Re: Disable NetBios over TCP/IP??

From: Bilbo Baggins (flame_bilbo@hotmail.com)
Date: 02/04/03 

From: "Bilbo Baggins" <flame_bilbo@hotmail.com>
Date: Tue, 4 Feb 2003 12:50:52 +1030

"Netmasker" <netmasker@yahoo.com> wrote in message
news:d37a0789.0301311330.46e8b2f6@posting.google.com...
> My windows 2000 SP3 server is an Active
Directory/DNS/proxy/file/print/mail
> server (but it does not run WINS) for my LAN ONLY. It has a private IP
that
> is translated to a static internet IP from a router that gives access to
the
> internet.
> With the "Enable NetBios over TCP/IP" selected my server broadcasts all of
> its shares to the internet, as I noticed when I scanned my server with
> 'grc.com' scan tool.
> Of course I can use (and I use) a firewall to protect my netbios open
ports
> but apart from the firewall what else can I do to prevent internet
invaders
> from seeing my shares?
> How expedient is it to "Disable NetBios over TCP/IP"? Will it affect my
LAN
> operation in some way??
>
> TIA

For any box that has front end (internet) access i would install two net
cards (NICs). Put your public IP on one and a private on the other and dont
allow them to forward packets between them. Then bind your services to the
relevant IPs (ie web, ftp, etc to public IP and file and print, netbios etc
to the private IP). On top of this i would then put the box behind a
firewall or perhaps router with home reflexive ACLs.
Its always better to have a number of layers of security rather relying on
just one. This way even if your router\firewall gets compromised or goes
down you still have the relative safety of having your internal services
bound only to your private, backend network.

BB

Relevant Pages

  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • Re: Firewall on a single NIC SBS2003 Standard edition
    ... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet on nodes
    ... I stopped the Firewall in SBS and could upload ... print' from both the server and a WS. ... Was not able to connect to the internet on the WS. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 NICs Configuration Problem
    ... the server as Paul envisaged it. ... gateway (to the Internet through the NIC connected to the Sonicwall DMZ ... NICs should not have default gateways configured for both. ... DMZ ports of any firewall, is an alternative path that cause great ...
    (microsoft.public.windows.server.networking)
  • Re: Collection of email
    ... server 2003), and FTP support, and a few other things as well. ... I think you are using ISA as your firewall. ... I don't think you have that option, though is your internet connection ...
    (microsoft.public.inetserver.iis.smtp_nntp)