NetBIOS Over TCP/IP Protocol Disable or NetBIOS Information Retrieval Vulnerability

on

 How to disable Disable NetBIOS Over TCP/IP Protocol or How to close NetBIOS Over TCP/IP vulnerability 







Impact: If NetBIOS is enabled and open to the outside, attackers may try to reach shared directories and files. This also gives sensitive information to the attacker such as the computer name, domain, or workgroup.


Understand first what is this and why this is used


The primary purpose of NetBIOS is to allow applications on separate computers to communicate and establish sessions to access shared resources, such as files and printers, and to find each other over a local area network (LAN)


It is also recommended to disable NetBIOS over TCP/IP to improve network performance.


There are two ways to disable NetBIOS Over TCP/IP


First : Manually disable NetBIOS on Windows as follows



(1) Open network connection properties

(2) Select TCP/IPv4 and open its properties

(3) Click Advanced, then go to WINS tab and select Disable NetBIOS over TCP

(4) Save the changes.





If you have multiple network adapters (or VLANs) on your computer, you will need to disable NetBIOS in the properties of each of them.


Second : Disable NetBIOS Over TCP/IP via Group Policy 



There is no separate GPO option that allows to disable NetBIOS over TCP/IP for all network adapters in Group Policy Editor or the latest version of Administrative Templates



Use the following PowerShell logon script to completely disable NetBIOS for all network adapters





$regkey = "HKLM:SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces"
Get-ChildItem $regkey |foreach { Set-ItemProperty -Path "$regkey\$($_.pschildname)" -Name NetbiosOptions -Value 2 -Verbose}




Save this code to NetBIOS.ps1 file, copy it to your GPO directory and run on clients via


 Computer Configuration -> Policies -> Windows Settings -> Scripts -> Startup- > PowerShell Scripts





Click on Add button and add your script.






Open a command prompt and run the following command to check that NetBIOS is disabled for your network adapters (except for tunnel interfaces):


wmic nicconfig get caption,index,TcpipNetbiosOptions






Value 2 means it is disabled




If you enjoyed this article, follow and share it with your friends and colleagues!!!!!!!!!!! 👍


Posted By : Kamlesh Gaur









Comments

Post a Comment