Improving Web Application Security: Threats and - CGISecurity

Chapter 16: Securing Your Web Server 441For information about how to harden the TCP/IP stack see “How To: Harden theTCP/IP Stack” in the “How To” section of this guide.Disable NetBIOS and SMBDisable all unnecessary protocols, including NetBIOS and SMB. Web servers do notrequire NetBIOS or SMB on their Internet-facing network interface cards (NICs).Disable these protocols to counter the threat of host enumeration.Note The SMB protocol can return rich information about a computer to unauthenticated usersover a Null session. You can block null sessions by setting the RestrictAnonymous registry key asdescribed in “Step 9. Registry.”Disabling NetBIOSNetBIOS uses the following ports:● TCP and User Datagram Protocol (UDP) port 137 (NetBIOS name service)● TCP and UDP port 138 (NetBIOS datagram service)● TCP and UDP port 139 (NetBIOS session service)Disabling NetBIOS is not sufficient to prevent SMB communication because if astandard NetBIOS port is unavailable, SMB uses TCP port 445. (This port is referredto as the SMB Direct Host.) As a result, you must take steps to disable NetBIOS andSMB separately. To disable NetBIOS over TCP/IPNote This procedure disables the Nbt.sys driver and requires that you restart the system.1. Right-click My Computer on the desktop, and click Manage.2. Expand System Tools, and select Device Manager.3. Right-click Device Manager, point to View, and click Show hidden devices.4. Expand Non-Plug and Play Drivers.5. Right-click NetBios over Tcpip, and click Disable.This disables the NetBIOS direct host listener on TCP 445 and UDP 445.Disabling SMBSMB uses the following ports:● TCP port 139● TCP port 445To disable SMB, use the TCP/IP properties dialog box in your Local AreaConnection properties to unbind SMB from the Internet-facing port.