10 Security Items

10 Security Items

• By default, NT assigns Full Control to Everyone for newly created shares (Full Control is similar to owning a file in UNIX).
• Password hashes in NT have no equivalent of UNIX's salt; the hash algorithms (DEC and RC4) are faster than the UNIX algorithm, making password cracking easier.
• No file is safe from Backup/Restore (user) rights.
• The FTP server distributed with the TCP/IP tools exports the entire disk partition (not restricted as in UNIX anonymous FTP). (NOTE: This is NOT true with IIS)
• Registry settings, as delivered with NT, may have weak or inappropriate (for true security) access control lists (ACLs). Also, prevent remote registry modifications by setting the the following binary key to 1:
  • HKEY_LOCAL_MACHINES\System\CurrentControlSet\Control\SecurePipeServers\WinReg.

Previous slide

Next slide

Back to the first slide

View Graphic Version

Bridget Allison began by passing out "Ten Things Every NT Administrator Should Know about Security"

Return to the index page.

Page created by Phil Scarr.