Re: Security vulnerabilities with enabled ports

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/29/02

• Next message: j: "Re: Directory security for 'public' folder."
• Previous message: Drew Cooper [MS]: "Re: profile logon problem"
• In reply to: Mike Ferraro: "Security vulnerabilities with enabled ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Thu, 29 Aug 2002 16:06:29 -0400

"Mike Ferraro" <michael.ferraro@mail1.monmouth.army.mil> wrote in message
news:bdbb01c24f8d$38b16c90$9ae62ecf@tkmsftngxa02...
> Maybe someone can answer this for me. What type of
> vulernabilities exist if server services, remote registry
> and admin shares are enabled? For some this maybe a very
> easy question to answer. Any recommended best practices?

I'm not sure what you mean by server services.

Using a firewall to block netbios access to internal servers helps protect
the other two you mentioned. You rarely see anyone disabling or
recommending admin shares be disabled, even on sensitive servers, though
disabling or unbinding netbios on sensitive servers effectively blocks
access to the admin shares and remote registry service without actually
disabling them. [Changing the LM registry value to limit anonymous
connections is something else that should be considered.]

Remote Registry service is something you might disable on sensitive servers
in a DMZ, though it is required for some uses such as running HFNETCHK to
look for missing patches and for some types of remote administration.

Really, you want to follow the recommended best practices and hardening
checklists for windows and IIS found at www.microsoft.com/security and
others found by searching google.com for "hardening windows," since those
checklists will take care of your questions and lots of other things not
mentioned here. The book Hacking Exposed 3rd edition is another good
introduction to these issues.

• Next message: j: "Re: Directory security for 'public' folder."
• Previous message: Drew Cooper [MS]: "Re: profile logon problem"
• In reply to: Mike Ferraro: "Security vulnerabilities with enabled ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SNMP Service hang ... any services that explicitly depend on it will fail to ... using idle network bandwidth. ... replication will not occur and servers will not synchronize. ... Disabling this service will prevent other services in the system from being ... (microsoft.public.windows.server.general) Re: Multihomed PDC and computer browse service ... > off the shelf and replace the bad one in the machine. ... >> Everything seems to be working fine except for the browsing service. ... >> servers are 2003, all clients are xp. ... > Disabling will server as a little bit of a workaround,...but the machine ... (microsoft.public.windows.server.networking) Re: Firewall wont stay enabled ... >> it will fail to start. ... >> and servers. ... >> which you can view both local area network and remote connections. ... Stopping or disabling this service will result ... (microsoft.public.windowsxp.security_admin) Re: Disabling Local user accounts on member servers and workstations ... identify those computers. ... winnt:// Provider to disable this account. ... disabling. ... connecting to the servers I want to disable the account on. ... (microsoft.public.windows.server.active_directory) Re: [SLE] Tightening default SUSE Linux security ... I would like to discuss possibilities to improve default SUSE Linux security. ... Talking about servers, sitting in server farm with controlled physical ... add a non root user and disable ssh login as root. ... your servers (for instance for mysql it would mean disabling remote ... (SuSE)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint