.

Avoiding NetBIOS attacks without limiting remote access

I just read your article on blocking NetBIOS connections to Windows XP Pro. It seems like a good way to avoid NetBIOS attacks, but I have a couple of doubts:

  • If I'm going to block all NetBIOS and CIFS traffic, wouldn't it be better to remove the server service? It would be easier, and it would reduce the running processes in the workstation (no server, no filter).
  • If I put any of these measures in practice, I would block my ability to manage the workstation remotely, right?
  • Thanks in advance for your attention.
    You are correct, which is why I suggested double checking with members of your administrative staff before implementing such a policy. Disabling the Server Service would also block all NetBIOS traffic, but using an IPsec policy would potentially allow you to create "exception lists" that would permit the IP addresses of your administrative workstation to manage your workstations remotely, while still denying other access.

    Dig Deeper on Enterprise infrastructure management

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.