Security Audit
From: Phil (pmarg_at_charter.net)
Date: 05/17/03
- Next message: Carolyn: "PC NOT VISIBLE IN AD"
- Previous message: Dmitry Korolyov: "Re: Disallowing use of certain programs"
- Next in thread: Steven L Umbach: "Re: Security Audit"
- Reply: Steven L Umbach: "Re: Security Audit"
- Reply: Phil: "Re: Security Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 May 2003 19:18:02 GMT
We are running a Windows 2000 AD domain with 2k, XP, and 9x clients. We
recently had a security audit of our network by our corporate network
security department. The software they used was "ISS Internet Scanner v.
6.21."
In the results I am seeing several of these issues relating to Windows 9x
machines:
Issue: PASSWORD POLICIES
Level: High
Vulnerability: Administrator account has a blank password
Risk: Unauthorized access to system resources
Recommendation: Set passwords in accordance with Information Security
policies and Procedures
Since these are all Win9x machines, I'm not sure what to do here. There
is no administrator account.
Using LANGuard I get these results on the same machine:
IP Address : <ip of machine>
HostName : <hostname of machine>
Resolved : <hostname of machine>
Operating System : Windows 95
Time to live (TTL) : 32 (32) - Same network segment
Address mask : 255.255.255.0
Shares (1)
IPC$ - Remote Inter Process Communication
Open Ports (2)
135 [ epmap => DCE endpoint resolution ]
139 [ Netbios-ssn => NETBIOS Session Service ]
Are the vulnerabilities that the ISS software is picking up correct? If
so, can anyone tell me what should be done in order to secure these 9x
clients? TIA
-Phil
- Next message: Carolyn: "PC NOT VISIBLE IN AD"
- Previous message: Dmitry Korolyov: "Re: Disallowing use of certain programs"
- Next in thread: Steven L Umbach: "Re: Security Audit"
- Reply: Steven L Umbach: "Re: Security Audit"
- Reply: Phil: "Re: Security Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
