John works as a professional Ethical Hacker. He has been assigned the project of testing the
security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to
attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP
printing capability from the server. He is suggesting this as a countermeasure against
__________.

A.
SNMP enumeration

B.
IIS buffer overflow

C.
NetBIOS NULL session

D.
DNS zone transfer

Explanation:
Removing the IPP printing capability from a server is a good countermeasure
against an IIS buffer overflow attack. A Network Administrator should take the following steps to
prevent a Web server from IIS buffer overflow attacks: Conduct frequent scans for server
vulnerabilities. Install the upgrades of Microsoft service packs.
Implement effective firewalls. Apply URLScan and IISLockdown utilities. Remove the IPP printing
not allow DNS zone transfer using the DNS property sheet: a.Open DNS. b.Right-click a DNS
zone and click Properties. c.On the Zone Transfer tab, clear the Allow zone transfers check box.
Configure the master DNS server to allow zone transfers only from secondary DNS servers:
a.Open DNS. b.Right-click a DNS zone and click Properties. c.On the zone transfer tab, select the
Allow zone transfers check box, and then do one of the following: To allow zone transfers only to
the DNS servers listed on the name servers tab, click on the Only to the servers listed on the
Name Server tab. To allow zone transfers only to specific DNS servers, click Only to the following
servers, and add the IP address of one or more servers. Deny all unauthorized inbound
incorrect. The following are the countermeasures against SNMP enumeration: 1.Removing the
SNMP agent or disabling the SNMP service 2.Changing the default PUBLIC community name
when ‘shutting off SNMP’ is not an option 3.Implementing the Group Policy security option called
Additional restrictions for anonymous connections 4.Restricting access to NULL session pipes and
NULL session shares 5.Upgrading SNMP Version 1 with the latest version 6.Implementing Access
control list filtering to allow only access to the read-write community from approved stations or
especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps
can be taken to limit NetBIOS NULL session vulnerabilities: 1.Null sessions require access to the
TCP 139 or TCP 445 port, which can be disabled by a Network Administrator. 2.A Network
Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client
TCP/IP from the interface. 3.A Network Administrator can also restrict the anonymous user by
editing the registry values: a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA.
b.Choose edit > add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2