Saturday, August 10, 2019

Mac VS Windows Security Essay Example | Topics and Well Written Essays - 500 words

Mac VS Windows Security - Essay Example Afterward, the attacker tricks the victim into connecting with him before the attacker establishes connection to the target, receives the 8-byte challenge. Subsequently, the attacker sends the 8-byte challenge to victim, who then responds to the attacker with the password hash. Attacker responds back to the targets challenge with the victims hash and finally Target grants access to attacker† (SkullSecurity, 2008). The Protective measure of this problem is to remove NetBIOS from any network card to reduce the possibility of abusing SMB. In addition, the following steps can help mitigate this weakness: â€Å"Enable (and require) NTLMv2 authentication -- this will prevent pre-computed attacks, because the client provides part of the randomness. Enable (and require) message signing for both clients and servers -- this will prevent relay attacks. Install ms08-068 -- this will prevent a specific subset of relay attacks, where its relayed back to itself.† (SkullSecurity, 2008) RPS attack (Remote procedure call) is used over SMB to offer file and printing sharing. Attacker can compromise the system by sending RPC request to gain access. This usually happens through port 139, which is known as the NetBIOS. â€Å"NetBIOS over the Internet is an enormous security risk. The NetBIOS protocol gives people the ability to obtain all kind of information from your systems like your domain, workgroup and system names, as well as account information. To prevent this from happening make sure that on your border gateways you filter out all in- and outgoing traffic for ports 137, 138 and 139.† (Dennis Leeuw dleeuw, 2011) That being said, Mac, UNIX/Linux machines also use these ports, due to a Windows-file-sharing-compatibility package called Samba. Another vulnerability we are introducing is the Abusing remote Desktop Protocol (RDP). Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, which provides a user with a

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.