RE: Desktops - is disabling TCP/445 or TCP/139 more secure?

[Thor & Sue Ryan <thorman () mac com>]

Will do, I'm compiling a report on the issue for our enterprise security group and will post a link to the doc when its 
done.

If anyone else has info to share on the security risks/strengths of these ports, please let me know.  

Thor
 
On Tuesday, June 20, 2006, at 04:57PM, Roger A. Grimes <roger () banneretcs com> wrote:

> This is a great question and one that I think you should report the
> results on. In my past experience, there are some services that
> absolutely want to use port 139, so blocking it caused multiple
> problems. I suspect that is still the case today, however, I haven't
> tested it in 2 years, so maybe patches, apps, and services can always
> use 445 now.
>
> Please report on what you find.
>
>
> > -----Original Message-----
> > From: Thor Ryan [mailto:thorman () mac com]
> > Sent: Tuesday, June 20, 2006 12:38 AM
> > To: SECURITY-BASICS () securityfocus com
> > Subject: Desktops - is disabling TCP/445 or TCP/139 more secure?
> >
> > This is my first post, please let me know if it's not basic enough.
> >
> > We have implemented Host Based Intrusion Prevention software (Cisco 
> > Security Agent), and a debate is raging - should we deny TCP/445 
> > traffic so SMB traffic defaults to NetBIOS over TCP/IP, should we 
> > disable NetBIOS overt TCP/IP and only allow
> > TCP/445 traffic, or just let both exist on the network?
> >
> > Some admins have said that TCP/445 scans are mounting, and that 
> > denying TCP/445 is more secure.  Others say denying NetBIOS over TCP/ 
> > IP (TCP/137-139) is more secure.
> >
> > To me, a socket is a socket, what matters is the service listening on 
> > the particular port.  Is TCP/445 more secure than NetBIOS, or the 
> > other way around?  I've Googled, but not found anything helpful until 
> > I stumbled on this list.  Thanks!
> >
> > Thor