508    Chapter 8 • Infrastructure Security: System Hardening




                 Share name  Type  Used as  Comment


                 ------------------------------------------
                 public      Disk
                 The command completed successfully.
                     As can be seen, it does not take much effort for attackers inside or
                outside a network to view vulnerabilities that are shown when NetBIOS
                functionality is present.


                 At the very least, the file- and print-sharing service should be unbound from
             the external network interface’s adapter.Another solution (or a further precaution
             to take in addition to unbinding the external adapter) is to use a different protocol
             on the internal network.
                 For example, computers could communicate over NetBEUI on a small local,
             non-routed network. If file and print sharing is bound to NetBEUI and unbound
             from Transmission Control Protocol/Internet Protocol (TCP/IP), internal users can
             still share resources, but those resources will be unavailable to “outsiders” on the
             Internet.
                 If a user does not need to share resources with anyone on the internal (local)
             network, the file- and print-sharing service should be completely disabled. On
             most networks where security is important, this service is disabled on all clients.
             This action forces all shared resources to be stored on network servers, which typi-
             cally have better security and access controls than end-user client systems.

             DHCP Servers

             DHCP servers add another layer of complexity to some layers of security, but also
             offer the opportunity to control network addressing for client machines.This allows
             for a more secure environment if the client machines are configured properly. In
             the case of the clients, this means that administrators have to establish a strong ACL
             to limit the ability of users to modify network settings, regardless of platform.
             Nearly all OSes and NOSes offer the ability to add DHCP server applications to
             their server versions.
                 As seen in each of the application server areas, administrators must also apply
             the necessary security patches, updates, service packs, and hotfixes to the DHCP
             servers they are configuring and protecting. DHCP servers with correct configura-
             tion information will deliver addressing information to the client machines.This



          www.syngress.com