Security Basics mailing list archives
RE: About default sharing folders in Windows
From: "skyfront" <skyfront () wanadoo fr>
Date: Wed, 4 Jun 2003 14:21:15 +0200
If you have no firewalls and NetBIOS was not blocked otherwise, I belive a hacker may use command like this one to map your drive C: I Think this is the more complete info on the subject, (there're more informations that you could search in the archives because this problems had yet a lot of discussion) If you have no firewalls and NetBIOS was not blocked otherwise, I belive a hacker may use command like this one to map your drive C: as a local M: as a local M: net use M: \\your_computer\C$ password /USER:your_login Of cause he will need to guess your password in order to perform such a task. IMHO, on default NT installation guessing a login is not a problem. Logins may be obtained through NULL-sessions die to IPC$ share opened for everyone. Since the password was guessed, hacker would have permissions like a user the account belong to. To disable default shares, edit registry as follows: In key HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Create or edit AutoShareWks or AutoShareServer (for server) value and set it with REG_DWORD 0 To disable IPC$ share, go to key HKLM\SYSTEM\CurrentControlSet\Control\LSA And create or modify REG-DWORD value RestrictAnonymous You'd better set it to 1. This will not disable null-sessions, but prevent anonymous users from gathering sensitive information like user accounts etc. The value 2 is completely disable NULL, but it may cause problems in connections with none-Microsoft software and older MS versions (FYI see Q246261). Hope this helps. -- Best regards, Martchukov Anton aka VH mailto:vhlist () yandex ru -----Message d'origine----- De : Michelle Mueller [mailto:muellerm () mtmary edu] Envoyé : mardi 3 juin 2003 17:08 À : Jimi Thompson Cc : netsecurity.guide () about com; security-basics () securityfocus com Objet : Re: About default sharing folders in Windows You can remove administrative shares on a workstation by setting this key: HKLM\System\ CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (REG_DWORD) 0 This information comes from http://www.cisecurity.org/ If you install their security benchmarking tool, a .pdf file is included with all of the registry key settings needed to secure a workstation. I imagine you can get this .pdf is somewhere on the site but I haven't looked for it. The benchmarking tool also includes security admin templates for workstations and group policies. Use the tool. If you haven't taken any steps to secure your computers you'll be shocked at the results. Jimi Thompson wrote:
<SNIP> I believe there might be a way in the registry to remove the administrative shares altogether, but whether there is or isn't you need to make sure you have strong passwords for the administrator account and you should assign a strong password to the Guest account even if you keep the account disabled.</SNIP> I strongly suggest renaming the local Administrator and Guest account to something that is not easily guessed at. In addition, you should probably create "dummy" accounts named "Administrator" and "Guest" that have no rights/no group memberships and are disabled. Monitor the dummy accounts closely for log in attempts. If you machines are going to be exposed to the Internet, you will have to hack the registry to remove the all the default shares. Technet has several fine articles on this.
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.487 / Virus Database: 286 - Release Date: 01/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.487 / Virus Database: 286 - Release Date: 01/06/2003 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: About default sharing folders in Windows Jimi Thompson (Jun 02)
- RE: About default sharing folders in Windows David Gillett (Jun 02)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 03)
- Re: About default sharing folders in Windows Mark Kockerbeck (Jun 03)
- RE: About default sharing folders in Windows dave (Jun 03)
- RE: About default sharing folders in Windows dschaible (Jun 03)
- Message not available
- Re[2]: About default sharing folders in Windows vh (Jun 03)
- RE: About default sharing folders in Windows David Gillett (Jun 02)
- Re: About default sharing folders in Windows Michelle Mueller (Jun 03)
- RE: About default sharing folders in Windows skyfront (Jun 04)
- <Possible follow-ups>
- Re: About default sharing folders in Windows Nicholas Diotte (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- Re: About default sharing folders in Windows Roger A. Grimes (Jun 04)
- RE: About default sharing folders in Windows dave (Jun 04)
- RE: About default sharing folders in Windows stephen at unix dot za dot net (Jun 05)
- RE: About default sharing folders in Windows Cosentino, Guilherme V. (Jun 04)
- RE: About default sharing folders in Windows Chris Berry (Jun 04)
- RE: About default sharing folders in Windows Paris Stone (Jun 04)
- RE: About default sharing folders in Windows Raoul Armfield (Jun 05)
- RE: About default sharing folders in Windows Doc Farmer (Jun 05)