Re: Security Audit

From: Steven L Umbach (n9rou_at_attbi.com)
Date: 05/18/03 

Date: Sat, 17 May 2003 23:07:04 GMT

         You are correct. There are no administrator accounts on W95
machines. Possibly they are detecting that there is no password set to log
onto the W95 operating system, just network log on. I would say - hey, you
guys are right and we need to upgrade all those old systems to XP Pro ASAP
to be in compliance. About the only thing you can do to improve securing
W9X computers is to make sure they have Active Directory Client installed on
them so that they can use ntlmv2 authentication and smb signing if desired -
otherwise they are using lm which any script kiddie could crack sniffing
password hashes off the network. But I am sure you already using ADC or
else the corporate security guys would have caught that. --- Steve

http://www.petri.co.il/ad_client_for_win98_nt.htm - Active Directory Client
link.

"Phil" <pmarg@charter.net> wrote in message
news:Xns937E9C086FD7pmargcharternet@65.82.44.187...
> We are running a Windows 2000 AD domain with 2k, XP, and 9x clients. We
> recently had a security audit of our network by our corporate network
> security department. The software they used was "ISS Internet Scanner v.
> 6.21."
>
> In the results I am seeing several of these issues relating to Windows 9x
> machines:
>
> Issue: PASSWORD POLICIES
> Level: High
> Vulnerability: Administrator account has a blank password
> Risk: Unauthorized access to system resources
> Recommendation: Set passwords in accordance with Information Security
> policies and Procedures
>
> Since these are all Win9x machines, I'm not sure what to do here. There
> is no administrator account.
>
> Using LANGuard I get these results on the same machine:
>
> IP Address : <ip of machine>
> HostName : <hostname of machine>
> Resolved : <hostname of machine>
> Operating System : Windows 95
> Time to live (TTL) : 32 (32) - Same network segment
> Address mask : 255.255.255.0
> Shares (1)
> IPC$ - Remote Inter Process Communication
> Open Ports (2)
> 135 [ epmap => DCE endpoint resolution ]
> 139 [ Netbios-ssn => NETBIOS Session Service ]
>
> Are the vulnerabilities that the ISS software is picking up correct? If
> so, can anyone tell me what should be done in order to secure these 9x
> clients? TIA
>
> -Phil
>

Relevant Pages

  • Re: Active Directory Setup Advice
    ... A domain is really an entity with a single security remit. ... seen as on the same network it will be like one big network. ... Under one domain all machines have to be unique in naming scheme. ... sub domains you can have same names under different domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to access I/O port directly in VC6.0?
    ... As soon as you have standalone machines, ... Their "security" as far as servers was a joke; ... discovered the internal wireless network was completely unencrypted. ...
    (microsoft.public.vc.mfc)
  • Risks Digest 25.33
    ... States throw out costly electronic voting machines ... San Francisco officials looking for hidden network device ... Risks of better security ... ...
    (comp.risks)
  • Re: Biometrics
    ... > great grasp of the security aspect of protecting computers. ... Use Windows 98 Second Edition Machines as a safety internal> protocol ... > Gateway to the Network. ... Maintain certain machines as off-line only in locked and secure> rooms ...
    (microsoft.public.security)
  • Re: [Full-Disclosure] Sasser author
    ... I am responsible for security in a small business' network (50-or-so ... machines, most of them running MS OSs). ... Sasser did nothing to my offices' network. ...
    (Full-Disclosure)