Posted on

Preventive Measures to Stop Enumeration

Multiple protocols are susceptible of enumeration, we should ask our
client which ones are really needed in the network. The obvious preventive measure is to disable those insecure protocols that are not required in the network.
However, this is not always feasible, especially if there are legacy applications in the organization that depends on insecure protocols to operate and for which there is no migration scheduled in the short term.

Some defensive measures that you can suggest to your client are:

Configure filter rules on the perimeter firewall(s) to prevent that protocols susceptible to enumeration that do not perform a public function be exposed to Internet (e.g. Netbios).

Implement a migration plan to update the version of legacy operating systems and applications periodically based on cost/benefit. In companies where the number of workstations is large, you might consider a project to replace the desktops by thin clients by using virtualization. License costs are usually lower in virtual environments.

Similarly, in environments with many servers, a consolidation process could not only provide savings in energy consumption, but also on maintenance costs of hardware/software and administration.

If you have a predominantly Windows network, you can deploy Active Directory policies to prevent the establishment of invalid logon sessions and disable the login through the network for the built-in Administrator account. However, care must be taken with legacy programs that could use null sessions.

Write a comment