Detailed scan results: Analyzing shares In the wild, there is malicious software (e.g. worms and viruses such as Klez, Bugbear, Elkern and Lovgate) that can spread out and infect entire systems through open shares that are available on network computers. Handling open shares GFI LANguard N.S.S. 8 is able to identify open shares present on network computers and enumerate them in the scan results for your attention and analysis. To access the list of open shares discovered on a target computer, click on the Shares sub-node. Screenshot 36 - Shares node Through the details provided in the Shares sub-node you can identify: 1. Users sharing entire hard-drives. 2. Shares that have weak or incorrectly configured access permissions e.g. shares that can be accessed without the need for authentication. 3. Startup folders and similar system files that are accessible by unauthorized users or through user accounts that don’t have administrator privileges but are yet allowed to execute code on target computers. 4. Unnecessary or unused shares. For every open share detected GFI LANguard N.S.S. collects and enumerates the following information in the scan results: • Share name • Share remark (extra details on the share) • Folder which is being shared on the target computer • Share permissions and access rights • NTFS permissions and access rights. Handling administrative shares Every Windows computer has administrative shares (C$, D$, E$ etc.) which GFI LANguard N.S.S. will by default enumerate during target computer scanning. As these can become irrelevant to your security audit you can configure GFI LANguard N.S.S. not to report such administrative shares. For more information on how to achieve this refer to the ‘Customizing OS Data Retrieval parameters’ section in the 'Scanning Profiles’ chapter.
