Re: Scanning for unsecure shared folders
From: Steven L Umbach (sumbach55_at_ameritech.net)
Date: 11/06/03
- Next message: Steven L Umbach: "Re: What ports to open for Remote Desktop on Domain. TCP/IP filtering WIN 2000/2003?"
- Previous message: Joel T.: "Auditing File Deletion"
- In reply to: Jeff: "Scanning for unsecure shared folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 06 Nov 2003 02:29:33 GMT
Hi Jeff. There is a tool called LanGuard that you can try for free. It has a
lot of options and you may no want to scan all the options as it will slow
the scan down. You may also find the Microsoft Baseline Security Analyzer to
be of help in securing your machines and it can be used on remote machines.
http://www.gfi.com/languard/
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/mbsahome.asp
http://support.microsoft.com/default.aspx?kbid=320454
Keep in mind that in order to create shares a user must be a power user or
local administrator on their local machine. If you can have them be regular
users, then your network will be more secure. If they are local
administrators, you will have a lot of headaches and have much more
difficult time locking them down. For instance if a user has local
administrator powers, they can create a local machine account to log onto
and bypass any Group Policy user configuration and reconfigure the computer.
If their machines do not need to share resources and you do not need to
manage them remotely, then you can use Group Policy computer configuration
to disable the server service. If you want to remotely manage and they
should not be sharing resources you can control smb access via the user
right for "access this computer from the network" in security policy which
can be managed on a large scale with Group Policy. You can also replace the
everyone and users group on the access this computer from the network with
the authenticated users group for those domain members which will prevent
network access by a guest account if they have been enabled.
In a default installation, the everyone group may have full ntfs permissions
to the root/folder which should be reduced to read/list execute. Another
problem could be weak or no passwords. I would recommend implementing a
password policy that requires complex passwords that is configured at the
domain level.
Worms and viruses can also be an indication of improperly configured
firewall, inadequate virus scanning - particularly for emails, poor internet
securing, users connecting unathorized and unsecured computers such as their
laptops to YOUR network, computers/servers running unecessary services, and
a need to review patching with critical updates that may include SUS or
automatic updates. --- Steve
http://securityadmin.info/faq.asp#harden -- From the FAQ.
http://securityadmin.info/faq.asp#virustoc
"Jeff" <jeffpoling@yahoo.com> wrote in message
news:OuBZnl#oDHA.1884@TK2MSFTNGP09.phx.gbl...
> We have significant issues with viruses and worms because users create
> shared folders on their machines with Everyone group having the default
full
> control permissions. Is there a tool available to scan subnets for PCs
with
> unsecure shared folders? Is there a way to use Active Directory to prevent
> users from sharing folders?
>
> Thanks,
>
> Jeff
>
>
- Next message: Steven L Umbach: "Re: What ports to open for Remote Desktop on Domain. TCP/IP filtering WIN 2000/2003?"
- Previous message: Joel T.: "Auditing File Deletion"
- In reply to: Jeff: "Scanning for unsecure shared folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
