Is it secure for a firewall to allow NetBIOS connections from the internal network to the DMZ?
- If not secure, what are the risks?
- If secure, what is the FUD about and what are the counterarguments?
Asked
Active
Viewed 1,165 times
1 Answers
10
No. Typically you don't want your servers where they trust any other systems because that means they could compromise the DMZ server and tunnel using that trusted relationship. That means no domains, etc. Therefore, NetBIOS is not exactly useful since there are no trusts. Also, by the very nature of a system being in a DMZ the recommendation is:
- Uninstall what you don't need
- Disable it if you can't uninstall it
This goes for services, users, protocols, etc. Therefore, NetBIOS usually gets struck pretty quick.
K. Brian Kelley
- 9,004
- 31
- 33
-
2+1 for Brian - also, NetBIOS is more or less a legacy protocol now; you should be able to do everything that it provides using DNS, SMB etc. – user2278 May 14 '09 at 13:13
-
Affirmation for the above. No NetBIOS through the firewall. – squillman May 14 '09 at 13:44