
	Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > How do I secure Windows NT/XP using the NetBIOS and LDAP protocols?

Ask The Security Expert: Questions & Answers

EMAIL THIS

How do I secure Windows NT/XP using the NetBIOS and LDAP protocols?

EXPERT RESPONSE FROM: Ed Skoudis

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 03 May 2006
How do I secure Windows NT/XP using the NetBIOS and LDAP protocols? What steps should I take to detect and protect against intruders?

EXPERT RESPONSE
If you need to transmit NetBIOS or LDAP across an untrusted network (i.e., the Internet, your DMZ, internal network, etc.), use an encrypted VPN to ensure it is protected. For detection, employ strong host-based security on both endpoints. Use both antivirus and antispyware tools to detect any malware inserted there. Also, diligently review the logs from these machines and look for suspicious entries, including changes to critical system files. Next, run a file integrity-checking tool, such as Tripwire, on each endpoint. Then make sure the system administrators on the server side diligently watch for additional users added to the admin group.

If you need more information, you can download the Intrusion Discovery Cheat Sheets I wrote at www.sans.org/resources/winsacheatsheet.pdf
and www.sans.org/resources/linsacheatsheet.pdf.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Web Access Control
	Sun launches open source OpenSSO for identity management
	Should a new user have to confirm his or her email address before gaining access?
	Shared Identity Providers Could Soothe Password Chaos
	Users are complaining that they can no longer reach any login site belonging to Microsoft. Any ideas?
	Vista WIL: How to take control of data integrity levels
	Video: Changes ahead for MIT Kerberos Consortium
	Kerberos security evolves for B2B, mobile tech
	Kerberos: Authentication with some drawbacks
	Sun shifts strategy with GRC push
	CardSpace vs. user IDs and passwords

Password Policy

Shared Identity Providers Could Soothe Password Chaos

Is it possible to write a batch file that allows user access to the local admin group for a short time?

IAM best practices for employees with varying degrees of access to the same computer

Is it illegal for anyone in an enterprise to ask an employee for his or her password?

Former LendingTree employees pilfer firm's customer database

Security360: Identity management market

Survey finds access control problems at many firms

What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

Should users set up password expiries in Active Directory?

IBM releases simplified Tivoli Identity Manager

Expert Archive: Information Security Threats

Are there antivirus suites that pick up more than just run-of-the-mill viruses?

What tools can a hacker use to crack a laptop password?

Are social networking sites an easy target for malicious hackers?

What are the dangers of cross-site request forgery attacks (CSRF)?

Should social engineering tests be included in penetration testing?

What kind of data is compromised during a Google hack?

Best practices for using restriction policy whitelists

Defining mobile device security concerns

What are the risks associated with RIM's line of PDAs?

What security measures can be taken to stop crimeware kits?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

access log (SearchSecurity.com)

anonymous Web surfing (SearchSecurity.com)

authentication, authorization, and accounting (SearchSecurity.com)

identity chaos (SearchSecurity.com)

multifactor authentication (MFA) (SearchSecurity.com)

walled garden (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy