Windows security

From Wiki
Revision as of 23:20, 4 February 2011 by Scott (talk | contribs) (Example)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Improving security

  • Turn off "simple file sharing" in Windows Explorer -> Tools -> Folder Options -> View
  • Turn off "File and Printer Sharing for Microsoft Networks" if the machine isn't used to serve files or printers. File and printer sharing uses the SMB protocol. Uses TCP ports 139 (netbios-ssn) and 445 (microsoft-ds), which are used by the SMB protocol.

Command line tools

List open ports and the processes using them: 

netstat -ao
netstat -aon

List processes: 

tasklist

Etc directory

%SYSTEMROOT%\System32\Drivers\Etc is like /etc in unix, contains

  • hosts
  • networks
  • protocol
  • services

Example

C:\Documents and Settings\barney>netstat -aon

Active Connections

Proto  Local Address          Foreign Address     State           PID
TCP    0.0.0.0:135            0.0.0.0:0           LISTENING       808
TCP    0.0.0.0:445            0.0.0.0:0           LISTENING       4
...

C:\WINDOWS\system32\drivers\etc>grep 135 services
epmap             135/tcp    loc-srv      #DCE endpoint resolution
epmap             135/udp    loc-srv      #DCE endpoint resolution
Retrieved from "https://wiki.scott5.org/index.php?title=Windows_security&oldid=538"