Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Default shares & SMS Server

From: Chris Buechler <secfocus () chrisbuechler com>
Date: Tue, 25 Oct 2005 19:43:54 -0400
Goran Sevic wrote:


Hi,

While performing audit of an organisation, we found all the default
shares including (C$ & D$) been enabled on the user's workstations. When
asked the tech team, mentioned that these shares are needed for the
functioning of Microsoft SMS servers.

Is anyone aware of the requirement of these shares on the workstations?
My feeling is that the ADMIN$ share on the workstations is enough for
the operation of SMS functions.
The ADMIN$ share seems to be the only one required for SMS functionality. But those are only accessible to administrators on the local machine. Unless you firewall the machine off from everything, and/or disable a bunch of services that are pretty much required in most circumstances, there are plenty of ways for someone that already has administrator-level access to re-enable those shares or create new ones or work around that in other ways. Especially when you have to leave the ADMIN$ share enabled. Given the administrative benefit of having those shares, and the lack of any tangible security benefit in disabling them, I wouldn't suggest turning them off in most circumstances. You need to worry about keeping the wrong people from getting administrator-level access, not what they can do once they have it. 
regards,
-chris

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: