Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Netbios protocol through PIX firewall

How secure is to allow netbios protocol through PIX firewall

Hall of Fame Super Blue

Re: Netbios protocol through PIX firewall


It's really not a good idea to allow netbios through any firewall. The trouble with these ports is that they perform multiple functions for the w2k operating system and as such are very difficult to lock down. In addition you end up having to allow access to port 135 the DCE Endpoint mapper which again is really not a good idea. Many virus's etc. will use these standard ports to propogate if they are available.

If you have to allow them through then i would look at the following options to secure them - which one applies is down to your requirements

1) Site to Site VPN - if you need to give access to a whole site or a number of users from a site.

2) client VPN - for individual users

3) SSL VPN's - for individual users.

Be aware that you are really using 1 & 2 at least to verify the third party rather than secure agianst the traffic ie if the client PC you are allowing to VPN to you has a virus already on it the firewall can do little to stop it. That's where IPS/IDS etc. comes in.



CreatePlease login to create content