Re: Security vulnerabilities with enabled ports

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/29/02

• Next message: j: "Re: Directory security for 'public' folder."
• Previous message: Drew Cooper [MS]: "Re: profile logon problem"
• In reply to: Mike Ferraro: "Security vulnerabilities with enabled ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Thu, 29 Aug 2002 16:06:29 -0400

"Mike Ferraro" <michael.ferraro@mail1.monmouth.army.mil> wrote in message
news:bdbb01c24f8d$38b16c90$9ae62ecf@tkmsftngxa02...
> Maybe someone can answer this for me. What type of
> vulernabilities exist if server services, remote registry
> and admin shares are enabled? For some this maybe a very
> easy question to answer. Any recommended best practices?

I'm not sure what you mean by server services.

Using a firewall to block netbios access to internal servers helps protect
the other two you mentioned. You rarely see anyone disabling or
recommending admin shares be disabled, even on sensitive servers, though
disabling or unbinding netbios on sensitive servers effectively blocks
access to the admin shares and remote registry service without actually
disabling them. [Changing the LM registry value to limit anonymous
connections is something else that should be considered.]

Remote Registry service is something you might disable on sensitive servers
in a DMZ, though it is required for some uses such as running HFNETCHK to
look for missing patches and for some types of remote administration.

Really, you want to follow the recommended best practices and hardening
checklists for windows and IIS found at www.microsoft.com/security and
others found by searching google.com for "hardening windows," since those
checklists will take care of your questions and lots of other things not
mentioned here. The book Hacking Exposed 3rd edition is another good
introduction to these issues.

---

• Next message: j: "Re: Directory security for 'public' folder."
• Previous message: Drew Cooper [MS]: "Re: profile logon problem"
• In reply to: Mike Ferraro: "Security vulnerabilities with enabled ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Server loses network - bizzare behavior ... doing anything to the hardware on these servers. ... Meanwhile I'll see if disabling the unused NIC's helps, and if not, I will ... All errors, except id 12, states about connectivity to the domain DNS servers, ... see Help and Support Center at ... (microsoft.public.windows.server.general) Re: SNMP Service hang ... any services that explicitly depend on it will fail to ... using idle network bandwidth. ... replication will not occur and servers will not synchronize. ... Disabling this service will prevent other services in the system from being ... (microsoft.public.windows.server.general) Re: Multihomed PDC and computer browse service ... > off the shelf and replace the bad one in the machine. ... >> Everything seems to be working fine except for the browsing service. ... >> servers are 2003, all clients are xp. ... > Disabling will server as a little bit of a workaround,...but the machine ... (microsoft.public.windows.server.networking) Re: Windows Mail suddenly not downloading messages. ... Can you do a trial uninstall of ESET? ... respective servers occur just as they should. ... I also have no problem sending mails from ay of the accounts. ... I use eSet for my Anti-Virus/Malware and have tried disabling it to ... (microsoft.public.windows.vista.mail) Re: Firewall wont stay enabled ... >> it will fail to start. ... >> and servers. ... >> which you can view both local area network and remote connections. ... Stopping or disabling this service will result ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)