NetBIOS was created in the 1980’s by Microsoft and is primarily found on Windows devices and is still used today to conduct core functions within a network. It is an API that allows legacy software on different computers and hardware equipment to communicate within a Local Area Network (LAN). Without proper configuration, NetBIOS can be a major security risk.

NetBIOS can be configured to allow unauthenticated login, which effectively means that a malicious actor could obtain information from networked machines using specifically designed tools. This information includes password policy criteria, usernames and Operating System versions which can be used to further attack the target system. For example, if the output of a scan stated that the password policy had password complexity requirements, you may be able to use this knowledge to craft your own customised password attack.

Additionally, Relative Identifiers (RIDS) are used to determine the privileges of an account or group within a Windows Domain. These can be enumerated by a hacker to target their attacks on the higher privilege account first to obtain the domain administrative account.

Mitigation Factors:

If none of the devices or software require NetBIOS to communicate within your network, then it should be disabled to remove the risk of information about the network configuration, user account privileges and password policy information being disclosed.

If NetBIOS is required for communication within your network, the unauthenticated login functionality can be restricted to ensure that an attacker cannot see network shares or user accounts. This is achieved by changing the restrict anonymous value within the registry to 1 or 2, depending on how NetBIOS is used.

Ensure that strong complex passwords are used for all accounts. This will reduce the chances of a hacker using password guessing techniques to obtain the necessary information to compromise the account.