Slide 21 of 27
Windows computers are particularly vulnerable to attack because file and print sharing is, by default, enabled and bound to TCP/IP when TCP/IP is installed. That means that the following ports are open and listening:
- UDP port 137, nbname (NetBIOS name service)
- UDP port 138, nbdatagram (NetBIOS datagram service)
- TCP port 139, nbsession (NetBIOS session service)
This setting is unnecessary and dangerous. Before getting connected in any way to the Internet, Windows users should block file and print sharing over TCP/IP. This is simply accomplished; as shown in the slide, go into the Network configuration under Control Panel, and unbind "Client for Microsoft Networks" and "File and print sharing for Microsoft Networks" in the TCP/IP properties for all adapters using TCP/IP. You can still do all of the file and print sharing that you want over the LAN because Microsoft networks use the NetBIOS protocol and don't need to have these functions bound to TCP/IP.