Re: Null Session with a twist
From: Gary Flynn (flynngn@jmu.edu)
Date: 04/24/03
- Next message: Dan: "File Security"
- Previous message: Karl Levinson [x y], mvp: "Re: Seeing Temporary internet files on remote machines"
- In reply to: Chris Pelich: "Null Session with a twist"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Apr 2003 12:03:19 -0400 From: Gary Flynn <flynngn@jmu.edu>
Chris Pelich wrote:
> We all know the battle over the null session and the data
> that can be gathered may be useful to a potential hacker
> or script kiddie. My issue is that during a Nessus scan I
> found the usual Null Session but that they were available
> through the administrator account but a null password! My
> administrator has a password, but I believe during the
> install, the admin left it blank, possibly causing my
> problem.
>
> I need to know how to fix this. Please don't send me the
> LSA registry entry to shut off Null Sessions. I want to
> know how to chage the permissions or set a password for
> this. I'm attaching the scenario.
There are instructions for setting the Administrator
password at the top of this web page:
http://www.jmu.edu/computing/info-security/engineering/issues/desk/msfileshar.shtml
Another way to reduce risk is to go into the Local Security
Policy and disable network access to the machine altoghether
by the Administrator accounts.
1. Start->Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Local Security Policy
5. Expand the Local Policies folder
6. Click the User Rights Assignment folder
7. Look for "Access this computer from the network" on the
right side of the screen. If there are any accounts
listed that don't require access from the network remove
them by:
1. Right click on the "Access this computer from the
network" right and select Security
2. Uncheck the Local Policy Setting checkbox by the
account(s) from which you wish to remove the right.
3. Click OK. The Policy settings will take effect when
the Local Security Policy application is closed.
-- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
- Next message: Dan: "File Security"
- Previous message: Karl Levinson [x y], mvp: "Re: Seeing Temporary internet files on remote machines"
- In reply to: Chris Pelich: "Null Session with a twist"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
