This request created created from a Pembins 2018 SP3 inquiry but I believe it has been agreed to only be considered for supported versions or future release.
Previous IMS from ConEd - 2178824 was closed stating, "noting they need to validate the changes in a test environment if they wish to proceed."
A security audit is underway on the Pembina OASyS systems. 3 security items have been identified, GCS has responded to the first 2.
The 3rd item is requesting R&D disable NetBios & validate OASyS functionality.
1. SMBv1 is enabled - Not used by OASyS. 2018 SP3 via GPO settings should disable this.
2. LLMNR is enabled - Not validated but is unlikely to be in use on an OASyS, low risk to disable.
3. NetBios is enabled - L2 believes there is higher risk in disabling this, including the following known issues;
- Printer and any machines setup with simple file sharing
- Any drive mappings may be impacted, and therefore our "distribute" application, and potentially the XOS distribution of displays
- Joining a domain may use NetBIOS in certain circumstances
- Older versions of clustering (I think pre-Server 2008) used NetBIOS – this is perhaps not applicable
- Some non-OASyS applications on the system may use NetBIOS (e.g. Corporate virus detection, and/or backup solutions)
- May have some impact if devices (e.g. switch) participates in NetBIOS
L2's suggestion is to not disable NetBios but this doesn't satisfy the customer audit.
A little over 6 years ago, L2 had attempted disabling ELKSP4 NetBios in collaboration with Chief Architect at the time to formulate the below response. No other versions were tried by us.
------------------
I think that disabling NetBIOS will have impact on a variety of software. Our operational software (i.e. RealTime) isn't codified to use Netbios, but disabling it will potentially impact overall system behaviour. This includes:
a) printer and any machines setup with simple file sharing.
b) Any drive mappings may be impacted,
c) and therefore our "distribute" application, and potentially the xos distribution of displays.
d) Joining a domain may use Netbios in certain circumstances ( https://support.microsoft.com/en-us/kb/2018583 )
e) Older versions of clustering (I think pre-Server 2008) used Netbios.
f) Some non-OASyS apps on the system may use netbios (e.g. if they have installed a corp virus detection, or backup solution).
------------------
From my recollection we did run into file sharing and network drive issues. No printers were tested, not sure if any domain controller functions were tested.
Test results may have been posted to TCWiki, box or some other no longer existing platform.
Since then I believe NetBios is also now used for VM client communications and some AIT process.
Our Firewall config doc does specify that ports 137, 138 and 139 need to be open for NetBios.
At this time, our plan is to investigate what this may mean. There are some functions which require drive sharing