Some Simple Security Tests to get Small Businesses started<\/p>\n\n\n\n
Thycotic Weak Password finder; tests for LanMan, Weak hashes etc. and shows which of those accounts have Administrator privilege.
https:\/\/thycotic.com\/solutions\/free-it-tools\/weak-password-finder\/<\/p>\n\n\n\n
Wireshark
\nLLMNR
\nudp.port == 5355 (display filter)
\nudp port 5355 (capture filter)
\nLeave running for 1 hour +
\nclients that send requests have “Netbios over TCP” enabled
\nmultiple random requests = dns pre-fetching in Chrome
\nhttps:\/\/osqa-ask.wireshark.org\/questions\/12840\/weird-nbns-queries<\/p>\n\n\n\n
Disable Netbios & LLMNR
\nhttp:\/\/woshub.com\/how-to-disable-netbios-over-tcpip-and-llmnr-using-gpo\/<\/p>\n\n\n\n
Netbios test
start, run, cmd, nbtstat -n
should return “Failed to access NetBT driver — NetBT may not be loaded”
else Netbios is enabled<\/p>\n\n\n\n
How to turn NetBios off (single Computer) <\/p>\n\n\n\n
net stop “TCP\/IP NetBIOS Helper”
net stop netbt
sc config netbt start= disabled<\/p>\n\n\n\n
NetBios is only used when trying to share files locally on a HOME network. Not used for Internet anything. Not used by DropBox, OneDrive, Google Drive etc.<\/p>\n\n\n\n
Just for reference this is the order that Windows uses to turn a name into a IP address (Name resolution) <\/p>\n\n\n\n
DNS (ie server.domain.tld used by the internet)
WINS (Windows Internal Name Service can span multiple Subnets if setup properly)
LLMNR (Link Local Multicast Name Resolution can span multiple Switches if setup properly)
NetBIOS (local Subnet only)
Broadcast (local Subnet only) <\/p>\n\n\n\n
Microsoft PortQryUI https:\/\/www.microsoft.com\/en-ca\/download\/details.aspx?id=24009
there is also a PortQry command line without the UI<\/p>\n","protected":false},"excerpt":{"rendered":"
Some Simple Security Tests to get Small Businesses started Thycotic Weak Password finder; tests for LanMan, Weak hashes etc. and shows which of those accounts have Administrator privilege. https:\/\/thycotic.com\/solutions\/free-it-tools\/weak-password-finder\/ Wireshark…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[4,3],"class_list":["post-18","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-security","tag-smb"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/18","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=18"}],"version-history":[{"count":2,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/18\/revisions"}],"predecessor-version":[{"id":1552,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/18\/revisions\/1552"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=18"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=18"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=18"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}