Page 523 - StudyBook.pdf
P. 523

Infrastructure Security: System Hardening • Chapter 8  507

                    On Windows OSes, there is a service called file and print sharing (the Server ser-
                 vice in Windows NT).When enabled, this service allows others to access the
                 system across the network to view and retrieve or use resources. Other OSes have
                 similar services (and thus similar weaknesses).The Microsoft File and Print Sharing
                 service uses NetBIOS with SMB traffic to advertise shared resources, but does not
                 offer security to restrict who can see and access those resources.
                    This security is controlled by setting permissions on those resources.The
                 problem is that when a resource is created in a Windows NT-based system, they are
                 set by default to give full control over the resource to everyone who accesses that
                 system. By default, the file and print sharing service (or server service in NT) is
                 bound to all interfaces being used for communication.
                    This means that when sharing is enabled for the purpose of sharing resources
                 with a trusted internal network over a network interface card (NIC), the system is
                 also sharing those resources with the entire untrusted external network over the
                 external interface connection. Many users are unaware of these defaults and do not
                 realize their resources are available to anyone who knows enough about Windows
                 to find them. For example, users with access to port scanning software, or using the
                 basic analysis provided through the use of NetBIOS statistics (NBTSTAT) or the
                 net view command in a Windows network, would have the ability to list shared
                 resources if NetBIOS functionality exists.


                   Look at What is Exposed
               Notes From the Underground…
                   To look at the resources exposed in a Windows network, open a com-
                   mand window in any version of Windows that is networked. Type cmd at
                   the Run line on any XP machine. At the prompt, type net view and press
                   the  Return [Enter] key. You will see a display showing machines with
                   shared resources in the network segment, and the machines they are
                   attached to.
                        The display will look something like this:
                    Server Name             Remark
                    -----------------------------------------
                    \\EXCELENTXP
                    \\EXC2003
                    The command completed successfully.
                    Next, type net view \\machine name at the prompt, and hit the Enter or
                    Return key.
                    That display might look like this:
                    Shared resources at \\excnt4
                                                                                        Continued

                                                                              www.syngress.com
   518   519   520   521   522   523   524   525   526   527   528