Skip to main content

Windows network risks - NetBIOS, SMB and null sessions


Some of the biggest security risks through information leakage, affecting Windows computers is the Windows network itself, and the protocols used to share files and printers amongst local computers in a local Windows network, particularly SMB and NetBIOS, taking advantage of default hidden shares. Here we describe a discovery technique also known as null sessions, that can provide additional in-depth information about a remote computer, that can further be used to compromise it and take control over it.

The Windows network implementation has a specific interface that can be queried via TCP-IP ports 139 and 445. The problem exists on many Windows installations due to the fact that default security configurations are allowing it. The first step an attacker would take, is to perform a TCP scan on your Windows computer. If improperly protected, your computer may have these ports open and they may expose a lot of information, through using the so called null sessions technique. What happens is that the attacker can open a communication channel through these ports as anonymous user with a null password; this channel can then be used further in order to obtain additional information about your computer, like network information, users and groups, shares, registry values and so on, through using the SMB and NetBIOS protocols.

The most effective way to protect your computer against null session attacks is to block ports 139 and 445 (TCP/UDP) on your computer. This leaves the attacker with no way to connect to the ports and therefore they cannot perform such queries and your security configuration has significantly improved. But there's more you can do. The best way to protect yourself from this problem is to disable access to SMB information on your computer, by configuring explicit anonymous connections through security options accessible from Control Panel – Administrative Tools – Local Security Policy. Once opened, go to Local Policy – Security options, and look for an entry called ''Additional restrictions for anonymous connections''. Set this entry to the most secure setting, which is ''No access without explicit anonymous permissions''. You may need to reboot computer after changing this value, for it to take full effect. What happens then, is that once an attacker will attempt again to connect to your computer and harvest information with this method, an access denied error message will be received and no information will further be disclosed. But once again, blocking access to ports 139 and 445 will protect your computer from this problem, that can otherwise be used to acquire additional information about your computer, and in the end, take control over it.
Labels:

Comments

Post a Comment

Popular posts from this blog

Hi! I'm Java...

Java is a computer programming language. It enables programmers to write computer instructions using English based commands, instead of having to write in numeric codes. It’s known as a “high-level” language because it can be read and written easily by humans. Like English, Java has a set of rules that determine how the instructions are written. These rules are known as its “syntax”. Once a program has been written, the high-level instructions are translated into numeric codes that computers can understand and execute. Who Created Java? In the early nineties, Java was created by a team led by James Gosling for Sun Microsystems. It was originally designed for use on digital mobile devices, such as cell phones. However, when Java 1.0 was released to the public in 1996, its main focus had shifted to use on the Internet. It provided more interactivity with users by giving developers a way to produce animated webpages . Over the years it has evolved as a successful language for
1 comment
Read more

Comparison over Intel Core 2 duo & Intel Core i3 Processor

A comparison between processors was simple some years ago with a single core processor. All you had to look at was the clocking frequency and the cache size. The entry of multiple core chips changed it all and life became complicated. With dual, quad and even six core processors hitting the market, there are many more factors to be considered, than before. Intel's dual core and core 2 duo processors were the first ones to introduce multi-core processor based computing. The quad core processors created later have given rise to the quad core vs dual core debate, as well as the core i5 vs core i7 comparison which is something that high-end computing market consumers should think about. Prior to that, we only had the 32 bit vs 64 bit processors comparison to worry about. Today, Intel has gone through a lot of designing and planning, to introduce core i3 processors that are an improvement over the core 2 duo line. The following Intel core i3 vs core 2 duo processor comparison wil
Post a Comment
Read more

Using GREP in UNIX

How To Use grep Command In Linux / UNIX by  VIVEK GITE  on  AUGUST 2, 2007  ·  147 COMMENTS H ow do I use grep command in Linux? grep command searches the given file for lines containing a match to the given strings or words. By default, grep prints the matching lines. Use grep to search for lines of text that match one or many regular expressions, and outputs only the matching lines. The name, "grep", derives from the command used to perform a similar operation, using the Unix/Linux text editor ed: g/re/p grep command syntax grep 'word' filename grep 'string1 string2' filename cat otherfile | grep 'something' command | grep 'something' Use grep to search file Search /etc/passwd for boo user: $ grep boo /etc/passwd You can force grep to ignore word case i.e match boo, Boo, BOO and all other combination with -i option: $ grep -i "boo" /etc/passwd Use grep recursively You can search recursively i.e. read all files under each
Post a Comment
Read more