| reply to skisplat
Re: How do I.. Basically you can close the port but if you do
you are shutting a lot of functionality off...
Its also not an easy task to do....
I wrote up a breakdown on how to harden your system in kerio security forum once...
But only I just mentioned this since its a difficult process...I will include a similar breakdown here:
A secure system is one that doesn't advertise shares using netbios and closes ports 135-139 and port 445.
However you can skip Section 1, to try and avoid losing some functionality.
Section 1: Turning off Netbios
(Warning this will disable your ability to share anything.)
(If you truly need to share files,
consider running a ftp server such as raiden.)
Summary: Basically Disable all netbios drivers,
reboot, your ports should be closed.
How to do it:
1. First go into your services and turn off netbios helper. 2. Then go to my computer\hardware\Device Manager,
click on view, show hidden devices,
look for non-plug and play drivers,
then look for netbios, disable it..
3. Reboot, if no errors occurs..your set.
4. Go to a dos prompt, and double check,
to see if port 135 is closed.
Type: netstat -an.
5. If not go to Section 2.
(You should see ports 135-139 are missing and port 445,
is closed as well.)
Section 2: The hard way of closing port 135, you
1. Open regedt32
2. Export below keys into a backup reg file.
3. Change items below in registry.
Basically find:
HKLM\Software\Microsoft\OLE
Look for: EnableDCOM
Look for: EnableRemoteConnect
Change value from: Y to N
(If not present then add it.)
(Reg_SZ)
Then go to:
HKLM\Software\Microsoft\RPC\ClientProtocols
Look for: ncacn_ip_tcp
Look for: ncagd_ip_udp
Remove Them.
(Reg_SZ)
HKLM\Software\Microsoft\RPC\DCom Protocols
Look for: ncacn_ip_tcp
Remove It.
(Reg_Multi_SZ)
Section 3: Closing Port 445.
HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Look for: SMBDeviceEnabled
Change it to: 00000000
(If not present then add it.)
(To simplify some of it, copy below to a text file name it Dcom-Smboff.reg. Double click on file and it should make changes automatically remember this will not remove any of the ncacn reg entries those have to be done by hand.)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="N"
"EnableRemoteConnect"="N"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"SMBDeviceEnabled"=dword:00000000
If you perform all these steps this should turn off port 135 and 445, and stop remote users from running any programs.
Reply to this message if you have questions.
Hardened. |
| I forgot to mention,
you can turn off dcom using dcomcnfg.exe.
Type dcomcnfg.exe when window opens,
go to enable distributed COM,
and remove the checkmark.
Go to Default Protocols and remove all the protocols.
Your done.
Hardened. |
