Steven
Fri Nov 04 23:22:46 CST 2005
Vulnerable for what SMB issue? By default Windows 2003 requires SMB signing
if that is what you are referring to. Some will disable the require security
option leaving the when possible security option enabled if they have issues
with downlevel clients or other operating systems. Even with the with the
when possible option only is used SMB signing will occur between Windows
2000/2003/XP Pro computers. Service pack 1 did also beef up security quite a
bit for RPC as explained in the first link below. There also was a security
bulletin MS05-027 about a SMB vulnerability and it also did apply to SP1 as
per the second link below. You can use the Microsoft Baseline Security
Analyzer to check your computer for missing security updates and other basic
vulnerabilities.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/overview.mspx
http://www.microsoft.com/technet/security/Bulletin/MS05-027.mspx
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
[free]
Stronger defaults and privilege reduction on services-Services such as RPC
and DCOM are integral to Windows Server 2003, but they are also an alluring
target for hackers. By requiring greater authentication for RPC and DCOM
calls, Service Pack 1 establishes a minimum threshold of security for all
applications that use these services, even if they possess little or no
security themselves.
"Eddie" <Eddie@discussions.microsoft.com> wrote in message
news:DFE5AD31-9489-4F83-AC4D-7D126B087514@microsoft.com...
> That was the answer i needed. I also got dinged on the SMB vulnerability
> but
> it was on a file server and a printer that both are windows 2003 sp1. From
> what i read that is a non issue correct. Windows 2003 by default is not
> vulnerable. Correct?
>
> "Steven L Umbach" wrote:
>
>> It is used by file and print sharing. I would dump any security
>> consultant
>> that told you to disable it without explaining why and on what computers
>> with consequences of doing such. Maybe he just scanned your network with
>> Languard and charged you a bunch of money to do it. If you did that on a
>> file server or domain controller you would have huge problems. He should
>> have said to disable file and print sharing on computers that do not need
>> it. Note that if you use Computer Management to manage your computers,
>> scan
>> your network with MBSA or something similar, or do RSOP on your domain
>> computers you need to have file and print sharing. You can configure the
>> Windows Firewall to accept file and print sharing only from specific IP
>> address and configure the user right for access this computer from the
>> network to restrict what users can access any share on a computer. ---
>> Steve
>>
>>
>> "Eddie" <Eddie@discussions.microsoft.com> wrote in message
>> news:84C8B4B2-4094-490C-9F10-D03242F39361@microsoft.com...
>> > what is the opc$ used for. I was told by a security consultant to
>> > disable
>> > it.
>> > How do i do that and is this recommended.
>>
>>
>>