Category: 

What Is a Null Session?

Null sessions may leave computer networks vulnerable to hackers.
Each operating system uses a slightly different process to disable null sessions.
Article Details
  • Written By: Mary McMahon
  • Edited By: A. Joseph
  • Last Modified Date: 21 October 2014
  • Copyright Protected:
    2003-2014
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
Bumblebees were called humblebees until the early 20th century because of the humming noise made by their wings.  more...

November 29 ,  1947 :  The United Nations approved a proposal to partition Palestine.  more...

A null session is a login to a network using an anonymous identity that allows the user to see a list of available resources on the network. This works through a share known as the interprocess communication (IPC$) on Windows® computers. Many Windows® operating systems come with null sessions enabled by default, and some allow users to turn off this function if they have concerns about security and there is no reason to leave it enabled.

There are several security issues with a null session connection. One is that it can allow a hacker read/write access on the computers on the network. This can be used to insert malicious code and other materials onto computers without passwords. The hacker also can take the list of resources and user names generated and attempt to crack the passwords; even with password protection, if the hacker can figure out the password, it will be possible to do damage during a null session.

Ad

On university networks in particular, null sessions can be a significant security threat and might cause problems at the information technology (IT) department. College students might not secure their resources at all or could use obvious passwords that are easy to guess. After the computers are infected with worms, viruses and other materials, they can infect the entire network, creating an outbreak of computer issues. Secured computers that contain confidential data might be connected to the network, so this could lead to the release of private information, such as student records, if a hacker is particularly determined.

The anonymous connection allows a hacker to spy on activities that are occurring on the network. Information technology (IT) staff members will be able to see the null session if they log on to look at users, and some security systems are set to alert when someone appears to be scanning a network with such a session. Although a null session can have valid and entirely legal uses, these might be limited enough that the computers attached to a network might be configured to disallow such connections for safety reasons.

Each operating system uses a slightly different process to disable null sessions. Network users might be able to ask IT staff members for help. Many administrators on college and office networks, for instance, maintain an online guide to common network tasks, including disallowing null sessions. If users do not feel comfortable doing this, they can ask someone in the IT department to configure their computer to address this potential security exploit.

Ad

More from Wisegeek

You might also Like

Discuss this Article

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email