Posted on 04/20/2015 5:35:14 PM PDT by dayglored
I can give you a general description, but the details necessary for useful "instructions" are going to be different for each situation, and this comment would be many pages long and anybody's eyes would glaze over, not just a sales rep's. :) But there's some hope... read on please...
The basic concept is that between your computer and the internet, there are a couple of devices, or software functions, which can selectively block connections between your computer and the internet. You can control what data is permitted to go in each direction, and that control function is called a "firewall".
1. A software firewall is present on your computer (you can find "Windows Firewall" in the ControlPanel), and it should be turned ON.
2. There's usually a firewall function in your Wireless (WiFi) modem/router in your home or small office.
3. And most corporate offices with networking have a fancy hardware firewall in their server room.
In each of those three situations, the firewall mainly blocks inbound connections (from the internet) and is very open about outbound connections (to the internet).
But for this vulnerability, you need to block some outbound connections.
Connections are made on "ports" that are numbered from 1 to 65535. The ports numbered 139 and 445 carry SMB information that lets you connect to network shared drives, like shared folders on your company server. When that connection is made, private information like your network password is transferred; this is normal.
The problem with this vulnerability is that it can allow a hacker on the internet to get that private information, if those ports are open to the internet.
So the ports 139 and 445 should be blocked at your Wireless modem/router or corporate firewall. The detailed instructions on how to do that are specific to each make and model of router and corporate firewall.
You generally do NOT want to block the ports on your computer's firewall because if you do, you won't be able to connect to network shared drives and folders.
The communications "protocol" that makes the connection is called "TCP"; there are a few different protocols used in these connections, and you want to block TCP on those ports.
If you know the specific make and model of the firewall device you need to work with, I can perhaps find instructions on the internet and help decode them for you.
Preachin' to the choir -- I'm a Linux/Unix user; CentOS is my workstation at work; OS X at home because then I have BSD Unix as well.
But be aware, this is not only a Windows issue. If you have Samba enabled on your system to support CIFS shares, that's SMB, and the same vuln is potentially present.
Mint is a cute little ubuntu distro. It does the job for your basic home office solutions.
So if I need to open my VPN on my laptop to connect to corp, I need to keep the router ports open, but I could shut down all software based firewalls active on my other systems.
Am I close?
It’s not hard to slip SMB calls into web code. I agree that SMB is mostly an internal operation, but that doesn’t mean the bad guys won’t try to make your computer call to it with SMB.
I blocked SMB outbound on my firewall (pfSense is amazing), and I feel better knowing that vector can’t be exploited.
In theory you're absolutely right. However, the number of SMB shares available on the internet is absolutely astounding.
Man, that's freakin' scary as hell.
Could you add me to your ping list?
Sure, done!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.