4.7 Enumeration Countermeasures

Enumeration Countermeasures

  • SNMP:
    • Remove the SNMP agent or turn off the SNMP service
    • If shutting off SNMP is not an option, then change the default community string name
    • Upgrade to SNMP3, which encrypts passwords and messages
    • Implement the Group Policy security option called "Additional restrictions for anonymous connections"
    • Ensure that the access to null session pipes, null session shares, and IPSec filtering is restricted.
  • DNS:
    • Disable the DNS zone transfers to the untrusted hosts
    • Make sure that the private hosts and their IP addresses are not published into DNS zone files of public DNS server
    • Use premium DNS registration services that hide sensitive information such as HINFO from public
    • Use standard network admin contacts for DNS registrations in order to avoid social engineering attacks
  • SMTP: Configure SMTP servers to:
    • Ignore email messages to unknown recipients
    • Not include sensitive mail server and local host information in mail responses
    • Disable open relay feature
  • LDAP:
    • By default, LDAP traffic is transmitted unsecured; use SSL technology to encrypt the traffic
    • Select a user name different from your email address and enable account lockout
  • SMB:
    • Disable SMB protocol on Web and DNS Servers
    • Disable SMB protocol on Internet facing servers
    • Disable ports TCP 139 and TCP 445 used by the SMB protocol
    • Restrict anonymous access through RestrictNullSessAccess parameter from the Windows Registry

results matching ""

    No results matching ""