Security Basics mailing list archives

RE: Basic firewall filtering question

From: "Ferino Mardo" <RMardo () ALJOMAIHBEV com>
Date: Tue, 27 Jul 2004 20:47:45 +0300

But wouldn't that break some required connections from the AD/DC? Don't
they connect thru null sessions?

-----Original Message-----
From: Gethin Jones [mailto:gethinj () gethin net] 
Sent: Monday, July 26, 2004 9:54 PM
To: Ferino Mardo; security-basics () securityfocus com
Subject: Re: Basic firewall filtering question

Dear All,

The best way to secure these 'holes' in NETBIOS security is 
to put security policies in place that do not allow 'NULL' 
account access to NETBIOS shares such as C$, ADMIN$ and IPC$. 
If you start blocking access to these shares completely you 
will run into all sorts of problems.

Have a look :-)

Windows 2000
  1.. Open up the Domain Policy.
  2.. Select Security Settings
  3.. Select Local Policies
  4.. Select Security Options.
  5.. Choose "Additional restrictions of anonymous 
connections" in the policy pane and from the pull down menu 
labelled "Local policy setting", select "No access without 
explicit anonymous permissions. Click OK and reboot the machine.

Windows XP & Windows 2003

  1.. Open the Domain Policy
  2.. Select Security Settings
  3.. Select Local Policies
  4.. Select Security Options. Make sure that BOTH the 
following options are
enabled:

Network Access: Do not allow anonymous enumeration of SAM accounts.

Network Access: Do not allow anonymous enumeration of SAM 
accounts and shares.

The Windows XP & 2003 settings do not completely fix the 
problem as some aspects of the policies have not been added 
by Microsoft yet. But as Microsoft releases patches for their 
servers they will incorporate the correct settings.

Best Regards

Gethin


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Basic firewall filtering question Ferino Mardo (Jul 26)
- Re: Basic firewall filtering question Gethin Jones (Jul 26)
- Re: Basic firewall filtering question mike (Jul 26)
- <Possible follow-ups>
- RE: Basic firewall filtering question Gallina, Michael (Jul 27)
- RE: Basic firewall filtering question Ferino Mardo (Jul 28)
- RE: Basic firewall filtering question Ferino Mardo (Jul 29)