Re: How use of security tools.
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/28/05
- Next message: Michael P. Schieferer: "Cannot access Resources from a Win98 ClientPC"
- Previous message: Altria: "Changing wallpaper on desktops"
- In reply to: TC: "How use of security tools."
- Next in thread: Roger Abell: "Re: How use of security tools."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 09:43:27 -0500
A lot of information is available via anonymous logon which is called a
"null" session. This is one reason, among many others, that a firewall is
needed to protect your computer/network from untrusted networks. While such
information can be valuable to an attacker you can minimize risk by making
sure that strong passwords are enabled, that the guest account is disabled
[it is by default], and that you monitor audit logs for failed logons.
You can restrict or eliminate what a null session finds by tweaking the
security options for network access: in the appropriate security policy
[secpol.msc for instance] and restricting anonymous. You also could disable
file and print sharing if the computer does not need it, use the Windows
Firewall to block access to file and print sharing, or enable a ipsec
require policy that does not respond to any non ipsec ESP/AH traffic and
restrict what computers have a compatible ipsec policy. Ipsec should be
implemented with care and fully tested. Domain controllers also can not
engage in ipsec ESP/AH with domain members.
Disabling null sessions all together can have some consequences particularly
with downlevel clients, external domain trusts, and the browse list that is
used to populate My Network Places. See the link below for more details.
http://support.microsoft.com/?kbid=246261
Just a comment in that if you really are having a problem with compromising
your test systems by doing Google searches and using the web then you really
need to lock down your computers. By default Windows 2003 has enhanced
security for Internet Explorer enabled which disabled such things as install
on demand and sets security for the internet Web Content Zone to high. I
suggest you read the free Windows 2003 Server Security Guide and the Threats
and Countermeasures Guide both which discuss anonymous access among a lot of
other security info. --- Steve
http://www.microsoft.com/technet/security/default.mspx --- TechNet
Security Center where you can download security guides and a whole lot more.
"TC" <travelclarkie@gmail.com> wrote in message
news:u3ktuL7eFHA.3280@TK2MSFTNGP09.phx.gbl...
>I am taking sec+ as well as a handful of other certs. Luckally I have a
>2003 Server to play with to learn things.
>
> I do have a question about some of the things I am learning.
>
> One thing that I'm a bit confused about.
>
> While using tools like Cain on machine how is it able to grab all the
> data such as users, groups, services, etc on a remote system. Especally
> when the credatials are either at the user level on the remote system or
> none exsistent (ie no account on the remote system).
>
> I understand it will differ from OS to OS an general over veiw is all i
> need and a being pointed in the right direction to learn for myself. (I've
> tried googling this and other similar questions but I'm sick of getting
> porm and comprimising my test systems - at least they are VPC so gettings
> thing up and running is easier).
> --
> Thank you,
>
> TC
>
> Please reply to the newsgroup so we can all learn from others.
> Thanks.
>
- Next message: Michael P. Schieferer: "Cannot access Resources from a Win98 ClientPC"
- Previous message: Altria: "Changing wallpaper on desktops"
- In reply to: TC: "How use of security tools."
- Next in thread: Roger Abell: "Re: How use of security tools."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
