NBT vs SMB - security

Microsoft advise that NBT (NetBIOS over TCP) and SMB (445)
should be disabled on machines that are in less protected
networks. I have a network which has a firewall permiting
only web access to a web server behind it. I would like to
also disable NBT and SMB on this machine to limit attack
vectors. However the web server needs to be able to access
a file share on another adjacent machine so this will not
be possible? If I were to disable one of these transports
over the other which one is more secure?

I presume you mean that the firewall only allows the machine to use tcp
port 80 to the outside world. If that's the case, having Netbt enabled on
the machine is not a security risk. It is only at risk if the Netbios ports
(135 to 139) or the direct hosting ports (445) are exposed to the Internet.

"Gary" <(E-Mail Removed)> wrote in message
news:19c6d01c44d4d$e97fe4b0$(E-Mail Removed)...
> Microsoft advise that NBT (NetBIOS over TCP) and SMB (445)
> should be disabled on machines that are in less protected
> networks. I have a network which has a firewall permiting
> only web access to a web server behind it. I would like to
> also disable NBT and SMB on this machine to limit attack
> vectors. However the web server needs to be able to access
> a file share on another adjacent machine so this will not
> be possible? If I were to disable one of these transports
> over the other which one is more secure?