Ensure there is no unrestricted inbound access to TCP port 139 (NetBios)

Security & Compliance

TCP port 139 is used by the NetBIOS session service and allows for communication between computers over a network. This service is commonly used for file and printer sharing in Windows networks. Unrestricted inbound access to this port could potentially allow an attacker to gain unauthorized access to sensitive data and resources on the network.


To ensure there is no unrestricted inbound access to TCP port 139, organizations should implement the following remediation steps:

  1. Use a firewall to block all incoming traffic on port 139 from external sources.
  2. Limit access to port 139 to only authorized users and systems within the network.
  3. Implement strong authentication mechanisms, such as two-factor authentication, to prevent unauthorized access to network resources.
  4. Regularly monitor network traffic to detect and respond to any potential security threats.
  5. Implement network segmentation to isolate critical systems and limit the potential impact of a security breach.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.