From: Chris Buechler (secfocus@chrisbuechler.com)
Date: Tue Oct 25 2005 - 19:43:54 EDT
Goran Sevic wrote:
>Hi,
>
>While performing audit of an organisation, we found all the default
>shares including (C$ & D$) been enabled on the user's workstations. When
>asked the tech team, mentioned that these shares are needed for the
>functioning of Microsoft SMS servers.
>
>Is anyone aware of the requirement of these shares on the workstations?
>My feeling is that the ADMIN$ share on the workstations is enough for
>the operation of SMS functions.
>
>
>
The ADMIN$ share seems to be the only one required for SMS
functionality. But those are only accessible to administrators on the
local machine. Unless you firewall the machine off from everything,
and/or disable a bunch of services that are pretty much required in most
circumstances, there are plenty of ways for someone that already has
administrator-level access to re-enable those shares or create new ones
or work around that in other ways. Especially when you have to leave
the ADMIN$ share enabled.
Given the administrative benefit of having those shares, and the lack of
any tangible security benefit in disabling them, I wouldn't suggest
turning them off in most circumstances. You need to worry about keeping
the wrong people from getting administrator-level access, not what they
can do once they have it.
regards,
-chris
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:06 EDT