cma6

Block outbound SMB request

Recommended Posts

"More advanced protection measures include blocking outbound SMB requests via firewalls, so local computers can’t query remote SMB servers."

How does one do that in EIS?

Share this post


Link to post
Share on other sites

I'd also like to know assuming it hasn't already been done.

 

 

Never mind.  The whole question is discussed in the blog.   cma6 you are covered.

 

Pete

Share this post


Link to post
Share on other sites

> You are going to laugh ...

Am I?   I skim read the first few articles there and didn't see anything related to SMB.  Which article?

Share this post


Link to post
Share on other sites
10 hours ago, JeremyNicoll said:

I skim read the first few articles there and didn't see anything related to SMB.  Which article?

I would believe he is referring to the following article:

http://blog.emsisoft.com/2017/05/18/wannacry-ransomware-interview/

 

On 5/20/2017 at 10:06 PM, cma6 said:

"More advanced protection measures include blocking outbound SMB requests via firewalls, so local computers can’t query remote SMB servers."

How does one do that in EIS?

When configured for "Public" mode, EIS will block all requests to ports 137, 138, 139, and 445. These are the Windows Networking ports, with port 445 being the SMB port.

Obviously if you connect to the Internet through a router or a modem that has NAT (Network Address Translation) then any attempts to access those ports over the Internet should already be blocked, unless you have forwarded them in your NAT configuration. When a device that has NAT is protecting your network then it is safe to leave your network configured as "Private", unless you feel like you need the extra security and don't mind shutting down all Windows Networking ports (or want to make more advanced rules to allow those ports only for specific IP addresses or IP ranges).

Share this post


Link to post
Share on other sites

I'd said: I skim read the first few articles there and didn't see anything related to SMB.

Hmm, must have done that with my eyes shut.  Sorry.

Share this post


Link to post
Share on other sites
13 hours ago, JeremyNicoll said:

I'd said: I skim read the first few articles there and didn't see anything related to SMB.

Hmm, must have done that with my eyes shut.  Sorry.

Understandable. ;)

I used Vivaldi's Find In Page search (Ctrl+F) to find it quickly. Most browsers also have this feature, and I would believe most of them use the same shortcut key.

Share this post


Link to post
Share on other sites
On 5/23/2017 at 1:33 AM, GT500 said:

I would believe he is referring to the following article:

http://blog.emsisoft.com/2017/05/18/wannacry-ransomware-interview/

 

When configured for "Public" mode, EIS will block all requests to ports 137, 138, 139, and 445. These are the Windows Networking ports, with port 445 being the SMB port.

Obviously if you connect to the Internet through a router or a modem that has NAT (Network Address Translation) then any attempts to access those ports over the Internet should already be blocked, unless you have forwarded them in your NAT configuration. When a device that has NAT is protecting your network then it is safe to leave your network configured as "Private", unless you feel like you need the extra security and don't mind shutting down all Windows Networking ports (or want to make more advanced rules to allow those ports only for specific IP addresses or IP ranges).

Arthur:

 How does one know how EIS is configured: public or private mode? 

Share this post


Link to post
Share on other sites

Go to Protection - Firewall.  At the bottom of the page, click on Manage Networks.  In the box that opens, the top section "Network adaptors and connected networks" will show you which adapter is in use and next to that it will say either "Public network" or "Private network".  If you click on the "Public network" or "Private network" information in the top section of this window, then the window changes to display more information about the current connection AND allow you to change its status.

Do not be misled by the very-similar looking section under that, which allows you to tell EIS whether to class a new adapter as Private/Public.

Share this post


Link to post
Share on other sites
55 minutes ago, JeremyNicoll said:

Go to Protection - Firewall.  At the bottom of the page, click on Manage Networks.  In the box that opens, the top section "Network adaptors and connected networks" will show you which adapter is in use and next to that it will say either "Public network" or "Private network".  If you click on the "Public network" or "Private network" information in the top section of this window, then the window changes to display more information about the current connection AND allow you to change its status.

Do not be misled by the very-similar looking section under that, which allows you to tell EIS whether to class a new adapter as Private/Public.

Yes, that's essentially correct. ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.