Openvas: sfruttamento dei risultati

Sono un amministratore IT e al momento cerco di proteggere la mia rete. Ho fatto un'analisi della sicurezza con OpenVAS su un computer, e ho difficoltà a sfruttare il risultato:

Vulnerability Detection Result

Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this host:

Port: 49152/tcp

UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49152]

Port: 49153/tcp

UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: Event log TCPIP

UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: NRP server endpoint

UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: DHCPv6 Client LRPC Endpoint

UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: DHCP Client LRPC Endpoint

UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49153]
Annotation: Security Center

Port: 49154/tcp

UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]

UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: IP Transition Configuration endpoint

UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: XactSrv service

UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo

UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo

UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo

UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49154]
Annotation: AppInfo

Port: 49155/tcp

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49155]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

Port: 49169/tcp

UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:192.168.1.30[49169]

Port: 49177/tcp

UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49177]
Annotation: Spooler function endpoint

UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49177]
Annotation: Spooler base remote object endpoint

UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
Endpoint: ncacn_ip_tcp:192.168.1.30[49177]
Annotation: Spooler function endpoint

Solution : filter incoming traffic to this port(s).

Solution

filter incoming traffic to this port.
Vulnerability Detection Method

Details: DCE Services Enumeration (OID: 1.3.6.1.4.1.25623.1.0.10736)

Version used: $Revision: 41 $

• Come posso verificare tutti i servizi?
• Il computer è infetto da uno o più virus?