Request your Free Internet Security Scan.

I n t e r n e tS e c u r i t yS c a n

Performed For: Grassroots Accounting

10/24/2001



1100 E. HECTOR STREET
SUITE 318
CONSHOHOCKEN, PA 19428
tel 610.260.9989
fax 610.260.9969
www.Netforcement.com
Executive Summary

Internet Security Scan
Performed For: Grassroots Accounting
10/24/2001



This report was generated after running a scan of your computer network from the Internet. Most companies do not know what their computer network looks like from the Internet, but if you are connected to it, it's connected to you.

This scan shows information about your network which is available to anyone on the Internet. Analyzing this information and closing security holes will help to shore up your network defenses. Your network has several serious security flaws that require immediate attention.


The following points have been ascertained from this network scan report.


Security Risks:

  • The Novell BorderManager firewall is incorectly configured allowing full access to SERVER at 1.2.3.50.
  • Your SERVER has been compromised by the Back Orifice 2000 trojan allowing outsiders full access to your entire Intranet.
  • Your SERVER is running as a web server but is not located in a DMZ.
  • Your SERVER has Microsoft Frontpage extensions loaded. These are known to have security issues.
  • Your network has a very poor password policy that could be easily compromised.


Action Items:

  1. Remove the Back Orifice 2000 trojan from SERVER at 1.2.3.50
  2. Configure Novell BorderManager firewall properly
  3. Purchase another firewall to create a DMZ for the web SERVER
  4. Remove the Microsoft Frontpage extensions from SERVER at 1.2.3.50
  5. Install Microsofts URLscan filter for IIS on web SERVER at 1.2.3.50
  6. Rename the adminstrator account
  7. Remove the guest account
  8. Update your Password Policy: Poor password selection is frequently a major problem for any system's security. Users should be forced to change their passwords regulary (every 30 to 90 days) and should be 12 or more characters in length on Windows systems. The passwords should include upper and lower case letters, numbers, and special characters.

Internet Security Scan


Scanning range : 1.2.3.1-1.2.3.254     [ 3 computers found ]
 Computer   Details   Hostname   Username   Operating System 
1.2.3.1      netbuilder.grassrootsacct.com 3Com Switch
1.2.3.2      borderman.grassrootsacct.com Novell
1.2.3.50    Netbios names Shares Users Network transports Remote time of day Password policy SNMP info Open ports Alerts   SERVER SERVER Windows 2000


1.2.3.1  [ netbuilder.grassrootsacct.com ]   (  3Com Switch )
  IP Address : 1.2.3.1
  Resolved : netbuilder.grassrootsacct.com
  Operating System : 3Com Switch
  Time to live (TTL) : 248 (255) - 7 hop(s) away


1.2.3.2  [ borderman.grassrootsacct.com ]   ( Novell )
  IP Address : 1.2.3.2
  Resolved : borderman.grassrootsacct.com
  Operating System : Novell
  Time to live (TTL) : 120 (128) - 8 hop(s) away
1.2.3.50  [ SERVER ]   ( Windows 2000 )
  IP Address : 1.2.3.50
  HostName : SERVER
  MAC : 00-56-44-4D-6C-2C (3Com)
  UserName : SERVER
  LAN Manager : Windows 2000 LAN Manager
  Domain : WEB
  Operating System : Windows 2000
  Computer usage : NT/2k Workstation
  Time to live (TTL) : 119 (128) - 9 hop(s) away

  NETBIOS names (9)     
   SERVER  -  Workstation Service     
   SERVER  -  File Server Service     
   WEB  -  Domain Name     
   WEB  -  Browser Service Elections     
   SERVER  -  Messenger Service     
   INet~Services  -  IIS     
   IS~SERVER  -  Workstation Service     
   SERVER  -  Microsoft Exchange IMC     
   SERVER  -  Microsoft Exchange MTA

  Shares (3)     
    IPC$  - Remote IPC        
    ADMIN$  - Remote Admin        
    C$  - Default share   

  Users (5)    
      Administrator ( )    
            FullName :    
            Privilege : Administrator (*)    
            Homedir :    
            Comment : Built-in account for administering the computer/domain    
            UserComment :    
            ScriptPath :    
            Workstations :    
            Last Logon : 4 Oct 2001, 12:30:48    
            Password age : 22 days, 19 hours, 2 minutes, 18 seconds    
            # Logons : 10    
            Bad Passwords Count : 0    
      JLENO ( Fred Simpson )    
            FullName : Fred Simpson    
            Privilege : Administrator (*)    
            Homedir :    
            Comment :    
            UserComment :    
            ScriptPath :    
            Workstations :    
            Last Logon : 24 Oct 2001, 9:30:41    
            Password age : 19 days, 5 hours, 28 minutes, 46 seconds    
            # Logons : 14    
            Bad Passwords Count : 0    
      Guest ( )    
            FullName :    
            Privilege : Guest    
            Flags : ACCOUNT_DISABLED , PASSWORD_NOT_REQUIRED , PASSWORD_CANNOT_BE_CHANGED    
            Homedir :    
            Comment : Built-in account for guest access to the computer/domain    
            UserComment :    
            ScriptPath :    
            Workstations :    
            Last Logon : never    
            Password age : N/A    
            # Logons : 0    
            Bad Passwords Count : 0    
      IWAM_SERVER ( Launch IIS Process Account )    
            FullName : Launch IIS Process Account    
            Privilege : Guest    
            Flags : PASSWORD_NOT_REQUIRED , PASSWORD_CANNOT_BE_CHANGED    
            Homedir :    
            Comment : Built-in account for Internet Information Services to start out of process applications    
            UserComment : Built-in account for Internet Information Services to start out of process applications    
            ScriptPath :    
            Workstations :    
            Last Logon : 24 Oct 2001, 13:23:45    
            Password age : 19 days, 6 hours, 58 minutes, 47 seconds    
            # Logons : 24    
            Bad Passwords Count : 0

  Network devices (4)    
      \Device\NetBT_Tcpip_{DA6AA6AD-F6CC-49A7-B4F1-84342DD30C41} (00-50-04-AD-2C-B2)    
      \Device\NetBT_Tcpip_{DA6AA6AD-F6CC-49A7-B4F1-84342DD30C41} (00-50-04-AD-2C-B2)    
      \Device\NetbiosSmb (local)    
      \Device\NetbiosSmb (local)

  Remote TOD (time of day)    
     Time of day : 24 Oct 2001 , 21:33.59 , GMT - 4    
     UpTime : 4 hours, 4 minutes, 30 seconds

  Password policy     
   Minimum password length : 0 chars     
   Maximum password age : 0 days     
   Minimum password age : no delay     
   Force logoff : never force     
   Password history : no history

  SNMP info (system)    
      sysDescr : Hardware: x86 Family 6 Model 7 Stepping 2 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)    
      sysUpTime : 3 hours, 59 minutes, 37 seconds    
      sysName : SERVER    
      Object ID : 1.3.6.1.4.1.311.1.1.3.1.1 (NT Workstation)    
      Vendor : Microsoft

  Open Ports (10)    
      13 [ Daytime => Time of day ]    
            5:34:10 PM 10/24/2001    
      25 [ Smtp => Simple Mail Transfer Protocol ]    
            220 SERVER Microsoft ESMTP MAIL Service, Version: 5.0.2195.3779 ready at Wed, 24 Oct 2001 17:34:10 -0400    
      80 [ Http => World Wide Web, HTTP ]    
            HTTP/1.1 400 Bad Request    
            Server: Microsoft-IIS/5.0    
            Date: Wed, 24 Oct 2001 21:34:10 GMT    
            Content-Type: text/html    
            Content-Length: 87    
      135 [ epmap => DCE endpoint resolution ]    
      139 [ Netbios-ssn => NETBIOS Session Service ]    
      443 [ HttpS => Secure HTTP ]    
      445 [ Microsoft-Ds ]    
      1433 [ Microsoft SQL server ]    
      5631 [ pcANYWHEREdata => Remote Control Software ]    
      54320 [ Back Orifice 2000 ]

  Alerts (13)    (Legend :   - High   - Medium   - Low   - Information)

     Backdoors (1)    
         Back Orifice 2000 (54320)

     CGI Abuses (8)    
         .ida/.idq trick    
            Impact : posibility to guess physical paths    
         .ida/.idq trick (2)    
            Impact : posibility to guess physical paths    
         Frontpage check (1)    
            Impact : Frontpage extensions are installed on this computer    
         Frontpage check (2)    
            Impact : Some versions of Frontpage are vulnerable to denial of service attacks    
            Bugtraq ID : 1608    
         Frontpage check (3)    
            Impact : Some versions of Frontpage are vulnerable to denial of service attacks    
            Bugtraq ID : 1608    
         ASP source using ::$DATA trick    
            Impact : Retrive the source code of the remote ASP scripts    
            Bugtraq ID : CVE-1999-0278    
         Microsoft IIS 4.0 IISADMPWD Proxied Password Attack    
            Impact : Unauthorized access to your computer    
            Bugtraq ID : 2110    
         Frontpage check (1)    
            Impact : Frontpage extensions are installed on this computer

     Service_Alerts (3)    
         Administrator account exists    
            Description : It is recommended to rename this account    
         User Guest ( ) never logged on    
            Description : It is recommended to remove this account if not used    
         User IUSR_SERVER ( Internet Guest Account ) never logged on    
            Description : It is recommended to remove this account if not used

     Info_Alerts (1)    
         Microsoft SQL server    
            Description : Microsoft SQL server is installed on this computer

Wednesday, 24 October 2001 - 06:12 PM
Copyright © 2001 GFI Software Ltd.
1100 E. HECTOR STREET
SUITE 318
CONSHOHOCKEN, PA 19428
tel 610.260.9989
fax 610.260.9969
www.Netforcement.com

Request your Free Internet Security Scan.