Securing your domain internally is but one aspect of security. The system administrator must also be aware of network security issues. In this article, we explore the need to protect network shares, use firewalls, restrict RAS services, invoke IP security, and use other TCP/IP-based applications safely. The text is extracted from our book, The Ultimate Windows 2000 System Administrator's Guide (Addison Wesley, 2000). Although some of the text is focused on Microsoft enterprise environments, the principles broadly address other operating system environments.
Protecting Network Shares
Network shares are an important part of the distributed computing environment because they greatly enhance accessibility. However, they also represent a potential security weakness. To minimize problems associated with network shares, keep these administrative concepts in mind:
The root share determines share permissions for all subdirectories. Subdirectories within a root share cannot be further restricted with share permissions, so NTFS permissions should be used for finer granular control.
Share permissions restrict only network users (but not local users).
Share names are visible to all users, and should not reveal sensitive information or invite an attack.
Hidden shares can be displayed using the net share command from the Command Prompt. They should be removed if not in use.
One way to minimize the risk to hidden administrative shares is to remove them. Using the Registry Editor, set the Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters to 0, which disables hidden shares C$ and D$ (administrative shares).
However, if you are backing up files using these administrative shares, the 0 setting prevents you from doing so.