What are the key defense recommendations against NSA SMB and NBT exploits?

Defense against exploits like ETERNALBLUE includes upgrading system patches, enabling the firewall, and blocking port 445 using `netsh advfirewall firewall add rule name="445" protocol=TCP dir=in localport=445 action=block`. Additionally, proactively scan your intranet with SmbtouchScanner.py to identify vulnerable hosts. Note that Smbtouch-1.1.1.exe is now detected by antivirus software, so use it in controlled environments.