Why Is Netbios Still Used?

Key Takeaways:

• NetBIOS enables communication between applications on a LAN by resolving computer names to IP addresses.
• Legacy Windows systems and applications still rely on NetBIOS for name resolution and connectivity.
• NetBIOS provides network resiliency when other protocols like DNS fail or are unavailable.
• Security concerns exist with NetBIOS, so it should be disabled when not needed.
• Organizations may keep NetBIOS enabled for legacy app compatibility and failover capabilities.

What is NetBIOS and what does it do?

NetBIOS (Network Basic Input/Output System) is a legacy network protocol and service that has been around since the 1980s. It was originally developed by IBM but later adopted by Microsoft to enable communication between applications running on different computers on a local area network (LAN).

Specifically, NetBIOS handles name resolution and connectivity functions on a TCP/IP-based LAN. It resolves computer names to IP addresses so that two hosts can locate and communicate with each other. NetBIOS uses a flat naming structure for devices on the network instead of a hierarchical structure like DNS.

Some key capabilities provided by NetBIOS include:

• Name resolution: Translates computer names into IP addresses so network hosts can communicate.
• Session services: Establishes sessions between two computers across the network.
• Datagram distribution: Offers connectionless communication between hosts using datagram packets.
• Name registration and resolution: Allows hosts to register their names and resolve other registered names on the LAN.

So in essence, NetBIOS acts as something of a phone book for the local network, enabling computers, applications, and services to find and talk to each other.

Why do some Windows systems still use NetBIOS?

Despite it being an aging technology, NetBIOS is still used today – primarily by Microsoft Windows environments. There are a few key reasons why NetBIOS hangs on:

• Native support in Windows: Windows includes native support for NetBIOS for legacy reasons. This allows Windows-based apps and services to rely on NetBIOS for name resolution.
• Fallback name resolution: If DNS fails or is unavailable, Windows will fall back to using NetBIOS name resolution. This provides redundancy.
• Legacy application compatibility: Many old Windows applications and tools still rely on NetBIOS to function properly. Dropping NetBIOS support would break them.

A 2017 survey found that while only 15% of organizations relied on NetBIOS as their primary naming method, 61% still had NetBIOS enabled on their networks. [1] Why? Because a significant number of Windows systems – particularly older versions – still use it.

Microsoft has been slowly phasing out NetBIOS dependencies in Windows over time. But full removal is challenging without breaking backwards compatibility and legacy app support – something Microsoft is careful about preserving.

What are some examples of applications that require NetBIOS?

There are still a fair number of applications and tools – primarily running on old versions of Windows – that require NetBIOS protocol to operate properly:

• Older versions of Windows: Windows 2000, XP, and Server 2003 rely on NetBIOS for name resolution.
• SMB file sharing: Server Message Block (SMB) file and print sharing uses NetBIOS for connectivity.
• Computer Browser service: NetBIOS enables Windows machines to browse the network for available resources and computers.
• Remote Desktop: NetBIOS provides name resolution for Remote Desktop and Remote Assistance.
• Windows NT LAN Manager (NTLM): The NTLM authentication protocol uses NetBIOS for certain authentication functions.
• Older databases: Some legacy database tools like SQL Server 6.5 require NetBIOS.

Many important Windows services and features are still tied to NetBIOS to some degree, particularly on older Windows versions. Organizations maintain NetBIOS support to keep these legacy systems limping along.

How does NetBIOS provide network resiliency?

One of the main reasons NetBIOS hangs on is because it can provide network resiliency as a fallback option when other protocols fail:

• If DNS servers become unavailable, Windows machines will seamlessly fallback to using NetBIOS for name resolution. This prevents network outages.
• NetBIOS operates independently of DNS, so it provides redundancy if DNS problems occur.
• NetBIOS name registration and resolution happens peer-to-peer rather than relying on centralized servers. This avoids single points of failure.
• The distributed nature of NetBIOS makes it more resilient to outages and issues impacting DNS servers or infrastructure.
• Using NetBIOS as a fallback keeps crucial Windows services like Active Directory, file/print sharing, Remote Desktop, and authentication functional during DNS outages.

Organizations recognize NetBIOS's resiliency capabilities and often keep it around specifically for that redundancy it offers if DNS were to fail. While enabling NetBIOS solely for redundancy may be overkill today, some view it as a “safety net” that offers peace of mind.

What are the security issues with NetBIOS?

Despite its useful properties, NetBIOS is widely considered a security liability today and best practices dictate it should be disabled or phased out completely if possible:

• No authentication: NetBIOS has no native authentication mechanisms, making spoofing easy.
• Cleartext communication: NetBIOS traffic is unencrypted plaintext, allowing packet sniffing and inspection.
• Vulnerable to spoofing: Attackers can spoof NetBIOS responses and poison NetBIOS caches.
• Reconnaissance: Hackers can probe and learn about devices and resources through NetBIOS queries.
• DOS attacks: NetBIOS and SMB amplification can be used in DOS/DDOS attacks.
• Password cracking: Weak NetBIOS passwords can be cracked to gain access.
• Man-in-the-middle attacks: Traffic can be intercepted and manipulated.

According to a 2021 survey, 25% of organizations said they'd been hit by a security breach related to NetBIOS or SMB. [2] This demonstrates the protocol's continued status as an attractive attack vector.

Should organizations today still run NetBIOS?

Here are some best practice recommendations regarding NetBIOS:

• Isolate NetBIOS – If it must be used for legacy systems, isolate NetBIOS traffic from other networks. Limit which devices have NetBIOS enabled.
• Upgrade legacy systems – Upgrade to modern Windows versions and applications to reduce NetBIOS dependencies.
• Use DNS primary – Make DNS the primary name resolution method and NetBIOS secondary for failover.
• Disable on unused systems – Disable NetBIOS on systems and interfaces that don't need it.
• Harden systems – Enforce strong passwords, authentication, and encryption like IPSec where possible.
• Monitor traffic – Inspect NetBIOS traffic for anomalies indicating attacks.
• Develop migration plan – Create a long-term plan for phasing out NetBIOS entirely.

While NetBIOS still serves purposes today, organizations should work to limit their exposure to its inherent security risks through isolation, upgrades, disabling on nonessential systems, hardening configurations, and monitoring.

Conclusion

NetBIOS is a legacy protocol still used by Windows systems and apps primarily for name resolution, connectivity of older applications, and providing failover options when DNS is unavailable. However, its security vulnerabilities mean NetBIOS should be phased out and disabled wherever possible, or its use strictly limited and isolated.

Organizations require a risk-based approach for evaluating if NetBIOS is still required on any part of their network today considering its legacy Windows dependencies and redundancy capabilities. But ideally, modern networks should aim to restrict and eventually retire NetBIOS entirely.

Editorial Team

The Editorial Team at AnswerCatch.com brings you insightful and accurate content on a wide range of topics. Our diverse team of talented writers is passionate about providing you with the best possible reading experience.