Monday, August 15, 2005

Null Sessions:
"Restrict or prevent anonymous access and account enumeration on your systems:

HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
Value Name: RestrictAnonymous
Data Type: REG_DWORD
Value: 1

For NT and mixed environments, choose '1' for the data field. Or choose the 'Do not allow enumeration of SAM accounts and shares' directive. For pure Windows 2000 environments or for the paranoid, choose the data value of '2' or 'No access without explicit anonymous permission.' This will prevent NULL session attacks which are a common and frequent threat. For more information on NULL sessions and their vulnerabilities, please see the SANS document at http://rr.sans.org/win/null.php and Microsoft Knowledgebase articles Q143474 and Q246261."