NetBios CIFS (IPS tab)
NetBios is a protocol that is used for sharing files/printers, generally by Microsoft systems.
NetBIOS CIFS:Maximum size of elements (bytes)
| Name of files (SMB2 format)
|
This number has to be between 1 and 65536 bytes. This file name size (SMB2 - ioctl referral request) is set by default to 61640 to protect the system from the vulnerability CVE 2009-2526. |
Microsoft RPC (DCE/RPC)
| Inspect Microsoft RPC (DCE/RPC) protocol
|
As the DCE/RPC protocol can be encapsulated in this protocol, this option allows enabling or disabling its inspection. |
Authentication
| Verify user legitimacy |
If this option is selected, you will be enabling user authentication via the CIFS header. The CIFS plugin will therefore be capable of extracting the user ID and comparing it against the list of users authenticated on the firewall.
When no authenticated users match, the packet will be blocked. |
Support
| Disable intrusion prevention
|
When this option is selected, the scan of the NetBios CIFS protocol will be disabled and traffic will be authorized if the filter policy allows it. |
| Automatically detect and inspect the protocol |
If this protocol is enabled, the inspection function will automatically apply to discover corresponding traffic that filter rules allow. |