NETBIOS 1

[mdabney]

I turned off NETBIOS because someone in our factory keeps connecting a wireless router to our system bypass our Internet access rules on off shifts. It was the only way I could think of to prevent unauthorized workgroups from showing up on our network. I'm not sure if I stopped them or not. Problem is now I'm have a problem with our VPN clients. We have one AD domain abc.com. We use iSeries for Dominio and an iSeries based ERP that domain is ab-c.com. VPN uses can no longer see the ab-c.com domain. IS there anyway to correct this without turning NETBIOS back on, or is there a way to prevent unauthorized workgroups?

 

[lhuegele]

How did you turn off NETBIOS? Since you aren't sure that what you did stopped them from hooking up rogue equipment to your network (it probably didn't) you should reverse your steps to see if this helps your VPN users.

Does your company have an official written policy against connecting non-company owned devices to your network? If not, this is what I would suggest you put in place. Then make sure every employee has a signed statement in their file that they understand the new policy and agree to abide by it. Make it clear WHY this is the policy (for their protection and for the protection of the network for BUSINESS purposes) and make sure higher-ups are on-board so that enforcement isn't left out in the cold.

We only had to have 1 person written up and 1 other person fired for this before this stopped being a problem for us.

Good luck,

 

[lhuegele]

I forgot to also add that you should then analyze whether wireless is something that your company should implement as an official business need. That way you can control the security and implement it in as safe a manner as possible.

Good luck,

 

[mdabney]

I did reverse the netbios and it didn't. You can enable/disable netbios from the TCPIP properties under the advanced tab. It's dynamic. Once you check or uncheck, it takes affect. We do have a policy in place and the perpetrators face up to dismissal. We have a fully-functional secured wireless network in our facility, but this is unauthorized access to the Internet which we limit by ACS.

 

[burtsbees]

What manufacturer of switches, routers, firewalls do you have? In a Cisco switch, MAC port security would be one answer, Cisco routers---MAC acl, same with certain firewalls. Won't disabling NETBIOS also disable the ability to share folders/drives, including mapping?

Burt

 

[mdabney]

We have Cisco equipment and we have at least 8 3500 switches on the floor as well as 3 aironet AP's so MACing could be difficult. Eveything within my internal domain is having no trouble with sharing and mapping. Seems only to be a problem with the VPN clients which are on a different octet. I'm thinking that the NETBIOS disable affected my DNS configuration, which could be the problem. Still trying to disect.

 

[mdabney]

Actually my issue ended up not being a NETBIOS issue after all. I was also working on a new DMZ and inadvertently change a NAT statement on my PIX. Added the statement back, turned NETBIOS back off and we're operatinal again.

 

[MikeBatters]

Glad to hear you found the source of the problem. May i suggest to solve your original problem you consider replacing the PIX firewall with something whuch delivers more comprehensive protection/control to prevent anyone getting unauthorised access.

There are many available which can deliver this but if you want an opinion please post back.

In case you aren't aware the Cisco PIX has now gone End Of Life and will soon be unsupportable so it may become even more important.

Hope that's of use & appologies if i am telling you something you already know.



Mike

*************************************

Remember - There is always another way..........I just haven't found out what it is yet!

 

[mdabney]

Thank you and yes. We'll be replacing with an ASA device in the next couple of months.