Security Basics mailing list archives
Desktops - is disabling TCP/445 or TCP/139 more secure?
From: Thor Ryan <thorman () mac com>
Date: Mon, 19 Jun 2006 23:37:58 -0800
This is my first post, please let me know if it's not basic enough.We have implemented Host Based Intrusion Prevention software (Cisco Security Agent), and a debate is raging - should we deny TCP/445 traffic so SMB traffic defaults to NetBIOS over TCP/IP, should we disable NetBIOS overt TCP/IP and only allow TCP/445 traffic, or just let both exist on the network?
Some admins have said that TCP/445 scans are mounting, and that denying TCP/445 is more secure. Others say denying NetBIOS over TCP/ IP (TCP/137-139) is more secure.
To me, a socket is a socket, what matters is the service listening on the particular port. Is TCP/445 more secure than NetBIOS, or the other way around? I've Googled, but not found anything helpful until I stumbled on this list. Thanks!
Thor
Current thread:
- Desktops - is disabling TCP/445 or TCP/139 more secure? Thor Ryan (Jun 20)
- Re: Desktops - is disabling TCP/445 or TCP/139 more secure? Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? David Gillett (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Thor & Sue Ryan (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)