Check or Attack Name: All Access NetBIOS share found

An SMB share was detected with no password required for full access. In some cases, an attacker can use these shares to gain access to the entire hard drive. It is common to find shares with all access enabled, since this is the default when the share is created. It is best to explicitly set the access control list on all shares.

False Positives: In some cases, machines running Samba will show false positives.

False Negatives: Applying the lm-fix patch will prevent you from accessing a Windows 95 share from a Windows NT machine.

Remove the share.

Windows: To remove a share, choose one of these options:

• Remove the share from a local computer:
  1. From the local computer, open Windows NT Explorer.
  2. Navigate to the shared folder.
  3. Right-click the shared folder name and select Sharing to display the Properties dialog box.
  4. To disallow access to all users, select the Not Shared check box.

• Remove the share from a remote computer:
  1. From a remote computer, open the Server Manager.
  2. Select the host name.
  3. From the Computer menu, select Shared Directories to display the Shared Directories dialog box.
  4. Select the NetBIOS share.
  5. Choose Stop Sharing.

• Remove the share from the command line:

  From a command prompt, type: net share sharename /delete

Other Operating Systems: Enable some form of access control as described in your OS documentation.