If you have no firewalls and NetBIOS was not blocked otherwise, I belive a hacker may use command like this one to map your drive C: I Think this is the more complete info on the subject, (there're more informations that you could search in the archives because this problems had yet a lot of discussion)
If you have no firewalls and NetBIOS was not blocked otherwise, I belive a hacker may use command like this one to map your drive C: as a local M: as a local M: net use M: \\your_computer\C$ password /USER:your_login Of cause he will need to guess your password in order to perform such a task. IMHO, on default NT installation guessing a login is not a problem. Logins may be obtained through NULL-sessions die to IPC$ share opened for everyone. Since the password was guessed, hacker would have permissions like a user the account belong to. To disable default shares, edit registry as follows: In key HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Create or edit AutoShareWks or AutoShareServer (for server) value and set it with REG_DWORD 0 To disable IPC$ share, go to key HKLM\SYSTEM\CurrentControlSet\Control\LSA And create or modify REG-DWORD value RestrictAnonymous You'd better set it to 1. This will not disable null-sessions, but prevent anonymous users from gathering sensitive information like user accounts etc. The value 2 is completely disable NULL, but it may cause problems in connections with none-Microsoft software and older MS versions (FYI see Q246261). Hope this helps. -- Best regards, Martchukov Anton aka VH mailto:[EMAIL PROTECTED] -----Message d'origine----- De : Michelle Mueller [mailto:[EMAIL PROTECTED] Envoyé : mardi 3 juin 2003 17:08 À : Jimi Thompson Cc : [EMAIL PROTECTED]; [EMAIL PROTECTED] Objet : Re: About default sharing folders in Windows You can remove administrative shares on a workstation by setting this key: HKLM\System\ CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (REG_DWORD) 0 This information comes from http://www.cisecurity.org/ If you install their security benchmarking tool, a .pdf file is included with all of the registry key settings needed to secure a workstation. I imagine you can get this .pdf is somewhere on the site but I haven't looked for it. The benchmarking tool also includes security admin templates for workstations and group policies. Use the tool. If you haven't taken any steps to secure your computers you'll be shocked at the results. Jimi Thompson wrote: >> <SNIP> >> >> I believe there might be a way in the registry to remove the >> administrative shares altogether, but whether there is or isn't you need >> to make sure you have strong passwords for the administrator account and >> you should assign a strong password to the Guest account even if you >> keep the account disabled. > > </SNIP> > > I strongly suggest renaming the local Administrator and Guest account > to something that is not easily guessed at. In addition, you should > probably create "dummy" accounts named "Administrator" and "Guest" > that have no rights/no group memberships and are disabled. Monitor > the dummy accounts closely for log in attempts. > > If you machines are going to be exposed to the Internet, you will have > to hack the registry to remove the all the default shares. Technet has > several fine articles on this. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.487 / Virus Database: 286 - Release Date: 01/06/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.487 / Virus Database: 286 - Release Date: 01/06/2003 --------------------------------------------------------------------------- ----------------------------------------------------------------------------