NT Gatekeeper: Disabling NetBIOS

Articles and white papers about how to harden a Windows NT platform typically tell you to disable the support for the NetBIOS network protocol on network interfaces connected to the Internet. Why is disabling this protocol so important? How do I disable it?

Microsoft file and print services and common Microsoft administration programs typically use NetBIOS. Security specialists often recommend disabling NetBIOS on network interfaces connected to the Internet to stop Internet users from accessing those services and programs. Another reason relates to two protocols that NetBIOS can use. NetBIOS can run over TCP/IP, which is called NetBIOS over TCP/IP (NetBT). NetBIOS can also run over NetBEUI. Unlike TCP/IP, NetBEUI is a broadcast protocol. Broadcast protocols are hard to control in compartmentalized network infrastructures that consist of different security zones.

In NT 4.0, you can't differentiate between disabling NetBT completely or just disabling the TCP/IP portion of NetBT, so security specialists recommend that you fully disable NetBIOS on network interfaces connected to the Internet. To do so on an NT 4.0 machine, open the Control Panel Network applet. Select the Bindings tab. In the Show Bindings for drop-down list, select all adapters. Select the adapter that's connected to the Internet and expand it. Select WINS Client (TCP/IP) and click Disable. After you reboot your machine, all NetBIOS communication on this interface will be disabled.