Đang chuẩn bị liên kết để tải về tài liệu:
hackers beware the ultimate guide to network security phần 7
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Đối với đứng một mình máy NT kết nối với Internet, vô hiệu hóa các cam kết ràng buộc NetBIOS từ giao diện mạng. Bởi vì nó thường được biết đến nhiều lỗ hổng bảo mật đến từ bên trong của một tổ chức, chăm sóc cần được thực hiện để hạn chế chia sẻ tập tin hoàn toàn. | For stand alone NT machines connected to the Internet disable NetBIOS bindings from the network interface. Because it is generally known that many security breaches come from the inside of an organization care should be taken to limit file sharing altogether. If possible a system administrator should lock down any Windows 9.X machines on the network so users cannot unilaterally enable sharing without the IT department s knowledge. The Windows 95 Policy Editor poledit.exe is a great tool for this. Windows NT workstations are easier to secure but the default configuration should be checked to make sure that the network is not vulnerable. On an NT-only network it is possible to disable Lanman authentication by adding LMCompatabilityLevel Value with a Value Type REG_DWORD 4 to the following Registry key HKEY_LOCAL_MACHINE System CurrentControlSet Control LSA The bottom line is that system administrators along with others tasked with security need to take security vulnerability warnings and advisories seriously. Although the Microsoft vulnerabilities related to NetBIOS and NetBEUI were made public several years ago many organizations still have not made an effort to shore up their security infrastructure. Federal agencies have been forced to start doing so through mandates such as Presidential Decision Directive PDD 63 and other efforts to secure the nation s critical infrastructure. Users need to be educated and held responsible when they deliberately weaken an organization s security posture. The Federal government is taking steps in the right direction and the private sector would do well to follow if they haven t done so already. Additional Information Additional information on this exploit and on NetBIOS and SMB can be found at www.packetstorm.securify.com. The Microsoft shares exploit looked at some of the general problems with Shares and Null sessions. The next section takes a look at a specific product that can be used to exploit Null sessions Legion. Legion .