RE: Problem Disabling "Null Session" on W2K3
- From: "Roger A. Grimes" <roger@xxxxxxxxxxxxxx>
- Date: Tue, 14 Nov 2006 22:41:43 -0500
Essentially, you can't disable the null sessions in most instances of
Windows. It's the way Windows works. To change the defaults, even if you
can...even if many books wrongly suggest you can do it to improve
security...is to break your Windows machine. You can only disable on
stand-alone machines or significantly hardened machines that are placed
on an Internet edge or DMZ. For the most part, leave it alone.
Microsoft has patched and fix what they can regarding it, but we have to
live with a certain about of anonymous (null session) enumeration in our
domain controllers. It's the way Windows works.
Roger
*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@xxxxxxxxxxxxx or roger@xxxxxxxxxxxxxx
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of eneko.astorkiza@xxxxxxxxxxxx
Sent: Tuesday, November 14, 2006 11:18 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Problem Disabling "Null Session" on W2K3
Hi all,
Firstly excuse my english, i'm spanish.
I'm trying to secure some AD servers and i have a problem.
I scan then (w2k3 AD Servers) with Retina and it says that i have "Null
Session" enabled, so it shows all the domain users. (I'm doing with a
machine out of the domain)
The problem is that if i look at the RestrictAnonymous and
RestrictAnonymousSAM registry values, they are ok :-?
Someone knows why i can enumerate the domain users ???
I have also use SuperScan and the same happens.
Un saludo
Eneko
------------------------------------------------------------------------
---
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Problem Disabling "Null Session" on W2K3
- From: eneko . astorkiza
- Problem Disabling "Null Session" on W2K3
- Prev by Date: Re: full-disk-encryption for linux ?
- Next by Date: Re: VLANs confusing
- Previous by thread: Re: Problem Disabling "Null Session" on W2K3
- Next by thread: RE: Problem Disabling "Null Session" on W2K3
- Index(es):
Relevant Pages
|
