Security Basics mailing list archives
RE: Desktops - is disabling TCP/445 or TCP/139 more secure?
From: Thor & Sue Ryan <thorman () mac com>
Date: Tue, 20 Jun 2006 21:25:05 -0800
Will do, I'm compiling a report on the issue for our enterprise security group and will post a link to the doc when its done. If anyone else has info to share on the security risks/strengths of these ports, please let me know. Thor On Tuesday, June 20, 2006, at 04:57PM, Roger A. Grimes <roger () banneretcs com> wrote:
This is a great question and one that I think you should report the results on. In my past experience, there are some services that absolutely want to use port 139, so blocking it caused multiple problems. I suspect that is still the case today, however, I haven't tested it in 2 years, so maybe patches, apps, and services can always use 445 now. Please report on what you find.-----Original Message----- From: Thor Ryan [mailto:thorman () mac com] Sent: Tuesday, June 20, 2006 12:38 AM To: SECURITY-BASICS () securityfocus com Subject: Desktops - is disabling TCP/445 or TCP/139 more secure? This is my first post, please let me know if it's not basic enough. We have implemented Host Based Intrusion Prevention software (Cisco Security Agent), and a debate is raging - should we deny TCP/445 traffic so SMB traffic defaults to NetBIOS over TCP/IP, should we disable NetBIOS overt TCP/IP and only allow TCP/445 traffic, or just let both exist on the network? Some admins have said that TCP/445 scans are mounting, and that denying TCP/445 is more secure. Others say denying NetBIOS over TCP/ IP (TCP/137-139) is more secure. To me, a socket is a socket, what matters is the service listening on the particular port. Is TCP/445 more secure than NetBIOS, or the other way around? I've Googled, but not found anything helpful until I stumbled on this list. Thanks! Thor
Current thread:
- Desktops - is disabling TCP/445 or TCP/139 more secure? Thor Ryan (Jun 20)
- Re: Desktops - is disabling TCP/445 or TCP/139 more secure? Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? David Gillett (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Thor & Sue Ryan (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)