Disabling NetBIOS

Unless you purposely wish to host files in a Microsoft Network for other users to access, edit, remove, rename etc (depending on rights set), or share your printing services, then NetBIOS is really not for you.

It is important to disable the NetBIOS from within your windows operating system, from a security stance, if you don’t wish to share your resources. Not doing this will leave your computer (or more directly any shared files or printers located within) open to remote manipulation

At this point you may be thinking, big wow, someone can see a few files on my computer, like I care. You would be entitled to your opinion but I believe many more people would be really annoyed to find out the computer had basically been turned into a file/printer server for the uses of any Dick, Tom or Harry.

Special care should be taken if relocating your computer from a home/personal network to another network (e.g. university halls network) to disable NetBIOS. Failure to do so means every other node on your subnet will inherit the same rights that you’re other personally networked computers did when you were at home. This mean means that hundreds of computers have to potential to gain direct access to your shared files and printers.

Research into this field showed and surprised me at how many computer users simply just forget or don’t know that their computer was offering out files freely to anyone who comes calling. With the right tools and knowledge (readily available online) it can take only a few minutes to identify a computer openly serving many gigabytes of personal files, audio , video , images, ISO images, etc.

Enough rambling, it’s time for action. I find the following simple rule of thumb to knowing whether or not you should turn off your NetBIOS capabilities useful :-

if (I want to share my personal files/printers) {
Action = Don’t disable NetBIOS
}
else {
Action = Disable NetBIOS
}


So how do you disable NetBIOS on your computer? Many forums/sites recommend you block ports 135 to 139 on your firewall; thus disabling any possible use of NetBIOS. I certainly agree that a good firewall with the correctly blocked ports adds good secondary security coverage to NetBIOS but it’s by no means what your primary defence against NetBIOS should be.

The best/primary course of action to disable NetBIOS is simply uninstalling the “File & Printer Sharing for Microsoft Networks” component from any network connections you wish to protect. The File & Printer Sharing component, bonded to a network connection, is the program which serves your resources (files, printers) out to the rest of the world.

On my personal Windows XP computer when I had the “File & Printer Sharing for Microsoft Networks” component installed and bonded to a network connection I received the following responses on probing my NetBIOS resources : -


There are no entries in the list.


and when sharing a folder I received …


Shared resources at xxx.xxx.xxx.xxx

Share name Type Used as Comment
-----------------------------------
Documents Disk



This clearly shows that my computer is indeed serving NetBIOS requests, whether or not I’m actually sharing any folders. Now let’s compare those responses to the ones I received after uninstalling the File & Printer Sharing component : -

Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator.

The above response confirms that my computer has now stopped serving NetBIOS requests, thus removing any chance of remote access (via NetBIOS) to any shared folders I may or may not have.

Footnotes: -

  • To remove the “File & Printer Sharing for Microsoft Networks” component from a network connection simply navigate to “Network Connections” , highlight the network connection you wish to uninstall the component from and select properties (from the right click menu). Once the properties window appears click “File & Printer Sharing for Microsoft Networks” from the item box and click uninstall.
  • The “Client for Microsoft Networks” component provides the facility for your computer to use resources located on remote machines. This doesn’t need to be uninstalled in the context of NetBIOS security.