10 Security Items

10 Security Items

• Disable the Guest account (automatically enabled on NT 3.x anytime someone fails to login three times!)
• Default permissions on %systemroot%\system32 and %systemroot%\system are inadequate (similar to / and /etc 777 mode under UNIX). Of course, fixing this will break some applications, such as MS Office
• Configure NT RAS (Remote Access Service) to use CHAP with DES (for authentication), and RC4 for link encryption
• Use NT auditing and monitor these log files (careful to select which events to audit; frank Heyne's event logging tools:
  • https://rcswww.urz.tu-dresden.de/~fh/nt/eventlog/index.html
• For Internet accessible NT servers: unbind Server, Workstation and NetBios (involved in SMB file sharing) from the TCP/IP protocol; and block ports 135 (MS RPC, very dangerous), 137 (WINS), 138 (SMB over UDP), and 139 (SMB over TCP)

Previous slide

Next slide

Back to the first slide

View Graphic Version

Return to the index page.

Page created by Phil Scarr.