Microsoft last week had published a new anti – surveillance tool called NetCease. The development team was headed by two Microsoft researchers. One is Itay Grady and the other is Tal Be’ery. This device can help system administrators defend their networks from malicious probe.
This malicious probe is also known as reconnaissance attack. It is referred to as a network scan and there are two ways that this unwanted probe can take place. It may take place, first, before a breach wherein the goal is to find entry points for spiteful software to come in to the computer. The other is when the malware had already begun intervention and is now looking for sensitive nodes to attack on the network. The tool is a command – line script had been designed for this second type of attack.
It is the gathering of data from local computers by the attackers that NetCease will protect the network from. It performs this operation using the NetSessionEnum function.
Computers on a corporate network are attached to a master domain controller. Anyone, even without authentication, can pry into another computer on the network through NetSessionEnum. With this method, potential hackers can easily collect tracking information like IP addresses, usernames and network session time.
These sessions could take only less than a hundred minutes so that the attacker can have ample time to survey the network for points of weakness where they can strike. A pen – testing tool had even been used to make the hacker’s job a lot easier.
As it had been explained by the software developers from Microsoft, NetCease is a command-line script. It enables administrators to operate on all computers in the network. Beneath the surface, NetCease works on the computer’s registry. It alters that registry key which controls access permissions preventing unauthorized persons from extracting information from a local computer in the network.
The only way to adjust default settings on network access permissions is to manually edit the entry on the computer’s registry. Hence, Microsoft’s developers had written the NetCease function. This computer code should be able to block security attackers from collecting important surveillance information.
The script fortified access to the NetSessionEnum function so that permission to execute for authenticated user had been revoked. Additional permissions are given to administrators and system operators so that they can call on this function remotely and initiate an interactive session.
The NetCease can be downloaded from Microsoft’s Portal. Corresponding documentation comes with the package.