Sharing in Windows |
Article is yet to be rated |
|
| Author:
| Pigsbig78
|
|
| Submitted: |
28-Apr-2007 19:41:03 |
| Imported From: |
The CyberArmy University (original author: )
|
| A lot of computers come from the manufacturer with certain services enabled that most home users don't need, and are potential security risks.
|
|
The two main ones being file sharing and windows network login. The former, is fairly self explanatory. With file sharing enabled, an attacker can potentially look at your files and get NetBIOS information from your machine/network (see below).
Windows network login does NOT restrict access to your machine as suggested. It is simply a method of caching username/passwords on other windows networks, so you aren't prompted for your credentials every time you try to access remote resources (even if you select not to cache, your username/pass is STILL saved, so it's best to remove this altogether).
Be especially wary of services enabled by default if you purchased your machine from a big name store, and/or it came with a recovery cd, not a normal windows CD. So, what sort of information can an attacker find out if these services are enabled? For starters they can learn your login and workgroup name, as well as your MAC (Media Access Control) address, which in turn can tell them what brand of computer you own:
nbtstat -a 127.0.0.1
NetBIOS Remote Machine Name Table
Name Type Status
YourMachine0 00 UNIQUE Registered
YourWorkgroup1 00 GROUP Registered
MAC Address = 00-12-52-T2-L8-34
Fairly self explanatory and doesn't seem that much of a risk, but with file/print sharing enabled:
NetBIOS Remote Machine Name Table
Name Type Status
YourMachine0 00 UNIQUE Registered
YourWorkgroup1 00 GROUP Registered
YourMachine0 03 UNIQUE Registered
YourMachine0 20 UNIQUE Registered
YourWorkgroup1 1E GROUP Registered
YourUsername 03 UNIQUE Registered
YourMachine0 1F UNIQUE Registered
MAC Address = 00-12-52-T2-L8-34
They now have your username, and can connect to any shared files or printers you possess.
So, how to disable these services ? Quite simple. Click Start - Settings - Control Panel - Network, all things being well, a box will popup.
Select the line that says "File and printer sharing for Microsoft Networks" and click remove, repeat the process for "Client for Microsoft Networks". It's also an idea to remove any lines with the term netBEUI and any other lines you may find with the term 'sharing' in, unless you're absolutely certain you know what they do.
Pigsbig78
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|
You must be logged in to vote on an article
|
About Us | Privacy Policy | Mission Statement | Help
|