Windows vulnerability and NetBIOS

Windows operating systems use an application called Network Basic Input Output System (NetBIOS) to accomplish many Windows Networking operations. Among other things, NetBIOS allows Windows computers to share files and printers over a local area network. Unfortunately, if you're connected to the Internet and you're also facilitating file and print sharing with NetBIOS, you may be exposed to unnecessary security risks.

NetBIOS is preconfigured to interconnect, or bind, nine components of your PC. These components reside on three layers: the network services layer, the transport layer, and the hardware layer. Because all NetBIOS components are bound together, each component is essentially connected to TCP/IP, the component that enables Internet data transmission. That means whenever you're connected to the Internet using NetBIOS, hackers can access your passwords, upload malicious code to your computer, and more (port 139).

Fortunately, you can reconfigure your NetBIOS settings to patch this security hole and you won't lose any Microsoft Networking functionality in the process. In fact, most systems do not need NetBIOS to connect to the Internet. (Please note, however, some older cable modem systems may require some components of NetBIOS to connect to the Web.)

To patch your NetBIOS security hole, reconfigure your computer so the minimum number of networking components are connected to one another, and in turn, to the TCP/IP component. Once you've reconfigured NetBIOS, your system will no longer be exposed when you're online.

Network Component Layers

Out-of-the-box, NetBIOS is configured to interconnect, or bind, nine components of your PC, which are located on three layers: the hardware layer, the transport protocol layer and the network services layer.

Network Services Layer

This layer determines who has access to what among networked computers. The components of the Network Services layer are:

• Client for Microsoft Networks, the networking application
• File and Printer Sharing for Microsoft Networks
• Microsoft Family Logon

Transport Protocol Layer

This layer communicates between components of your computer and the Internet. The components of the Transport Protocol layer are:

• Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP is a communication protocol that enables the Internet to transmit data to your computer.
• NetBEUI (NetBIOS Enhanced User Interface) is the enhanced, user-friendly version of the NetBIOS protocol.
• IPX/SPX networking protocols. Internetwork Packet Exchange (IPX) is used for connectionless communications. Sequenced Packet Exchange (SPX) sits on top of the IPX and enables connection-oriented communication between two computers on a network.

Hardware Adapter Layer

This layer is the hardware that transmits data to the Internet. The components of the Hardware Adapter layer are:

• Dial-up adapter
• Cable modem/DSL interface
• Local area network interface (if applicable)

The insecure components in the pre-configured NetBIOS are: Microsoft Networks application and file and printer sharing. Since all nine NetBIOS components--including TCP/IP--are interconnected, your data is vulnerable when you're online. Each time you're connected to the Internet with the pre-configured NetBIOS, hackers can easily access your passwords, upload malicious code to your computer and more. Your computer is exposed to any, and all, cyber-threats.

The good news is that you can re-configure your NetBIOS to patch up the security holes--and you won't lose any functionality of Microsoft Networking. The goal is to configure your computer so that the minimum number of networking components are connected to each other--and to the TCP/IP protocol. In the new NetBIOS configuration, insecure components will not be exposed, or accessible, when you're online.

Instead of nine interconnected components connected through TCP/IP, you'll re-configure NetBIOS. TCP/IP will only be connected to the dial-up adapter. The NetBEUI transport will also be connected to the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe local file and network sharing, your files will not be exposed in this configuration. The Microsoft Network application, file and print sharing and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX protocol will be removed from the networking component list.

After re-configuring the NetBIOS, you will still be able to connect to the Internet and access the LAN just like you always have. The difference in functionality happens behind the scenes. A hacker will not be able to access your entire computer when you're online, since the components that are not needed to connect online will be inaccessible.

 

Reconfigure NetBIOS on Windows XP

In Windows XP, NetBIOS is not necessary for networking unless you have NT 4.0 Workstation, Windows 2000 Pro or Windows 98 computers on your network. So, in order to close security holes, simply disable NetBIOS. Before disabling NetBIOS, you must configure TCP/IP to use WINS.

Configure TCP/IP to use WINS

If you already have TCP/IP configured to use WINS, skip to the next section: Disable NetBIOS.

1. On the Windows task bar, click Start > Control Panel > Network and Internet Connections > Network Connections or with "Classic View" engaged click Start > Control Panel > Network Connections
2. Right-click on Local Area Connection and select Properties from the menu
3. Click on the General tab
4. Select Internet Protocol (TCP/IP) from the Components list
5. Click Properties
6. Click Advanced in the Internet Protocols (TCP/IP) Properties window
7. Click on the WINS tab
8. Click Add
9. Type the IP Address of the WINS Server
10. Click Add
11. Click OK to close the Advanced TCP/IP Settings window
12. Click OK to close the Internet Protocol (TCP/IP)) Properties window
13. Click OK to close the Local Area Connection Properties window

Disable NetBIOS

1. On the Windows task bar, click Start > Control Panel > Network and Internet Connections > Network Connections or with "Classic View" engaged click Start > Control Panel > Network Connections
2. Right-click on Local Area Connection and select Properties from the menu
3. Click on the General tab
4. Select Internet Protocol (TCP/IP) from the Components list
5. Click Properties
6. Click Advanced in the Internet Protocols (TCP/IP) Properties window
7. Click on the WINS tab
8. Select Disable NetBIOS over TCP/IP
9. Click OK to close the Advanced TCP/IP Settings window
10. Click OK to close the Internet Protocol (TCP/IP)) Properties window
11. Click OK to close the Local Area Connection Properties window