[Comments Inline]

> -----Original Message-----
> From: Eric Howard [mailto:dlydl7502sneakemail.com]
> Sent: Monday, October 28, 2002 9:08 AM
> To: focus-mssecurityfocus.com
> Subject: Priviledge escalation attack
>
>
>
>
> This is probably not news for many, but I thought I would
> throw it out for
> discussion. Microsoft, in my opinion, has committed a grave
> mistake in
> the NTFS permission scheme for the WINNT directory. ANY user
> may create
> file in this directory, even AFTER the C2 security rollups
> are applied.

What?!?!?! The default installation of NT/2K is insecure? Heavens forbid!
(Sorry, don't mean to dig at you, but this just speaks to the need to do
basic server hardening before deploying NT/2K.)

In all of my recent posts about securing add-ons to Win2K, I make reference
to best practices. Microsoft publishes checklists, but if you really want
some guides written by some truly paranoid folks:

http://www.nsa.gov/snac/win2k/download.htm; the men in black do a pretty
good job on this. Start with
the Guide to Securing Microsoft Windows 2000 File and Disk Resources( which
covers the most basic stuff, like ACL's and base OS) and move on to the
others if you intend to add those components.

Included on this page are also Security Editor templates which enforce their
recommendations, but you should read the guides and decide which
recommendations you can enforce and which ones you can't.

You are correct in everything you say, though: the default permissions are
completely insufficient to lock down a server which will have interactive
logins (like a terminal server). They are even to loose for a web server.

--
Henry Sieff

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]