How do I prevent the use of tools like Hyena from gaining ..

Archived from groups: microsoft.public.win2000.security (More info?)

OK. Our IT Auditors just visted us and with a wealth of information
concerning our AD Domain Accounts, Member Server, info, etc. Fortunately, I
am friendly with one the Auditors and was able find out they obtained this
information. They obtained the information using a tool called "Hyena".
They were able to gather a lot of information with tool, with no elevated
user rights, just domain user accounts? My question is "How do I prevent
ordinary users from using such tools to gain information from our network?"
I find this to be serious security risk, in that anyone with access to our
network can get such information.
4 answers Last reply
More about prevent tools hyena gaining
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    The issue really is not one of preventing use of such tools, but
    of determining which categories of information really do form
    a risk by being available and then taking steps so that the system
    does not make such info available to a plain user.

    Going about it your way does nothing relative to the next tool,
    or relative to someone that can script in Windows.

    It is easy to react to seeing something like a list of all accounts
    and thing this should not be. But what is the risk that it actually
    poses? And, if one did, or could, block this what would be the
    impact? Notice that one low power account could not easily
    manage permissions on things like folders they share, or the
    memberships in groups they have been delegated, etc. if they
    are not able to list the accounts / query and pick the accounts.

    Most information that a limit user has no business accessing
    is or can be restricted from them.

    --
    Roger Abell
    Microsoft MVP (Windows Security)

    "ArizonaRay" <ArizonaRay@discussions.microsoft.com> wrote in message
    news:87A568C5-E256-474C-92CC-C272BB732E27@microsoft.com...
    > OK. Our IT Auditors just visted us and with a wealth of information
    > concerning our AD Domain Accounts, Member Server, info, etc. Fortunately,
    I
    > am friendly with one the Auditors and was able find out they obtained this
    > information. They obtained the information using a tool called "Hyena".
    > They were able to gather a lot of information with tool, with no elevated
    > user rights, just domain user accounts? My question is "How do I prevent
    > ordinary users from using such tools to gain information from our
    network?"
    > I find this to be serious security risk, in that anyone with access to our
    > network can get such information.
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    The other responders to this post were right-on in their excellent
    replies.

    As the developer of 'Hyena', I had a few other observations:

    - Hyena only uses the built-in standard Windows functions to get
    information. Chances are that the auditor could also have obtained
    this information using Microsoft's tools, or any other 3rd party
    administration tool.

    - Everyone, especially the IT auditors, need to understand that
    security does not involve limiting access to an application or utility,
    but rather an understanding of what information a default user can
    obtain and if it can be limited, the problems that limiting this
    information can pose.

    One post correctly pointed out that a list of user and group accounts
    is needed to set security on a file/directory, which a normal end-user
    may be able to do. A list of network shares is another thing that
    normally any user can obtain.

    A good way to determine any possible security holes and to be able to
    see what rights and limitations a normal 'domain user' has is to run
    'Hyena' under such an account.

    Kevin Stanush
    SystemTools Software Inc.
    http://www.systemtools.com
    Home of 'Hyena' for Windows Administration
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    My personnel observation when Microsoft remote registry service and Netbios
    are running a user with even just guest rights can scan the network to get a
    lot of information such as the shares,user id's, password policy,services
    running etc....


    "ArizonaRay" <ArizonaRay@discussions.microsoft.com> wrote in message
    news:87A568C5-E256-474C-92CC-C272BB732E27@microsoft.com...
    > OK. Our IT Auditors just visted us and with a wealth of information
    > concerning our AD Domain Accounts, Member Server, info, etc. Fortunately,
    > I
    > am friendly with one the Auditors and was able find out they obtained this
    > information. They obtained the information using a tool called "Hyena".
    > They were able to gather a lot of information with tool, with no elevated
    > user rights, just domain user accounts? My question is "How do I prevent
    > ordinary users from using such tools to gain information from our
    > network?"
    > I find this to be serious security risk, in that anyone with access to our
    > network can get such information.
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    If you do not enable Guest account in your environment,
    and use the policy settings to prevent anonymous logins
    from enumerating account, groups, and shares, then you
    will not have this problem.

    --
    Roger Abell
    Microsoft MVP (Windows Security)

    "Srikrishna Komatineni" <srikrishnak@hotmail.com> wrote in message
    news:uNlFdpMdFHA.584@TK2MSFTNGP15.phx.gbl...
    > My personnel observation when Microsoft remote registry service and
    Netbios
    > are running a user with even just guest rights can scan the network to get
    a
    > lot of information such as the shares,user id's, password policy,services
    > running etc....
    >
    >
    > "ArizonaRay" <ArizonaRay@discussions.microsoft.com> wrote in message
    > news:87A568C5-E256-474C-92CC-C272BB732E27@microsoft.com...
    > > OK. Our IT Auditors just visted us and with a wealth of information
    > > concerning our AD Domain Accounts, Member Server, info, etc.
    Fortunately,
    > > I
    > > am friendly with one the Auditors and was able find out they obtained
    this
    > > information. They obtained the information using a tool called "Hyena".
    > > They were able to gather a lot of information with tool, with no
    elevated
    > > user rights, just domain user accounts? My question is "How do I
    prevent
    > > ordinary users from using such tools to gain information from our
    > > network?"
    > > I find this to be serious security risk, in that anyone with access to
    our
    > > network can get such information.
    > >
    >
    >
Ask a new question

Read More

Security Domain Windows