[Forgot Password]
Login  Register Subscribe

24003

 
 

131486

 
 

106342

 
 

909

 
 

84662

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers

ID: oval:org.secpod.oval:def:40320Date: (C)2017-04-25   (M)2018-04-10
Class: COMPLIANCEFamily: windows




MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers Vulnerability: The NetBT protocol is designed not to use authentication, and is therefore vulnerable to spoofing. Spoofing makes a transmission appear to come from a user other than the user who performed the action. A malicious user could exploit the unauthenticated nature of the protocol to send a name-conflict datagram to a target computer, which would cause the computer to relinquish its name and not respond to queries. The result of such an attack could be to cause intermittent connectivity issues on the target computer, or even to prevent the use of Network Neighborhood, domain logons, the NET SEND command, or additional NetBIOS name resolution. For more information, see the Microsoft Knowledge Base article "MS00-047: NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts" at http://support.microsoft.com/default.aspx?kbid=269239. Counter Measure: Configure the MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (Only recommended for servers) entry to a value of Enabled. The possible values for this registry entry are: * 1 or 0. The default configuration is 1 (enabled). In the SCE UI, these options appear as: * Enabled * Disabled * Not Defined Alternatively, you could disable the use of WINS in your environment, and further ensure that all applications rely upon DNS for name resolution services. Although this approach is a recommended long-term strategy, it is generally impractical for most organizations to attempt as a short-term solution. Organizations that still run WINS generally have application dependencies that cannot be quickly resolved without upgrades and software rollouts, which require careful plans and significant time commitments. If you cannot deploy this countermeasure and you want to guarantee NetBIOS name resolution, you can take the additional step of "pre-loading" NetBIOS names in the LMHOSTS file on certain computers. For more information about how to pre-load the LMHOSTS file, see the Microsoft Knowledge Base article "MS00-047: NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts" that was referenced earlier in this section. Note: Maintenance of LMHOSTS files in most environments requires a significant amount of effort. Microsoft encourages the use of WINS instead of LMHOSTS. Potential Impact: An attacker could send a request over the network and query a computer to release its NetBIOS name. As with any change that could affect applications, Microsoft recommends that you test this change in a non-production environment before you change the production environment. Fix: (1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters!NoNameReleaseOnDemand

Platform:
Microsoft Windows Server 2016
Reference:
CCE-45283-9
CPE    1
cpe:/o:microsoft:windows_server_2016:::x64
CCE    1
CCE-45283-9
XCCDF    5
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
...

© 2013 SecPod Technologies