Sign in with
Sign up | Sign in
Your question

Threat - Operating System Detected

Tags:
Last response: in Windows 2000/NT
Share
September 6, 2005 9:13:48 PM

Archived from groups: microsoft.public.win2000.security (More info?)

What could be the solution to clear this violation shown below?

THREAT:
Several different techniques can be used to identify the operating system
(OS) running on a host. A short description of these techniques is provided
below. The specific technique used to identify the OS on this host is
included in the RESULTS section of your report.
1) TCP/IP Fingerprint: The operating system of a host can be identified from
a remote system using TCP/IP fingerprinting. All underlying operating
system TCP/IP stacks have subtle differences that can be seen in their
responses to specially-crafted TCP packets. According to the results of this
"fingerprinting" technique, the OS version is among those listed below.
Note that if one or more of these subtle differences are modified by a
firewall or a packet filtering device between the scanner and the host, the
fingerprinting technique may fail. Consequently, the version of the OS may
not be detected correctly. If the host is behind a proxy-type firewall, the
version of the operating system detected may be that for the firewall
instead of for the host being scanned.
2) NetBIOS: Short for Network Basic Input Output System, an application
programming interface (API) that augments the DOS BIOS by adding
special functions for local-area networks (LANs). Almost all LANs for PCs
are based on the NetBIOS. Some LAN manufacturers have even extended
it, adding additional network capabilities. NetBIOS relies on a message
format called Server Message Block (SMB).
3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side,
HTML-embedded scripting language used to create dynamic Web
pages. Under some configurations it is possible to call PHP functions like
phpinfo() and obtain operating system information.
4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts,
routers, and the networks to which they attach. The SNMP service
maintains Management Information Base (MIB), a set of variables (database)
that can be fetched by Managers. These include
"MIB_II.system.sysDescr" for the operating system.
Anonymous
September 7, 2005 4:11:09 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Number one use a properly configured firewall to protect your network from
untrusted networks and harden your operating systems to disable unneeded
services such as SNMP if you are not using it or at least disable it on
computers where it is not needed. Enable other best security practices such
as enforcing complex passwords for the domain, physically securing high
value computers including domain controllers, enable auditing for at least
domain controllers and sensitive servers/computers, strongly consider
requiring smart cards for sensitive accounts such as domain administrators,
and having a strategy to keep current with critical security updates. Sure
you can also have an attacker on the inside of your network but reviewing of
security logs should help you quickly identify such an attacker and best
practices for security can extremely limit what such an attacker can do.
Weak passwords, non physically secured computers, and untrained/inept users
administrators are by far your biggest risk.

Ipsec can also be used in the domain to protect domain assets. Ipsec can
require computer authentication before communications are allowed between
two computers and then insure integrity and confidentiality of the data.
Ipsec policies must be tested thoroughly before implementing in a live
domain. The free downloadable Windows 2000 Security Hardening Guide and the
Threats and Countermeasures Guide [geared toward 2003/XP but still good
info] can help you to secure your domain. The links below may help. ---
Steve

http://www.microsoft.com/downloads/details.aspx?FamilyI...
http://www.microsoft.com/technet/security/topics/server...
http://www.microsoft.com/technet/security/default.mspx --- TechNet
Security main page
http://www.microsoft.com/technet/security/topics/archit...
--- domain isolation using ipsec
http://www.bookpool.com/sm/0735620334 --- Assessing Network Security

"Neil" <Neil@discussions.microsoft.com> wrote in message
news:6AAB2EDD-0415-4771-947C-E1A70DCE86DE@microsoft.com...
> What could be the solution to clear this violation shown below?
>
> THREAT:
> Several different techniques can be used to identify the operating system
> (OS) running on a host. A short description of these techniques is
> provided
> below. The specific technique used to identify the OS on this host is
> included in the RESULTS section of your report.
> 1) TCP/IP Fingerprint: The operating system of a host can be identified
> from
> a remote system using TCP/IP fingerprinting. All underlying operating
> system TCP/IP stacks have subtle differences that can be seen in their
> responses to specially-crafted TCP packets. According to the results of
> this
> "fingerprinting" technique, the OS version is among those listed below.
> Note that if one or more of these subtle differences are modified by a
> firewall or a packet filtering device between the scanner and the host,
> the
> fingerprinting technique may fail. Consequently, the version of the OS may
> not be detected correctly. If the host is behind a proxy-type firewall,
> the
> version of the operating system detected may be that for the firewall
> instead of for the host being scanned.
> 2) NetBIOS: Short for Network Basic Input Output System, an application
> programming interface (API) that augments the DOS BIOS by adding
> special functions for local-area networks (LANs). Almost all LANs for PCs
> are based on the NetBIOS. Some LAN manufacturers have even extended
> it, adding additional network capabilities. NetBIOS relies on a message
> format called Server Message Block (SMB).
> 3) PHP Info: PHP is a hypertext pre-processor, an open-source,
> server-side,
> HTML-embedded scripting language used to create dynamic Web
> pages. Under some configurations it is possible to call PHP functions like
> phpinfo() and obtain operating system information.
> 4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts,
> routers, and the networks to which they attach. The SNMP service
> maintains Management Information Base (MIB), a set of variables (database)
> that can be fetched by Managers. These include
> "MIB_II.system.sysDescr" for the operating system.
Anonymous
September 7, 2005 12:35:58 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Neil
If you are going to use such as Nessus out-of-the-box, then you should
be doing some reading about what all gets detected and assess each
relative to your environment and the roles of the machine triggering the
message. Some are things to be concerned about anywhere. Some
are just facts of life if that is what a machine is supposed to be doing.
--
ra
"Neil" <Neil@discussions.microsoft.com> wrote in message
news:6AAB2EDD-0415-4771-947C-E1A70DCE86DE@microsoft.com...
> What could be the solution to clear this violation shown below?
>
> THREAT:
> Several different techniques can be used to identify the operating system
> (OS) running on a host. A short description of these techniques is
> provided
> below. The specific technique used to identify the OS on this host is
> included in the RESULTS section of your report.
> 1) TCP/IP Fingerprint: The operating system of a host can be identified
> from
> a remote system using TCP/IP fingerprinting. All underlying operating
> system TCP/IP stacks have subtle differences that can be seen in their
> responses to specially-crafted TCP packets. According to the results of
> this
> "fingerprinting" technique, the OS version is among those listed below.
> Note that if one or more of these subtle differences are modified by a
> firewall or a packet filtering device between the scanner and the host,
> the
> fingerprinting technique may fail. Consequently, the version of the OS may
> not be detected correctly. If the host is behind a proxy-type firewall,
> the
> version of the operating system detected may be that for the firewall
> instead of for the host being scanned.
> 2) NetBIOS: Short for Network Basic Input Output System, an application
> programming interface (API) that augments the DOS BIOS by adding
> special functions for local-area networks (LANs). Almost all LANs for PCs
> are based on the NetBIOS. Some LAN manufacturers have even extended
> it, adding additional network capabilities. NetBIOS relies on a message
> format called Server Message Block (SMB).
> 3) PHP Info: PHP is a hypertext pre-processor, an open-source,
> server-side,
> HTML-embedded scripting language used to create dynamic Web
> pages. Under some configurations it is possible to call PHP functions like
> phpinfo() and obtain operating system information.
> 4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts,
> routers, and the networks to which they attach. The SNMP service
> maintains Management Information Base (MIB), a set of variables (database)
> that can be fetched by Managers. These include
> "MIB_II.system.sysDescr" for the operating system.
!