ISS Security Audit
From: Phil (pmarg_at_charter.net)
Date: 05/17/03
- Next message: Walter Roberson: "Re: ISS Security Audit"
- Previous message: Bill Robins: "Shared folders."
- Next in thread: Walter Roberson: "Re: ISS Security Audit"
- Reply: Walter Roberson: "Re: ISS Security Audit"
- Reply: John Veldhuis: "Re: ISS Security Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 May 2003 17:24:53 GMT
We recently had a security audit of our network by our corporate network
security department. The software they used was "ISS Internet Scanner v.
6.21."
In the results I am seeing several of these issues relating to Windows 9x
machines:
Issue: PASSWORD POLICIES
Level: High
Vulnerability: Administrator account has a blank password
Risk: Unauthorized access to system resources
Recommendation: Set passwords in accordance with Information Security
policies and Procedures
Since these are all Win9x machines, I'm not sure what to do here. There
is no administrator account.
Using LANGuard I get these results on the same machine:
IP Address : <ip of machine>
HostName : <hostname of machine>
Resolved : <hostname of machine>
Operating System : Windows 95
Time to live (TTL) : 32 (32) - Same network segment
Address mask : 255.255.255.0
Shares (1)
IPC$ - Remote Inter Process Communication
Open Ports (2)
135 [ epmap => DCE endpoint resolution ]
139 [ Netbios-ssn => NETBIOS Session Service ]
Are the vulnerabilities that the ISS software is picking up correct? If
so, can anyone tell me what should be done in order to secure these 9x
clients? TIA
-Phil
- Next message: Walter Roberson: "Re: ISS Security Audit"
- Previous message: Bill Robins: "Shared folders."
- Next in thread: Walter Roberson: "Re: ISS Security Audit"
- Reply: Walter Roberson: "Re: ISS Security Audit"
- Reply: John Veldhuis: "Re: ISS Security Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
