Feb 26
2014

How to execute NetBIOS with extreme prejudice…

extreme prejudiceFact, there is a legacy protocol that comes enabled out of the box in every version of Windows I know of in use, and it’s called NetBIOS.  To me it is dangerous protocol because it divulges too much information to the bad guys.

If you’re running Internet Protocol version 4 (IPv4), then you probably have it enabled.  The good thing is Internet Protocol version 6 (IPv6: the latest) doesn’t have NetBIOS but the bad news is… both IPv4 and IPv6 on Windows computers come enabled.  For this reason this guide tells you about NetBIOS and how to disable it in IPv4.

See, Microsoft focuses (like most manufacturers) on making everything work, so they end up leaving crap like this turned on that 99% of us will never use.  It’s up to us to educate ourselves, test turning stuff like this off, and learn that we can live without it.  That process is called host hardening as it makes it harder for attackers to get in.

Why should disable NetBIOS?

1. When used with the default settings your computer comes with, it can be used by bad guys to help gather information about your computer.  I know this first hand because as a good guy I taught penetration testing  for a number of years where with programs that would interrogate NetBIOS to give us information about our network and users.

2. It is a rather noisy protocol that is creates a lot of overhead noise on your network, thus taking up more resources and slowing it down.  Don’t believe me, ask one of those geeky hard core guys at work that spends all day sitting in the network closet… 9 out of 10 will agree and the final one that doesn’t agree probably is chemically imbalanced.

For home users I recommend to simply disable this protocol as it won’t affect anything if you are running newer operating systems like Windows 7 and up.

Here’s how you disable NetBIOS in a Windows 7 machine.

  1. Click “Start“, point and click on “Control Panel“.start control panel
  2. Select View by: “Large icons” so you may see the same thing I see.large icons
  3. Then in the control pane find (you may have to scroll) and Click “Network and Sharing Center“.Network and Sharing Center
  4. In the right pane click “Change your adapter settings“.change adapter settings
  5. Right Click on your “Local Area Network” and select “Properties”.network properties
  6. Under “This Connection uses the following items:” click on “Internet Protocol Version 4 (TCP/IPv4)“.IPv4
  7. With “Internet Protocol Version 4 (TCP/IPv4)” highlighted select “Properties” command button.IPv4 Properties
  8. Click on the “Advanced…” command button.Advanced IP
  9. Click on the “WINS” tab.wins
  10. In the “NetBIOS setting” section select “Disable NetBIOS over TCP/IP“.disableNetBIOS
  11. Click on the “OK” command button.OK disableNetBIOS
  12. Click on the “OK” command button.OK Advanced IP
  13. Click “CloseClose IPv4
  14. Close out of your network connection window if you only have 1 network card.  If you have more than 1 network card repeat steps 5 – 13 as you’ll need to do this for every adapter including your wired and wireless.

If you are worried about it, disable NetBIOS and do some testing. Don’t change anything else until you’ve fully tested and if you find something wrong then you can always enable it.

In a work place I would recommend you test this disabling the NetBIOS setting on a few computers and expanding it out to more over time.  I have run into a problem with authentication years ago when we tried to disable the NetBIOS protocol on client computers where certain users couldn’t login to a domain.

We then made some changes and now we have no problem disabling NetBIOS. Other professionals have claimed to have trust issues with legacy Active Directory (AD) environments that utilize Windows 2000/2003 trusts.  Trusts are also bad too, especially if you are using it on legacy operating systems like Windows 2000 and 2003.

If you actually took the time to realize NetBIOS is needed on old butt computers like Windows 98 or XP to allow you to browse the network neighborhood… again it’s time to upgrade to Linux Mint on that old computer or buy new hardware if you can’t run Mint.

This entry was posted in Security Tutorials, Windows, Windows 7 and tagged , , , , , , , , , , . Bookmark the permalink.