Block port 135, 445 with file share enable

I needed to block port 135 and 445 on Window Server 2008 R2 due to WannaCry . Having done it, workstations could not access the shared folders on the server. Is it possible to configure the file share management with another port? So users can still access the shared folder even the two ports have been blocked.

Answer

Band-Aids don’t fix security vulnerabilities

The real problem here is that your computers have a serious security vulnerability. Blocking ports 135 and 445 serves as a Band-Aid to the problem. While doing this may be a viable temporary solution to do damage control, the proper solution is to install the patch throughout your environment.


Blocking ports 135 and 445 has the effect of disabling SMB file-sharing on your Windows Server. If your boss is asking you to do this to “fix” the threat posed by WannaCry, then you should make your boss aware that this is the equivalent of deleting your e-mail address in order to avoid getting spam messages.

Suppose you don’t need file sharing enabled. Fine. But by leaving this vulnerability unpatched you arm an explosive land-mine that will make a fantastic mess of your organization the day someone comes along and re-enables file sharing. Don’t do this.

Always install security patches, even if you don’t currently use the patched service.

Attribution
Source : Link , Question Author : LuisSuarez7 , Answer Author : Community

Leave a Comment