Netbios protocol through PIX firewall

Unanswered Question
Feb 3rd, 2007

How secure is to allow netbios protocol through PIX firewall

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 02/04/2007 - 03:27

Hi

It's really not a good idea to allow netbios through any firewall. The trouble with these ports is that they perform multiple functions for the w2k operating system and as such are very difficult to lock down. In addition you end up having to allow access to port 135 the DCE Endpoint mapper which again is really not a good idea. Many virus's etc. will use these standard ports to propogate if they are available.

If you have to allow them through then i would look at the following options to secure them - which one applies is down to your requirements

1) Site to Site VPN - if you need to give access to a whole site or a number of users from a site.

2) client VPN - for individual users

3) SSL VPN's - for individual users.

Be aware that you are really using 1 & 2 at least to verify the third party rather than secure agianst the traffic ie if the client PC you are allowing to VPN to you has a virus already on it the firewall can do little to stop it. That's where IPS/IDS etc. comes in.

HTH

Jon

Actions

This Discussion