Preventing two vulnearbilities

I have a Server 2003 domain controller that I am able to access from home
through our border firewall. I have run a scan using a product from McAfee
called Foundstone. The Foundstone reports two issues:

1. possible DNS cache snooping

2. NetBIOS Null Session Enabled

If anybody knows how to fix these two problems I would appreciate the help.
Thanks.

"J Wolfgang Goerlich" wrote:

> Hello,
>
> > I have a Server 2003 domain controller that I am able to access from home
> > through our border firewall.
>
> To me, this is a bigger security concern than the DNS cache and null
> sessions. I recommend you not have the domain controller accessible
> over a firewall. While the Foundstone reports are a good start, they
> will not catch all vulnerabilities that you are introducing by making
> your DC publically accessible.
>
> > 1. possible DNS cache snooping
>
> Open the DNS console. Right-click your computer, Properties. Click on
> the Advanced tab. Check [x] Secure cache against polution.
>
> > 2. NetBIOS Null Session Enabled
>
> Open Active Directory Users and Computers. Right-click Domain
> Controllers, Properties. Click the Group Policy tab and edit the
> Default Domain Controller Policy. Expand Windows Settings > Security
> Settings > Local Policies > Security Options. Enable "Network access:
> Do not allow anonymous enumeration of SAM accounts" and "Network
> access: Do not allow anonymous enumeration of SAM accounts and shares"
>
> Hope that helps,
>
> --
> J. Wolfgang Goerlich
> http://www.jwgoerlich.us
> http://www.linkedin.com/in/jwgoerlich
>
> Thanks. I should have mentioned earlier that I already applied the settings that were mentioned, and I am still getting the same report. Any other suggestions? Thanks.

I had another question concerning netbios null sessions. I noticed that
under non plug and play devices, that netbios over tcp/ip is enabled. Just
as a test, I disabled it, and restarted the server. Upon reboot, computers
were able to log in, but access to mapped drives was denied. It looks like
port 445 is used to map network drives. Unfortunatlely the Domain Controller
also servers as a file I turned on the netbios over tcp/ip back on and was
able to accessed mapped drives again.

In a worst case scenario, If I had to disable netbios over tcp/ip in the non
plug and play devices, is there a way to specify which port mapped drives
should be using?

Also what effects would this have on Active Directory?

What effect will it have on WSUS 2.0?

Thanks for any help.

"zeb2100" wrote:

>
>
> "J Wolfgang Goerlich" wrote:
>
> > Hello,
> >
> > > I have a Server 2003 domain controller that I am able to access from home
> > > through our border firewall.
> >
> > To me, this is a bigger security concern than the DNS cache and null
> > sessions. I recommend you not have the domain controller accessible
> > over a firewall. While the Foundstone reports are a good start, they
> > will not catch all vulnerabilities that you are introducing by making
> > your DC publically accessible.
> >
> > > 1. possible DNS cache snooping
> >
> > Open the DNS console. Right-click your computer, Properties. Click on
> > the Advanced tab. Check [x] Secure cache against polution.
> >
> > > 2. NetBIOS Null Session Enabled
> >
> > Open Active Directory Users and Computers. Right-click Domain
> > Controllers, Properties. Click the Group Policy tab and edit the
> > Default Domain Controller Policy. Expand Windows Settings > Security
> > Settings > Local Policies > Security Options. Enable "Network access:
> > Do not allow anonymous enumeration of SAM accounts" and "Network
> > access: Do not allow anonymous enumeration of SAM accounts and shares"
> >
> > Hope that helps,
> >
> > --
> > J. Wolfgang Goerlich
> > http://www.jwgoerlich.us
> > http://www.linkedin.com/in/jwgoerlich
> >
> > Thanks. I should have mentioned earlier that I already applied the settings that were mentioned, and I am still getting the same report. Any other suggestions? Thanks.