Frequently Security Question on Network (ONE)-NetBIOS Applied Vulnerability



NetBIOS,Network Basic Input Output System is a kind of input system on network. NetBIOS' main function is to let users share resource through network. Windows system's neighbor and Unix system's Samba both belong to NetBIOS, and generally we call them Neighbor. In 1985, IBM began to use Domain Zone of NetBIOS and Microsoft produced "Windows For Workgroups" operation system that adapt the suitable Window system's NetBIOS. Neighbor created a new time that the users could share their resource in Domain Zone and it only needed a few information of system to reach high transmission efficiently.

Although at present, there is no standard to check the vulnerability assessment. However, to American information security administration, they do have their own rule of thumbs to inspect the system, but those rule of thumbs are not real "criterions" or regulations on document. In Taiwan, because there is no related official information for assessment, only one function would be compared. (There is no doubt that simple comparison is helpful for selling but is not good for information security's improvement. If this comparison continues, it would have bad effect for development of information security in Taiwan.

The users could use the same printer, share their information and so on in their Domain Zone through NetBIOS, because NetBIOS could provide these services to save manpower, material resources and system resources. Hence, NetBIOS need opening 139 and 445 ports to work. Some hackers could use these ports to attack the users' workstation due to managers are worried about using neighbor. In May of this year, the 445 port be opened and caused Sasser Worm's dangerous from bad to worse.

DragonSoft Security Team suggests that the managers should set up security Mechanism with firewall or other related security tools to protect the users' data before patch the vulnerability.

Frequently NetBIOS Security Question on Workstation:

1.Use tools to search shared resources:
  1. "SAM of tool of improving authority" could improve the general user's authority (for example, a hacker) to become a system manager but the real system manager could not find out.
  2. "NetBrute Scanner" could scan the shared resources of Windows of the hosts on domain.
    These tools are used frequently but the users' might not know that their workstations are invaded by backdoor.
Use PQwak to crack password:
    The hackers use neighbor to crack identification and password. After cracking password, the hackers could read shared information. This is a problem of shared resource.
Measures of Preventing NetBIOS to attack
  1. Change your identification and password regularly.
  2. Use TCP/IP to decide which ports belong to illegal connection
  3. Use IPSec Security Policy to block 139 and 445 ports
  4. Use firewall to set up which ports could be accept
  5. Patch vulnerability and set up program for NetBIOS
  6. Cease the services of NetBIOS
DSS User's Solution DragonSoft Secure Scanner users could select the security policy of "neighbor" to examine NetBIOS, understand the situation of each shared resource in their system, the situation of identification which be used and security suggestions of vulnerability.
  1. Open security policy
  2. Select the security policy of "neighbor"
  3. Input "examine host"
About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.