Enumeration Countermeasures

00:00

Hey, everyone, welcome back to the course. So in this video, we're gonna go over some in numerous in counter measures for some of the services that we've talked about before. So we'll go over countermeasures for S and M P. We'll talk about DNS countermeasures s m T B in numerous countermeasures. L dap enumeration countermeasures as well as SMB.

00:20

So what are the counter? Some of the countermeasures we conduce for S N M P

00:25

in new Marais Shin. Well, number one, we could remove the S and M P agent or we could even just turn off the service if possible. Um, if that's not an option, if we can't turn off S and M P, then we could change the default community string name.

00:40

We can also upgrade ourselves to S and MP three, which actually encrypts passwords as well as messages. We could implement things like groups policy security options, for example, something like additional restrictions for anonymous anonymous connections. So we could block those Attackers from getting access.

00:58

And we could assure that things

01:00

that that that access to things like North session pipes, north sessions shares or like I p *** filtering are actually restricted.

01:08

What are some DNS countermeasures that we can do what we could disabled DNs zone transfers that that are to untrusted hosts.

01:17

We could also make sure that we are not publishing the DNS own files to the public DNS server.

01:23

We could use ah, premium DNS registration service. That's gonna help us by hiding sensitive information like Rh info file from public view for SMTP, we could ignore emails from that are set to go to unknown recipients.

01:40

We could also make sure we're not including any sensitive information about the server or the ho, the local host. In our mail responses, we could also disable the open relay feature

01:49

or l DAP Countermeasures include encrypting traffic. So just using something like SSL or TLS to encrypt that network traffic and things as simple as selecting a different user name from our email address, picking that unique user name or just enabling account lockout. So as the attacker tries multiple times, the count gets locked out

02:08

and they're not able to gain access.

02:10

Our countermeasures for SMB include disabling that SMB poor protocol on the Web servers as well as the DNS servers and disabling it on basically any Internet facing servers. We could also disabled ports TCP 389 and 4 45 that are used by SMB.

02:28

And we could restrict access eso anonymous access by adding the restrict session access parameter to the windows registry. So it's basically restrict. Noel says access on. Do you add that to your registry file?

02:43

So just a quick question question here for you. Which of the following is a way to counter enumeration

02:47

is a disabling the SNB protocol. Is it gonna be disabling? Port 139 is it s and MP three. So using s and MP three or is it all of the above?

02:59

All right. You probably guessed this one's pretty easy. It's all the above right. We talked about these air all different ways that we could help protect against enumeration of various services.