Skip to main content

Windows network risks - NetBIOS, SMB and null sessions


Some of the biggest security risks through information leakage, affecting Windows computers is the Windows network itself, and the protocols used to share files and printers amongst local computers in a local Windows network, particularly SMB and NetBIOS, taking advantage of default hidden shares. Here we describe a discovery technique also known as null sessions, that can provide additional in-depth information about a remote computer, that can further be used to compromise it and take control over it.

The Windows network implementation has a specific interface that can be queried via TCP-IP ports 139 and 445. The problem exists on many Windows installations due to the fact that default security configurations are allowing it. The first step an attacker would take, is to perform a TCP scan on your Windows computer. If improperly protected, your computer may have these ports open and they may expose a lot of information, through using the so called null sessions technique. What happens is that the attacker can open a communication channel through these ports as anonymous user with a null password; this channel can then be used further in order to obtain additional information about your computer, like network information, users and groups, shares, registry values and so on, through using the SMB and NetBIOS protocols.

The most effective way to protect your computer against null session attacks is to block ports 139 and 445 (TCP/UDP) on your computer. This leaves the attacker with no way to connect to the ports and therefore they cannot perform such queries and your security configuration has significantly improved. But there's more you can do. The best way to protect yourself from this problem is to disable access to SMB information on your computer, by configuring explicit anonymous connections through security options accessible from Control Panel – Administrative Tools – Local Security Policy. Once opened, go to Local Policy – Security options, and look for an entry called ''Additional restrictions for anonymous connections''. Set this entry to the most secure setting, which is ''No access without explicit anonymous permissions''. You may need to reboot computer after changing this value, for it to take full effect. What happens then, is that once an attacker will attempt again to connect to your computer and harvest information with this method, an access denied error message will be received and no information will further be disclosed. But once again, blocking access to ports 139 and 445 will protect your computer from this problem, that can otherwise be used to acquire additional information about your computer, and in the end, take control over it.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Exp/ Imp vs. ExpDP/ ImpDP in Oracle 10g

ORACLE Export (exp) vs Datapump (expdp)    ORACLE provides two external utilities to transfer database objects from one database to another database. Traditional exports (exp /imp) are introduced before 10g. Then from 10g, ORACLE introduced datapump (expdp / impdp) as an enhancement to traditional export utility. Traditional Export (exp/ imp) This is an ORACLE database external utility, which is used to transfer database objects from one database server to another database server. It allows transferring the database objects over different platforms, different hardware and software configurations. When an export command is executed on a database, database objects are extracted with their dependency objects. That means if it extracts a table, the dependences like indexes, comments, and grants are extracted and written into an export file (binary format dump file). Following is the command to export a full database, Cmd > exp userid=username/password@exportdb_...
Post a Comment
Read more

Hi! I'm Java...

Java is a computer programming language. It enables programmers to write computer instructions using English based commands, instead of having to write in numeric codes. It’s known as a “high-level” language because it can be read and written easily by humans. Like English, Java has a set of rules that determine how the instructions are written. These rules are known as its “syntax”. Once a program has been written, the high-level instructions are translated into numeric codes that computers can understand and execute. Who Created Java? In the early nineties, Java was created by a team led by James Gosling for Sun Microsystems. It was originally designed for use on digital mobile devices, such as cell phones. However, when Java 1.0 was released to the public in 1996, its main focus had shifted to use on the Internet. It provided more interactivity with users by giving developers a way to produce animated webpages . Over the years it has evolved as a successful language for ...
1 comment
Read more

Setting up OpenGL environment for Microsoft Visual C++

Hi Friends, before starting the setting up OpenGL environment, please do the following first: 1.       Install Microsoft Visual C++ 6.0 (Comes with Ms Visual Studio 6.0) 2.       Download the file called “opengl95.exe” and “glutdlls.zip” from internet. [Just open browser-> navigate http://www.google.com -> type upper mentioned file name and search -> you will definitely find the appropriate link to download.] 3.       Run opengl95.exe file and it will be extracted and will be generated some files. Copy those files and 4.       Extract the file “glutdlls.zip” and it will also generate some more files. 5.       Now, combine all extracted files from two sources (opengl95.exe and glutdlls.zip) and place in one location. Setting up OpenGL environment for Microsoft Visual C++ With any system, you can start with a C\C++ compiler and install ...
Post a Comment
Read more