search cancel

Network Flow Analysis Vul ID: VYo

book

Article ID: 229377

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

While using NFA you may get flagged for a vulnerability Vul ID: V-225429:

Rule Title
: Non system-created file shares on a system must limit access to groups that require it.

Discussion: Shares on a system provide network access. To prevent exposing sensitive information, where shares are necessary, permissions must be reconfigured to give the minimum access to those accounts that require it.

Check Text: If only system-created shares such as "ADMIN$", "C$", and "IPC$" exist on the system, this is NA.
(System-created shares will display a message that it has been shared for administrative purposes when "Properties" is selected.)

Run "Computer Management".
Navigate to System Tools >> Shared Folders >> Shares.

Right click any non-system-created shares.
Select "Properties".
Select the "Share Permissions" tab.

If the file shares have not been reconfigured to restrict permissions to the specific groups or accounts that require access, this is a finding.

Select the "Security" tab.

If the NTFS permissions have not been reconfigured to restrict permissions to the specific groups or accounts that require access, this is a finding.

Fix Text: If a non-system-created share is required on a system, configure the share and NTFS permissions to limit access to the specific groups or accounts that require it.

Remove any unnecessary non-system-created shares.

Cause

There could be an old product created DataShare shared folder as well as any user created share folders.

Environment

Release : 9.1+

Component : NFA

Resolution

It is safe to disable all shares in NFA. The product does not require ANY folders to be shared.