Disable unneeded services

In reading a SQL installation KB it mentions "Disable NetBIOS and Server Message Block
Servers in the perimeter network should have all unnecessary protocols disabled, including NetBIOS and server message block (SMB)".  However, other information I have seen indicates that SMB and Netbios are tied to resource sharing and DHCP.  I also see, " Port 445, port 445 is deeply embedded in Windows and can be difficult or impossible to safely close. While its closure is possible, other dependent services such as DHCP".

So how can I determine if these can be truned off without inadvertantly effecting network functions such as newotk browsing, printer location ect.

Thanks for any help.
Keith Naccarato
Ulster-Greene ARC


ARC-ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

drfiascoCommented:
The perimiter network that the documentation is on the outside of your firewall. The easiest way to do this is to block the protocols from the outside on your firewall. You can also disable the protocols on your server but if the server has multiple functions this isn't really feasible.

For my SQL Servers I disable almost everything that has nothing to do with SQL. But my SQL servers are single purpose, meaning I'm not doing any file sharing, running DNS, DHCP or any other services. Also note because you disable the ports on your server doesn't mean that you'll block outbound communication on those ports. I block SMB on my SQL servers but I can still make connections to other SMB servers from those servers.

Hope this helps.

Neil
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MarkIsraelCommented:
If the server is going to have file shares your going to be hard pressed to get rid of netbios. Unless you want to map using the IP address. I agree with the Dr. Fiasco if your running just SQL on the server then consider blocking Netobios and SMB. Netbios is the MS, network and file sharing protocol and getting rid of it can create some other strange things. I think MS still uses Netbios for more than just file sharing. Every attempt to go TCP/IP only without netbios has always created problems. The kind where rewiting login scripts and other issues. It creates a domino effect, you end up having to make changes to ensure your network works for the end users and they want it up. Not you trying to figure out evrything that is buffed up because people can't print or get to their directories. If it isn't a real threat and you have antivirus counter measures in place then let it be.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.