Securing the Registry.
From: Stephen O'Sullivan (steve_at_nospam_noway_dontyoudare.net)
Date: 11/24/03
- Next message: Vincent Haakmat: "help... I am getting bombarded by @swen virus"
- Previous message: Ben F. Marshall: "Security Problem With Windows 2003"
- Next in thread: S. Pidgorny
: "Re: Securing the Registry." - Reply: S. Pidgorny
: "Re: Securing the Registry." - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Nov 2003 17:36:38 -0000
G/day forum,
I've been ploughing through documents and whitepapers on how to secure your
web server, the best resource of all was probably Improving Web Application
Security - Threats and Countermeasures, an absoloute bible for all ye web
admins out there. Before you read the part i'm querying, it i just want to
doublecheck that i'm not missing anything. Your thoughts please :)
On Chapter 16: Securing Your Web Server, page 449, the following:
Step 9. Registry
The registry is the repository for many vital server configuration settings.
As such,you must ensure that only authorized administrators have access to
it. If an attacker is able to edit the registry, he or she can reconfigure
and compromise the security of your server.
During this step, you:
? Restrict remote administration of the registry.
? Secure the SAM (stand-alone servers only).
Restrict Remote Administration of the Registry
The Winreg key determines whether registry keys are available for remote
access. By default, this key is configured to prevent users from remotely
viewing most keys in the registry, and only highly privileged users can
modify it. On Windows 2000, remote registry access is restricted by default
to members of the Administrators and Backup operators group. Administrators
have full control and backup operators have readonly access.
The associated permissions at the following registry location determine who
can remotely access the registry.
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
To view the permissions for this registry key, run Regedt32.exe, navigate to
the key, and choose Permissions from the Security menu.
Secure the SAM (Stand-alone Servers Only)
Stand-alone servers store account names and one-way (non-reversible)
password hashes (LMHash) in the local Security Account Manager (SAM)
database. The SAM is part of the registry. Typically, only members of the
Administrators group have access to the account information.
Although the passwords are not actually stored in the SAM and password
hashes are not reversible, if an attacker obtains a copy of the SAM
database, the attacker can use brute force password techniques to obtain
valid user names and passwords.
Restrict LMHash storage in the SAM by creating the key (not value) NoLMHash
in the registry as follows:
HKLM\System\CurrentControlSet\Control\LSA\NoLMHash
For more information, see Microsoft Knowledge Base article 299656, "New
Registry
Key to Remove LM Hashes from Active Directory and Security Account Manager."
- Next message: Vincent Haakmat: "help... I am getting bombarded by @swen virus"
- Previous message: Ben F. Marshall: "Security Problem With Windows 2003"
- Next in thread: S. Pidgorny
: "Re: Securing the Registry." - Reply: S. Pidgorny
: "Re: Securing the Registry." - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
