You can set HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous = 1.
That will stop some tools that do anonymous enumeration, but others will
still be able to get much of the same information.

If you are running Windows 2k you can set the same value = 2, to stop all
anonymous enumeration, but that may cause problems if you are running a
mixed environment or have configured trusts.
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP

You said this is a private network, so keep in mind that these steps will
not prevent authenticated users from getting this information.

-----Original Message-----
From: Derek T
To: FOCUS-MSsecurityfocus.com
Sent: 7/6/01 6:11 AM
Subject: NetBIOS

Hello,

   How does one control and Harden NetBIOS. We use it at work and have
no
choice but to keep it. However with Nessus I am able to get all kinds of

information and stats about the host and all accounts on the machine.
While
this is only on the private network, it still makes me uneasy. Any
guidance?
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]