Which single service can you disable to stop approximately two-thirds of the exploration tools used against Windows NT/2000?
A.
The Schedule service.
B.
The POSIX subsystem with the C2Config tool.
C.
The Ansi.sys from the boot loader.
D.
The NetBIOS service.
Explanation:
Disabling the NetBIOS service is a good server hardening precaution. Hackers can utilize the NetBIOS service to get account information on Windows 2000/NT systems.
Note: NetBIOS is the networking protocol used by Windows Machines to communicate with each other on the network.
Incorrect Answers:
A: All the schedule service provides is the ability to schedule other tasks to run at scheduled times. It would not prevent any tools or commands from running at all, it just prevents someone to schedule these tools and tasks from being scheduled on a time basis. Note: The Schedule service was used to by hackers to gain access to Windows NT 4.0 Servers. This was due to a bug in Internet Explorer.
B: This is not the most vulnerable service on Windows NT/2000. Note: The POSIX subsystem is the UNIX compatibility feature of Windows NT and Windows 2000. It is removed by using the C2Config tool provided in the Resource Kit. This feature is large, provides a lot more functionality that is rarely ever used, and can these resource can be released by using C2Configuration options. Many tools provided via the POSIX feature will be removed, including many of the exploration tools
C: ANSI.SYS: Defines functions that change display graphics, control cursor movement, and reassign keys. The ANSI.SYS device driver supports ANSI terminal emulation of escape sequences to control your system’s screen and keyboard. An ANSI escape 1D0-470
sequence is a sequence of ASCII characters, the first two of which are the escape character (1Bh) and the left-bracket character (5Bh). The character or characters following the escape and left-bracket characters specify an alphanumeric code that controls a keyboard or display function. ANSI escape sequences distinguish between uppercase and lowercase letters; for example, “A” and “a” have completely different meanings. ANSI.SYS is NOT an exploration tool, and only affects the local terminal/console.