Check Windows Shares Configurations to Prevent Hacks
Windows shares are the available network drives that show up when users browse in my Network Places. Windows shares are often misconfigured, allowing hackers and others to have access to them when they shouldn’t. The casual browser can exploit this security vulnerability, but a malicious insider gaining unauthorized access to a Windows system can result in serious security and compliance consequences.
Windows default share permissions
The default share permission depends on the Windows system version.
When creating shares in Windows NT and Windows 2000, the group Everyone is given Full Control access in the share by default for all files to
Anyone who maps to the IPC$ connection with a null session is automatically made part of the Everyone group. This means that remote hackers can automatically gain Browse, Read, and Write access to a Windows NT or Windows 2000 server after establishing a null session.
Windows XP and newer
In Windows XP and newer (Windows Server 2008 R2, Windows 7, and so on), the Everyone group is given only Read access to shares. This is definitely an improvement over the defaults in Windows 2000 and Windows NT. However, you still might have situations in which you don’t want the Everyone group to have Read access to a share.
Share permissions are different from file permissions. When creating shares, you have to set both. In current versions of Windows, this helps create hoops for casual users to jump through and discourage share creation, but it’s not foolproof. Unless you have your Windows desktops completely locked down, users can still share at will.
Test for weaknesses in share permissions
Assessing your share permissions is a good way to get an overall view of who can access what. This testing shows how vulnerable your network shares — and sensitive information — can be. You can find shares with default permissions and unnecessary access rights enabled. Trust me; they’re everywhere!
The best way to test for share weaknesses is to log in to the Windows system via a standard local or domain user with no special privileges and run an enumeration program so you can see who has access to what.
LanGuard has a built-in share finder tool for uncovering unprotected shares.
The Everyone group has full share and file access to the LifeandHealth share on the THINKPAD host. Situations like this occur all the time where someone shares their local drive so others can access it. The problem is they often forget to remove the permissions and leave a gaping hole for a security breach.