3.5 Enumeration Countermeasures

Use the following checklist of countermeasures to effectively reconfigure your Internet-facing systems not to give away potentially sensitive information:

• Configure web servers to prevent indexing of directories that don't contain index.html or similar index files (default.asp under IIS, for example). Also ensure that sensitive documents and files aren't kept on publicly accessible hosts, such as HTTP or FTP servers.

• Always use a generic, centralized network administration contact detail (such as an IT help desk) in Network Information Center databases, to prevent potential social engineering and war dialing attacks against IT departments from being effective.

• Configure all name servers to disallow DNS zone transfers to untrusted hosts.

• Ensure that nonpublic hostnames aren't referenced to IP addresses within the DNS zone files of publicly accessible DNS servers, to prevent reverse DNS sweeping from being effective. This practice is known as split horizon DNS, using separate DNS zones internally and externally.

• Ensure that HINFO and other novelty records don't appear in DNS zone files.

• Configure SMTP servers either to ignore email messages to unknown recipients or to send responses that don't include the following types of information:

  • Details of mail relay systems being used (such as Sendmail or MS Exchange).

  • Internal IP address or host information.