Windows Traffic on the Internet Link

Windows computers communicate with each other via NetBIOS and Server Message Block (SMB). These protocols work on top of TCP/IP or other transport protocols. It is a protocol that works by holding elections to determine which computer will be the master browser. The master browser is a computer that keeps a list of all the computers, shares and printers that you can see in Network Neighbourhood or My Network Places. Information about available shares are also broadcast at regular intervals.

The SMB protocol is designed for LANs and causes problems when the Windows computer is connected to the Internet. Unless SMB trafficis filtered, it will also tend to spread to the Internet link, wasting the organization's bandwidth. The following steps might be taken to prevent this:

• Block outgoing SMB/NetBIOS traffic on the perimeter router or fire-wall. This traffic will eat up Internet bandwidth, and worse, poses a potential security risk. Many Internet worms and penetration tools actively scan for open SMB shares, and will exploit these connections to gain greater access to your network.

• Install ZoneAlarm on all workstations (not the server). A free version can be found at www.zonelabs.com. This program allows the user to determine which applications can make connections to the Internet and which ones cannot. For example, Internet Explorer needs to connect to the Internet, but Windows Explorer does not. ZoneAlarm can block Windows Explorer from doing so.

• Reduce network shares. Ideally, only the file server should have any shares. You can use a tool such as SoftPerfect Network Scanner to easily identify all the shares in your network.