Forum

Windows 2003 R2 Ser...
 
Bildirimler
Hepsini Temizle

Windows 2003 R2 Server ve Domain Güvenliği

8 Yazılar
2 Üyeler
0 Reactions
2,018 Görüntüleme
(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

Merhaba arkadaşlar,

Yaptırdığımız guvenlik testi sonucu aşağıdaki açıklar ile karşılaştık bunları nasıl kapatabilirim ve kapatmamda bir sakınca varmıdır?

tek Dc'li bir yapımız var. Aşağıdaki açıkları nasıl kapatabilirim ve domain ortamında alabileceğim başka önlemler nelerdir tavsiyede bulunursanız sevinirim.

teşekkürler

SMB Domain SID ile kullanıcı bilgileri çekilebiliyor.

1 -Microsoft Windows SMB NULL oturumu (Yetkisiz Erişim) sağlanabiliyor. Null Session Kapatılmalı deniyor.

2 - Microsoft Windows SMB LanMan Pipe Sunucu Listeleme Network Browse bilgisi alınabiliyor

3 -LDAP Server Null Bind Bilgi Sızdırması

4 -VmWare server üzerinde SLP Sunucu Tespiti network bazında kısıtlanmalı deniyor.

 

 
Gönderildi : 01/06/2011 16:43

(@ufuktatlidil)
Gönderiler: 5718
Illustrious Member
 

n-map veya port scanner "buradan" download edebilirsiniz. Açık portları kontrol edip , kullanılırlığını tespit edin. Gereksiz ise kapatın.

Sunucu ve Client tarafında windows ve AV virus Update'lerini düzenli yapın. Sisteminizde bulunan firewall vs. açık olan portları kontrol edin. gereksizleri kapatın.

 
Gönderildi : 01/06/2011 20:10

(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

merhaba Ufuk Bey,

aşağıdaki servisleri port bazındamı kapatmam gerekiyor yani? bir kaç register ayarı var bunları kapatmak için ama daha sonradan networkte herhangibir sorun yaşarmıyım bunları kapattım diye

 

1 -Microsoft Windows SMB NULL oturumu (Yetkisiz Erişim) sağlanabiliyor. Null Session Kapatılmalı deniyor.

2 - Microsoft Windows SMB LanMan Pipe Sunucu Listeleme Network Browse bilgisi alınabiliyor

3 -LDAP Server Null Bind Bilgi Sızdırması

 

 
Gönderildi : 02/06/2011 13:17

(@ufuktatlidil)
Gönderiler: 5718
Illustrious Member
 

Bu durumu sizin tespit etmeniz gerekiyor. İlgili portları kullanan servis vs. varmı.

Siz Pen. test yaptırmışsınız bu tarz açıkları size belirttiler ancak kullanılırlığını bilmeden ilgili firma tarafundan bu sonuç paylaşılır. 

 
Gönderildi : 02/06/2011 13:35

(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

sizin önerdiğiniz programla tarama yaptığımda

dc üzerinde 53,80,139,88,445,135,1025,8080 portları açık durumda gözüküyor bunların hangileri gereksiz servisler yani hangilerini kapamamam gerekiyorki kullanıcılar dc'ye logon olabilsin

 
Gönderildi : 02/06/2011 16:44

(@ufuktatlidil)
Gönderiler: 5718
Illustrious Member
 

88 kerberos, diğerlerini biliyorsunuzdur. 1025 svchost'un portu. Aşağıda sizlere portlar ve ne anlamlara geldiklerini paylaştım.

Null Session için BURAYI inceleyiniz.

echo                7/tcp
echo                7/udp
discard             9/tcp    sink null
discard             9/udp    sink null
systat             11/tcp    users                  #Active users
systat             11/udp    users                  #Active users
daytime            13/tcp
daytime            13/udp
qotd               17/tcp    quote                  #Quote of the day
qotd               17/udp    quote                  #Quote of the day
chargen            19/tcp    ttytst source          #Character generator
chargen            19/udp    ttytst source          #Character generator
ftp-data           20/tcp                           #FTP, data
ftp                21/tcp                           #FTP. control
ssh                22/tcp                           #SSH Remote Login Protocol
telnet             23/tcp
smtp               25/tcp    mail                   #Simple Mail Transfer Protocol
time               37/tcp    timserver
time               37/udp    timserver
rlp                39/udp    resource               #Resource Location Protocol
nameserver         42/tcp    name                   #Host Name Server
nameserver         42/udp    name                   #Host Name Server
nicname            43/tcp    whois
domain             53/tcp                           #Domain Name Server
domain             53/udp                           #Domain Name Server
bootps             67/udp    dhcps                  #Bootstrap Protocol Server
bootpc             68/udp    dhcpc                  #Bootstrap Protocol Client
tftp               69/udp                           #Trivial File Transfer
gopher             70/tcp
finger             79/tcp
http               80/tcp    www www-http           #World Wide Web
hosts2-ns          81/tcp                           #HOSTS2 Name Server
hosts2-ns          81/udp                           #HOSTS2 Name Server
kerberos           88/tcp    krb5 kerberos-sec      #Kerberos
kerberos           88/udp    krb5 kerberos-sec      #Kerberos
hostname          101/tcp    hostnames              #NIC Host Name Server
iso-tsap          102/tcp                           #ISO-TSAP Class 0
rtelnet           107/tcp                           #Remote Telnet Service
pop2              109/tcp    postoffice             #Post Office Protocol - Version 2
pop3              110/tcp                           #Post Office Protocol - Version 3
sunrpc            111/tcp    rpcbind portmap        #SUN Remote Procedure Call
sunrpc            111/udp    rpcbind portmap        #SUN Remote Procedure Call
auth              113/tcp    ident tap              #Identification Protocol
uucp-path         117/tcp
sqlserv           118/tcp                           #SQL Services
nntp              119/tcp    usenet                 #Network News Transfer Protocol
ntp               123/udp                           #Network Time Protocol
epmap             135/tcp    loc-srv                #DCE endpoint resolution
epmap             135/udp    loc-srv                #DCE endpoint resolution
netbios-ns        137/tcp    nbname                 #NETBIOS Name Service
netbios-ns        137/udp    nbname                 #NETBIOS Name Service
netbios-dgm       138/udp    nbdatagram             #NETBIOS Datagram Service
netbios-ssn       139/tcp    nbsession              #NETBIOS Session Service
imap              143/tcp    imap4                  #Internet Message Access Protocol
sql-net           150/tcp
sqlsrv            156/tcp
pcmail-srv        158/tcp                           #PCMail Server
snmp              161/udp                           #SNMP
snmptrap          162/udp    snmp-trap              #SNMP trap
print-srv         170/tcp                           #Network PostScript
bgp               179/tcp                           #Border Gateway Protocol
irc               194/tcp                           #Internet Relay Chat Protocol       
ipx               213/udp                           #IPX over IP
rtsps             322/tcp
rtsps             322/udp
mftp              349/tcp
mftp              349/udp
ldap              389/tcp                           #Lightweight Directory Access Protocol
https             443/tcp    MCom                   #HTTP over TLS/SSL
https             443/udp    MCom                   #HTTP over TLS/SSL
microsoft-ds      445/tcp
microsoft-ds      445/udp
kpasswd           464/tcp                           # Kerberos (v5)
kpasswd           464/udp                           # Kerberos (v5)
isakmp            500/udp    ike                    #Internet Key Exchange
crs               507/tcp                           #Content Replication System
crs               507/udp                           #Content Replication System
exec              512/tcp                           #Remote Process Execution
biff              512/udp    comsat
login             513/tcp                           #Remote Login
who               513/udp    whod
cmd               514/tcp    shell
syslog            514/udp
printer           515/tcp    spooler
talk              517/udp
ntalk             518/udp
efs               520/tcp                           #Extended File Name Server
router            520/udp    route routed
ulp               522/tcp   
ulp               522/udp   
timed             525/udp    timeserver
tempo             526/tcp    newdate
irc-serv          529/tcp
irc-serv          529/udp
courier           530/tcp    rpc
conference        531/tcp    chat
netnews           532/tcp    readnews
netwall           533/udp                           #For emergency broadcasts
uucp              540/tcp    uucpd
klogin            543/tcp                           #Kerberos login
kshell            544/tcp    krcmd                  #Kerberos remote shell
dhcpv6-client     546/tcp                           #DHCPv6 Client
dhcpv6-client     546/udp                           #DHCPv6 Client
dhcpv6-server     547/tcp                           #DHCPv6 Server
dhcpv6-server     547/udp                           #DHCPv6 Server
afpovertcp        548/tcp                           #AFP over TCP
afpovertcp        548/udp                           #AFP over TCP
new-rwho          550/udp    new-who
rtsp              554/tcp                           #Real Time Stream Control Protocol
rtsp              554/udp                           #Real Time Stream Control Protocol
remotefs          556/tcp    rfs rfs_server
rmonitor          560/udp    rmonitord
monitor           561/udp
nntps             563/tcp    snntp                  #NNTP over TLS/SSL
nntps             563/udp    snntp                  #NNTP over TLS/SSL
whoami            565/tcp
whoami            565/udp
ms-shuttle        568/tcp                           #Microsoft shuttle
ms-shuttle        568/udp                           #Microsoft shuttle
ms-rome           569/tcp                           #Microsoft rome
ms-rome           569/udp                           #Microsoft rome
http-rpc-epmap    593/tcp                           #HTTP RPC Ep Map
http-rpc-epmap    593/udp                           #HTTP RPC Ep Map
hmmp-ind          612/tcp                           #HMMP Indication
hmmp-ind          612/udp                           #HMMP Indication
hmmp-op           613/tcp                           #HMMP Operation
hmmp-op           613/udp                           #HMMP Operation
ldaps             636/tcp    sldap                  #LDAP over TLS/SSL
doom              666/tcp                           #Doom Id Software
doom              666/udp                           #Doom Id Software
msexch-routing    691/tcp                           #MS Exchange Routing
msexch-routing    691/udp                           #MS Exchange Routing
kerberos-adm      749/tcp                           #Kerberos administration
kerberos-adm      749/udp                           #Kerberos administration
kerberos-iv       750/udp                           #Kerberos version IV
mdbs_daemon       800/tcp
mdbs_daemon       800/udp
ftps-data         989/tcp                           #FTP data, over TLS/SSL
ftps              990/tcp                           #FTP control, over TLS/SSL
telnets           992/tcp                           #Telnet protocol over TLS/SSL
imaps             993/tcp                           #IMAP4 protocol over TLS/SSL
ircs              994/tcp                           #IRC protocol over TLS/SSL
pop3s             995/tcp    spop3                  #pop3 protocol over TLS/SSL (was spop3)
pop3s             995/udp    spop3                  #pop3 protocol over TLS/SSL (was spop3)
kpop             1109/tcp                           #Kerberos POP
nfsd-status      1110/tcp                           #Cluster status info
nfsd-keepalive   1110/udp                           #Client status info
nfa              1155/tcp                           #Network File Access
nfa              1155/udp                           #Network File Access
activesync       1034/tcp                           #ActiveSync Notifications
phone            1167/udp                           #Conference calling
opsmgr           1270/tcp                           #Microsoft Operations Manager
opsmgr           1270/udp                           #Microsoft Operations Manager
ms-sql-s         1433/tcp                           #Microsoft-SQL-Server
ms-sql-s         1433/udp                           #Microsoft-SQL-Server
ms-sql-m         1434/tcp                           #Microsoft-SQL-Monitor
ms-sql-m         1434/udp                           #Microsoft-SQL-Monitor               
ms-sna-server    1477/tcp
ms-sna-server    1477/udp
ms-sna-base      1478/tcp
ms-sna-base      1478/udp
wins             1512/tcp                           #Microsoft Windows Internet Name Service
wins             1512/udp                           #Microsoft Windows Internet Name Service
ingreslock       1524/tcp    ingres
stt              1607/tcp
stt              1607/udp
l2tp             1701/udp                           #Layer Two Tunneling Protocol
pptconference    1711/tcp
pptconference    1711/udp
pptp             1723/tcp                           #Point-to-point tunnelling protocol
msiccp           1731/tcp
msiccp           1731/udp
remote-winsock   1745/tcp
remote-winsock   1745/udp
ms-streaming     1755/tcp
ms-streaming     1755/udp
msmq             1801/tcp                           #Microsoft Message Queue
msmq             1801/udp                           #Microsoft Message Queue
radius           1812/udp                           #RADIUS authentication protocol
radacct          1813/udp                           #RADIUS accounting protocol
msnp             1863/tcp
msnp             1863/udp
ssdp             1900/tcp
ssdp             1900/udp
close-combat     1944/tcp
close-combat     1944/udp
nfsd             2049/udp    nfs                    #NFS server
knetd            2053/tcp                           #Kerberos de-multiplexor
mzap             2106/tcp                           #Multicast-Scope Zone Announcement Protocol
mzap             2106/udp                           #Multicast-Scope Zone Announcement Protocol
qwave            2177/tcp                           #QWAVE
qwave            2177/udp                           #QWAVE Experiment Port
directplay       2234/tcp                           #DirectPlay
directplay       2234/udp                           #DirectPlay
ms-olap3         2382/tcp                           #Microsoft OLAP 3
ms-olap3         2382/udp                           #Microsoft OLAP 3
ms-olap4         2383/tcp                           #Microsoft OLAP 4
ms-olap4         2383/udp                           #Microsoft OLAP 4
ms-olap1         2393/tcp                           #Microsoft OLAP 1
ms-olap1         2393/udp                           #Microsoft OLAP 1
ms-olap2         2394/tcp                           #Microsoft OLAP 2
ms-olap2         2394/udp                           #Microsoft OLAP 2
ms-theater       2460/tcp
ms-theater       2460/udp
wlbs             2504/tcp                           #Microsoft Windows Load Balancing Server
wlbs             2504/udp                           #Microsoft Windows Load Balancing Server
ms-v-worlds      2525/tcp                           #Microsoft V-Worlds
ms-v-worlds      2525/udp                           #Microsoft V-Worlds
sms-rcinfo       2701/tcp                           #SMS RCINFO
sms-rcinfo       2701/udp                           #SMS RCINFO
sms-xfer         2702/tcp                           #SMS XFER
sms-xfer         2702/udp                           #SMS XFER
sms-chat         2703/tcp                           #SMS CHAT
sms-chat         2703/udp                           #SMS CHAT
sms-remctrl      2704/tcp                           #SMS REMCTRL
sms-remctrl      2704/udp                           #SMS REMCTRL
msolap-ptp2      2725/tcp                           #MSOLAP PTP2
msolap-ptp2      2725/udp                           #MSOLAP PTP2
icslap           2869/tcp
icslap           2869/udp
cifs             3020/tcp
cifs             3020/udp
xbox             3074/tcp                           #Microsoft Xbox game port
xbox             3074/udp                           #Microsoft Xbox game port
ms-dotnetster    3126/tcp                           #Microsoft .NET ster port
ms-dotnetster    3126/udp                           #Microsoft .NET ster port
ms-rule-engine   3132/tcp                           #Microsoft Business Rule Engine Update Service
ms-rule-engine   3132/udp                           #Microsoft Business Rule Engine Update Service
msft-gc          3268/tcp                           #Microsoft Global Catalog
msft-gc          3268/udp                           #Microsoft Global Catalog
msft-gc-ssl      3269/tcp                           #Microsoft Global Catalog with LDAP/SSL
msft-gc-ssl      3269/udp                           #Microsoft Global Catalog with LDAP/SSL
ms-cluster-net   3343/tcp                           #Microsoft Cluster Net
ms-cluster-net   3343/udp                           #Microsoft Cluster Net
ms-wbt-server    3389/tcp                           #MS WBT Server
ms-wbt-server    3389/udp                           #MS WBT Server
ms-la            3535/tcp                           #Microsoft Class Server
ms-la            3535/udp                           #Microsoft Class Server
pnrp-port        3540/tcp                           #PNRP User Port
pnrp-port        3540/udp                           #PNRP User Port
teredo           3544/tcp                           #Teredo Port
teredo           3544/udp                           #Teredo Port
p2pgroup         3587/tcp                           #Peer to Peer Grouping
p2pgroup         3587/udp                           #Peer to Peer Grouping
ws-discovery     3702/udp                           #WS-Discovery
ws-discovery     3702/tcp                           #WS-Discovery
dvcprov-port     3776/tcp                           #Device Provisioning Port
dvcprov-port     3776/udp                           #Device Provisioning Port
msfw-control     3847/tcp                           #Microsoft Firewall Control
msdts1           3882/tcp                           #DTS Service Port
sdp-portmapper   3935/tcp                           #SDP Port Mapper Protocol
sdp-portmapper   3935/udp                           #SDP Port Mapper Protocol
net-device       4350/tcp                           #Net Device
net-device       4350/udp                           #Net Device
ipsec-msft       4500/tcp                           #Microsoft IPsec NAT-T
ipsec-msft       4500/udp                           #Microsoft IPsec NAT-T
llmnr            5355/tcp                           #LLMNR
llmnr            5355/udp                           #LLMNR
wsd              5357/tcp                           #Web Services on devices
wsd              5358/tcp                           #Web Services on devices
rrac             5678/tcp                           #Remote Replication Agent Connection
rrac             5678/udp                           #Remote Replication Agent Connection
dccm             5679/tcp                           #Direct Cable Connect Manager
dccm             5679/udp                           #Direct Cable Connect Manager
ms-licensing     5720/tcp                           #Microsoft Licensing
ms-licensing     5720/udp                           #Microsoft Licensing
directplay8      6073/tcp                           #DirectPlay8
directplay8      6073/udp                           #DirectPlay8
man              9535/tcp                           #Remote Man Server
rasadv           9753/tcp
rasadv           9753/udp
imip-channels   11320/tcp                           #IMIP Channels Port
imip-channels   11320/udp                           #IMIP Channels Port
directplaysrvr  47624/tcp                           #Direct Play Server
directplaysrvr  47624/udp                           #Direct Play Server

 
Gönderildi : 02/06/2011 17:05

(@Anonim)
Gönderiler: 0
Konu başlatıcı
 

teşekkurler Ufuk Bey

 
Gönderildi : 02/06/2011 17:07

(@ufuktatlidil)
Gönderiler: 5718
Illustrious Member
 

Rica ederim.

 
Gönderildi : 02/06/2011 17:21

Paylaş: