NetBIOS share found

Risk Level: Low risk vulnerability  Low

Check or Attack Name: NetBIOS share
Platforms: Windows NT, Samba, Windows for Workgroups: 3.11, OS/2, Windows 95
Description:

A NetBIOS share has been detected. If the share already has the proper access controls, this is a low risk vulnerability.
Remedy:

All platforms should either disable sharing or review access controls.

Note: The vulnerability will be flagged if any shares are detected, even if they are not accessible. Windows 95 machines must disable file and print sharing to avoid flagging this vulnerability. If shares are needed and must be secure, consider upgrading to Windows NT running NTFS.

Windows 95: Select one of these choices:

  • Remove file and print sharing.

    1. Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
    2. From Configuration, click File and Print Sharing.
    3. Disable 'I want to be able to give others access to my files' and disable 'I want to be able to allow others to print to my printer(s).'
    4. Click OK and restart the computer. The Windows 95 machine no longer allows shares to exist or be created.

  • Use user-level access control (does not eliminate vulnerability). To implement user-specific permissions in Windows 95:

    If disabling Windows 95 sharing is unacceptable, you can use user-level access control. This approach does not eliminate reporting for a vulnerability, but it does decrease the risk. Windows 95 permits user-specific permissions if it is part of a domain. Access to the share by password is discouraged because of the possibility of unlimited and unlogged brute force attacks.

    To implement user-specific permissions, follow these steps:

    1. Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
    2. From the Access Control tab, select User-Level access control.
    3. Type the domain name.
    4. Click OK.

Windows NT: Select one of these options:

  • Grant share access only to approved users.

    1. From the local computer, open Windows NT Explorer.
    2. Navigate to the shared folder.
    3. Right-click the shared folder name and select Sharing to display the Properties dialog box.
    4. Click Permissions.
    5. Use these guidelines to review the listed permissions:
      • Remove or change any permissions such as Everyone: Full Control. This default permission allows all users to read, modify, and even change ownership and permissions on the items in the share.
      • Review any names with Change or Full Control permissions and determine if the permission is appropriate. Consider using Read Only or No Access if these names do not need to modify items in the share.
      • Review any names that should not be in the list, and remove the name or change their permission as appropriate.

  • To remove a share, choose one of these options:

    • Remove the share from a local computer.

      1. From the local computer, open Windows NT Explorer.
      2. Navigate to the shared folder.
      3. Right-click the shared folder name and select Sharing to display the Properties dialog box.
      4. To disallow access to all users, select the Not Shared check box.

    • Remove the share from a remote computer.

      1. From a remote computer, open the Server Manager.
      2. Select the host name.
      3. From the Computer menu, select Shared Directories to display the Shared Directories dialog box.
      4. Select the NetBIOS share
      5. Click Stop Sharing.
      6. Click OK.

    • Remove the share from the command line.

      From a command prompt, type: net share sharename /delete
References:
X-Force Logo
Know Your Risks