Security Basics mailing list archives
RE: Desktops - is disabling TCP/445 or TCP/139 more secure?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 20 Jun 2006 15:11:31 -0700
CIFS (445) was designed based, at least partly, on experience with NetBIOS. As I understood it, part of the motivation for using a new port number was to avoid needing to design in backward compatibility to vulnerabilities in the NetBIOS design. So if you're looking to maximize security by only permitting one, 445 should be it. I would also, however: (a) not permit either protocol past your perimeter, and (b) require IPSEC for access to this service. David Gillett
-----Original Message----- From: Thor Ryan [mailto:thorman () mac com] Sent: Tuesday, June 20, 2006 12:38 AM To: SECURITY-BASICS () securityfocus com Subject: Desktops - is disabling TCP/445 or TCP/139 more secure? This is my first post, please let me know if it's not basic enough. We have implemented Host Based Intrusion Prevention software (Cisco Security Agent), and a debate is raging - should we deny TCP/445 traffic so SMB traffic defaults to NetBIOS over TCP/IP, should we disable NetBIOS overt TCP/IP and only allow TCP/445 traffic, or just let both exist on the network? Some admins have said that TCP/445 scans are mounting, and that denying TCP/445 is more secure. Others say denying NetBIOS over TCP/ IP (TCP/137-139) is more secure. To me, a socket is a socket, what matters is the service listening on the particular port. Is TCP/445 more secure than NetBIOS, or the other way around? I've Googled, but not found anything helpful until I stumbled on this list. Thanks! Thor
Current thread:
- Desktops - is disabling TCP/445 or TCP/139 more secure? Thor Ryan (Jun 20)
- Re: Desktops - is disabling TCP/445 or TCP/139 more secure? Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? David Gillett (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Thor & Sue Ryan (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)