In a Windows environment, null sessions can allow users to have anonymous access to hidden administrative shares on a system.
Once connected to the shares through a null session, attackers can potentially enumerate information about your system and environment, such as users and groups, operating systems, password policies, privileges, etc. With this information, an attacker can learn about any potential vulnerabilities or ways to best attack your systems.
Disabling null sessions is a key way to help you strengthen your organization’s security and reduce your attack surface.
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.
Edit GPO- Go to Computer configuration\Policies\Windows settings\Security Settings\Local Policies\SecurityOptions
If you open regedit and browse to:
Figure 1: Modifying the RestrictAnonymous key in the registry
Have questions or want to learn more about Blumira? We’re happy to help.