Microsoft's Windows operating system has improved a lot over the years since Windows 3.1 was introduced. Windows 95, NT and other versions have led to Windows 7, which is more flexible and more secure than its predecessors. One part of the Windows OS that has persisted is Windows file sharing. Port 445 is instrumental in sharing files over a Windows TCP/IP network.
Video of the Day
Windows File Sharing
Early versions of Windows used Server Message Block (SMB) for network file and printer sharing services. With the growth of TCP/IP Microsoft designed Windows NT to run SMB on top of NetBIOS over TCP/IP. This design used ports 135, 137 and 139 for communications over the network, while versions starting with Windows 2000 were designed to run SMB over TCP/IP directly using port 445.
NetBIOS carries information in its packets such as domain information, computer names and account information. Such information should never leave your local network, as its discovery by malicious persons could result in a security breach on your network. Disabling NetBIOS over TCP/IP entirely is the best option unless NetBIOS is a requirement on your network. This might be the case if you have older network applications that require NetBIOS for communication.
Resource Sharing in Windows 7
Sharing of network resources over Port 445 as implemented in Windows 7 is more efficient than running SMB on top of NetBIOS over TPC/IP. This method eliminates the middle man and eliminates the three NetBIOS security risks associated with Ports 135, 137 and 139. You can actually disable NetBIOS over TCP/IP on Windows 7 through the Advanced Settings of your network adapter. You can also disable NBT by setting the Microsoft vendor-specific option code 1 to a value of 2 on your DHCP server.
Securing Port 445
Disabling NBT achieves a higher level of security than leaving those ports functional, but you still must secure Port 445. It is best to set your firewall to never allow Port 445 outgoing network traffic. Some recommend disabling Port 445 on your personal firewall unless you actually need it for a period of time. This is more trouble, but is the most secure method for using Port 445 at all.