In enumeration an adversary collects information on applications and hosts on the network and on the user accounts used on the network. Protocols such as ICMP and SNMP offer a good view of the network for either protection or hacking purposes.
Protect network resources and services
Remove network services that are running but are not being used.
Remove default user accounts that have no passwords.
Remove guest accounts.
Protect user accounts on web sites
Return a generic “No such username or password” message when a login failure occurs.
Make sure the time taken to respond are no different when a username does not exist, and an incorrect password is entered.
A “forgotten password” page is not to reveal usernames.
If the password reset process involves sending an email with a password reset link, have the user enter their email address and not a username for requesting the reset.
Do not have the site tell people that a supplied username is already taken.
If usernames are email addresses, send a password reset email if a user tries to register an existing address.