Securing WINS Servers

WINS Server Role Security Issues

A WINS server is an enhanced NetBIOS name server that can resolve NetBIOS computer names to IP addresses. The WINS database hosted on the WINS server is used to store and maintain NetBIOS computer names to IP addresses mappings. WINS registers NetBIOS computer names, and then stores these client name registrations in the WINS database.

A WINS server is basically needed if there are applications that require WINS for name resolution to operate correctly. WINS is also typically needed if all your domains have not been upgraded to Active Directory, and clients are not running Windows 2000 or later.

One of the most common security issues with WINS is that NetBIOS names and IP addresses information can be erroneously sent over public networks. To prevent NetBIOS names and IP addresses information from being interpreted, consider using IPSec or VPN tunnels to secure WINS information communication.

A few security strategies for securing WINS servers are listed here:

• Physically secure your WINS servers.

• Consider implementing two WINS servers to provide fault tolerance for name resolution. The secondary WINS server would be used for name resolution if the primary WINS server is unavailable or under attack.

• The NTFS file system should be utilized to protect data on the system volume.

• Apply and maintain a strong virus protection solution. Software patches should be kept up to date.

• All services and applications which not being utilized on your WINS servers should be deleted or uninstalled.

• You should perform administrative tasks on the WINS servers with the least amount of privileges required.

• You should configure your firewalls and routers to restrict access to the WINS server to only the private internal network.

• It is recommended that you use Kerberos authentication to verify identifies before allowing connections to the WINS server to be established.

• To further secure the WINS server you can use VPN tunnels or IPSec to secure WINS communication data.

• Consider reserving and using a static IP address for any WINS servers whose operation is critical to the operation of the organization. This strategy prevents unauthorized individuals from using the IP address of the WINS server to obtain IP addressing information on the internal network.

• You should monitor WINS server activity regularly by examining the WINS logs. You can also view WINS server statistics to monitor WINS server performance.

Backing up and Restoring the WINS Database

It is recommended to regularly back up the WINS databases hosted on your WINS servers so that you can restore the WINS database if necessary.

You can use the WINS management console to perform a manual back up of the WINS database. Alternatively, you can schedule for an automatic back up of the WINS database. The Windows Server 2003 Volume Shadow Copy feature allows you to back up the WINS database while it is online. This means that you no longer have to first stop the WINS service running on your WINS servers before you can initiate a WINS server database backup.

To manually back up the WINS database,

1. Click Start, Administrative Tools, and then click WINS to open the WINS management console.

2. In the console tree, right-click the WINS server whose database you want to back up, and then select Back Up Database from the shortcut menu.

3. The Browse For Folder dialog opens.

4. If you want to create a new folder to store the WINS database backup, click the Make New Folder button. Provide a name for the new folder.

5. If you want to store the WINS database backup in an existing folder, you have to browse to that particular folder.

6. Click OK to start backing up the WINS database.

7. Click OK when a message appears, indicating that the database back up was completed successfully.

To restore the WINS database,

1. Click Start, Administrative Tools, and then click WINS to open the WINS management console.

2. In the console tree, right-click the WINS server whose database you want to restore, and select All Tasks, and then select Stop from the shortcut menu. The WINS service has to be stopped before any database restores can be performed.

3. In the console tree, right-click the WINS server again and then select Restore Database from the shortcut menu.

4. The Browse For Folder dialog opens.

5. Navigate to the location of the folder which was utilized to store the previous WINS database backup.

6. Click OK.

7. WINS proceeds to restore the database.

8. The WINS service is automatically restarted.