Harvard Universtiy IT (HUIT) is conducting a domain-wide rollout of a security policy that is designed to mitigate a risk called the LLMNR Responder Vulnerability. The remediation works by using a Group Policy Object (GPO) to run a script on each Windows PC which then protects systems from LLMNR attacks by disabling multicast name resolution and disabling NetBIOS over TCP/IP for each network card on the system. PCs then use the more modern protocol DNS to resolve names of network resources.
This security patch will be installed during the evening of Thursday, 2/13/20, and will have no effect on HSPH-managed servers, PCs and laptops. If you manage your own Windows-based server for file storage, please keep reading.
HUIT AD Engineering and Endpoint-Systems has built a Group Policy that explicitly mitigates the threat on Harvard-managed Windows client (workstation & laptop) systems. This policy has been tested and found to cause no issues or changes to systems or workflows. As a side note, this solution has shown an improvement for some clients in accessing file-shares as legacy discovery via NetBIOS and WINS is no longer used, and file share connections to \\abc.hsph.harvard.edu\ are connecting or prompting for connection MUCH sooner!
Further reading on the threat & mitigation can be found at https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning.
Please contact me with any concerns or questions on this.
Sincerely,
Matt Ronn, Dir. Infrastructure Services
Harvard T.H. Chan School of Public Health
Department of Information Technology
maronn@hsph.harvard.edu
