Jump to content
Posted 01 November 2008 - 09:47 AM
Posted 01 November 2008 - 10:31 AM
Posted 01 November 2008 - 10:32 AM
It is common to see those Events on computers using Windows networking and
that have file and print sharing and Client for Microsoft networks enabled.
Those often are null sessions used by the computer browser service. While
null sessions can be used to enumerate users, groups, and shares you can
mitigate the risk by using a firewall to prevent internet access to null
sessions, enforcing strong passwords on your network, and making sure your
share/folder permissions only allow authorized users access.
There are things you can do to reduce there occurrence as ling as the
changes do not interfere with your network access for users. For instance
disabling netbios over tcp/ip, disabling the computer browser service, and
configuring the security option for "additional restrictions for anonymous
access" to be " no access without explicit anonymous permissions". If you
disable netbios over tcp/ip on a computer it will no longer show in or be
able to use My Network Places but access to shares can still be done via
fully qualified domain name or possibly even netbios name as long as dns can
resolve the non FQDN by appending parent suffix to the request. The link
below explains anonymous access more and the security option to restrict it
along with possible consequences of doing such.
Posted 02 November 2008 - 08:29 AM
0 members, 0 guests, 0 anonymous users