Educause Security Discussion mailing list archives
Re: ISS Vul Scan
From: "Lopez, Diego (District)" <Diego.Lopez () MDC EDU>
Date: Tue, 3 Apr 2007 15:50:33 -0400
This looks like the default admin shares -- C$, D$. Diego Lopez Miami Dade College - IT diego.lopez () mdc edu 305.237.0931 Please Note: Due to Florida's very broad public records law, most written communications to or from College employees regarding College business are public records, available to the public and media upon request. Therefore, this e-mail communication may be subject to public disclosure. ________________________________ From: Gibson, Nathan J. (HSC) [mailto:Nathan-Gibson () OUHSC EDU] Sent: Wednesday, March 28, 2007 1:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ISS Vul Scan Does Anyone know why ISS would be flagging this: It is a Server 2k3 Machine. No NT Machines on the network. No apps needing NetBIOS. We have disabled NetBIOS on the NIC and it still shows up. M Root Share: SMB NetBIOS entire drive available (CVE-1999-0520) Vuln count = 3 NetBIOS allows full access to the entire hard drive. By sharing the entire drive, any new additions to this drive are automatically made available. Remedy: Restrict the share to specific directories or require stronger authentication for access. References: V/R, Nathan J. Gibson, CISSP Information Technology, Information Security Services University of Oklahoma Health Sciences Center Rogers Building, Room 128 Office: (405) 271-2476 Fax: (405) 271-2181 EXT:50270 Cell: (405) 397 5134 http://it.ouhsc.edu/services/infosecurity <http://it.ouhsc.edu/services/infosecurity> Confidentiality Notice This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center, which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments.
Current thread:
- Re: ISS Vul Scan Lopez, Diego (District) (Apr 03)
- <Possible follow-ups>
- Re: ISS Vul Scan John Hoffoss (Apr 04)