主题:win2003 安装默认设置下安全隐患列表与解决方案
Auto Sharing Drive Problem - NT Server
Retina中如此注释:
By default, all drive on a machine are shared using hard coded Administrative ACL's. Even if these shares are removed, they are recreated each time the system reboots.
威胁等级为中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
将AutoShareServer DWORD值修改为:0
Auto Sharing Drive Problem - NT Wks
它与前面的Auto Sharing Drive Problem - NT Server问题描述基本一致.修复方法也只是在参数上有些微差别而已
威胁等级为中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
将AutoShareWks DWORD值修改为:0
Clear Page File
Retina描述:
The page file is used for virtual memory. It can contain sensitive information such as usernames and passwords.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management
将ClearPageFileAtShutdown REG_SZ值改为:1
DCOM Enabled
Retina描述:
DCOM (Distributed Component Object Model ) has been found installed and active . DCOM has been shown to have numerous holes ,and we therefore recommend disabling it unless you know it to be absolutely necessary to normal operation of the machine.
威胁等级:中
修复:
1 点击"开始"
2 指向"运行"
3 输入"dcomcnfg"
4 点击"确定"
5 依次点击"组件服务"/"计算机"文件夹/右键单击目标计算机并选择"属性"
6 点击"默认属性"面板
7 取消选择"在这台计算机上启用分布式COM"
8 点击"确定"
Dialup Save Password
Retina描述:
It is recommended to cache your Dial-Up Networking passwords.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasmanParameters
将DisableSavePassword DWORD值修改为:1
MS RAS Encrypt
Retina描述:
The current MS RAS (Remote Access Server) is not encrypting data transfers . It is recommended to encrypt all transfers between client and server.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRASMANPPP
将ForceEncryptedData DWORD值修改为:1
MS RAS Logging
Retina描述:
The current MS RAS ( Remote Access Server ) is not logging connections . It is recommended to log all RAS connection information.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasmanParameters
将Logging DWORD值改为:1
MSCHAPv2 VPN
Retina描述:
It is recommended to enforce MSCHAP v2; this is server to drop any VPN ( Virtual Private Network ) connections that do not use MSCHAP v2 authentication.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasmanPPP
将SecureVPN DWORD值改为:1
NTFS 8 Dot 3
Retina描述:
NTFS has the ability to support backwards compatibility with older 16 bit apps . It is recommended not to use 16-bit apps on a secure server.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlFileSystem
将NtfsDisable8dot3NameCreation DWORD值改为:1
PPP Client Security
Retina描述:
By default , users are permitted to make RAS connections without any sort of authentication . It is recommended that you require users to authenticate themselves.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRASMANPPP
将ForceEncryptedPassword DWORD值改为:2
TCP IP Security
Retina描述:
TCP/IP Security is not enabled . It is recommended for maximum security that you set up strict settings as to what ports you will allow incoming data to go to . For Example , if your server only acts as a web server you should set the TCP/IP security options to be:
TCP Permit Only:80;443
UDP Permit Only: none
IP Permit All
威胁等级:中
修复:
1 打开"控制面板"
2 打开"网络"
3 点击"协议"面板
4 点击"TCP/IP协议"
5 点击"属性"
6 点击"高级"按钮
7 检查启用安全
8 点击"配置"按钮
9 设置你的"TCP/IP"安全配置
10 点击"确定"退出
Allocate CDROMS
Retina描述:
The allocation of the CDROM drive should be restricted to only the currently logged in user . If an attacker has the ability to place a CDROM in your drive this registry fix will help to make sure they are not able to execute a malicious program from the CDROM.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
将AllocatedCDROM REG_SZ值改为:1
Allocate floppies
Retina描述:
The allocation of floppy drive should be restricted to only the currently logged in user . If an attacker has the ability to place a disk in your drive this registry fix will help to make sure they are not able to execute a malicious program from the floppy.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
将AllocateFloppies REG_SZ值改为:1
Cached Logon Credentials
Retina描述:
By default Windows NT will cache the last interactive logon ( console logon ) so in case your PDC or BDC are down you are still able to locally log into your machine. It is recommended that this feature not be used because its possible an attacker can gain access to this cached information therefore exposing sensitive logon information.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
将CachedLogonCount REG_SZ值改为:0
CD Auto Run
Retina描述:
When Auto Run is enabled, CDROMs that are inserted into the CDROM drive are automatically run can lead to virus's and even trojan horses being loaded onto your system.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentCOntrolSetServicesCDRom
将Autorun 键值改为:0
CrashonAuditFail
Retina描述:
To make your systems as secure as possible it is recommended that you use the crash on audit fail settings. When the system security log reaches its maximum size it will stop recording security events . By enabling the crash on audit fail system, your system will shutdown until an administrator logs in and clears the event log.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
将CrashOnAuditFail 键值改为:1
信息来源:[url]http://www.beidaqingniao.org[/url]
Retina中如此注释:
By default, all drive on a machine are shared using hard coded Administrative ACL's. Even if these shares are removed, they are recreated each time the system reboots.
威胁等级为中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
将AutoShareServer DWORD值修改为:0
Auto Sharing Drive Problem - NT Wks
它与前面的Auto Sharing Drive Problem - NT Server问题描述基本一致.修复方法也只是在参数上有些微差别而已
威胁等级为中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
将AutoShareWks DWORD值修改为:0
Clear Page File
Retina描述:
The page file is used for virtual memory. It can contain sensitive information such as usernames and passwords.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management
将ClearPageFileAtShutdown REG_SZ值改为:1
DCOM Enabled
Retina描述:
DCOM (Distributed Component Object Model ) has been found installed and active . DCOM has been shown to have numerous holes ,and we therefore recommend disabling it unless you know it to be absolutely necessary to normal operation of the machine.
威胁等级:中
修复:
1 点击"开始"
2 指向"运行"
3 输入"dcomcnfg"
4 点击"确定"
5 依次点击"组件服务"/"计算机"文件夹/右键单击目标计算机并选择"属性"
6 点击"默认属性"面板
7 取消选择"在这台计算机上启用分布式COM"
8 点击"确定"
Dialup Save Password
Retina描述:
It is recommended to cache your Dial-Up Networking passwords.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasmanParameters
将DisableSavePassword DWORD值修改为:1
MS RAS Encrypt
Retina描述:
The current MS RAS (Remote Access Server) is not encrypting data transfers . It is recommended to encrypt all transfers between client and server.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRASMANPPP
将ForceEncryptedData DWORD值修改为:1
MS RAS Logging
Retina描述:
The current MS RAS ( Remote Access Server ) is not logging connections . It is recommended to log all RAS connection information.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasmanParameters
将Logging DWORD值改为:1
MSCHAPv2 VPN
Retina描述:
It is recommended to enforce MSCHAP v2; this is server to drop any VPN ( Virtual Private Network ) connections that do not use MSCHAP v2 authentication.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasmanPPP
将SecureVPN DWORD值改为:1
NTFS 8 Dot 3
Retina描述:
NTFS has the ability to support backwards compatibility with older 16 bit apps . It is recommended not to use 16-bit apps on a secure server.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlFileSystem
将NtfsDisable8dot3NameCreation DWORD值改为:1
PPP Client Security
Retina描述:
By default , users are permitted to make RAS connections without any sort of authentication . It is recommended that you require users to authenticate themselves.
威胁等级:中
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRASMANPPP
将ForceEncryptedPassword DWORD值改为:2
TCP IP Security
Retina描述:
TCP/IP Security is not enabled . It is recommended for maximum security that you set up strict settings as to what ports you will allow incoming data to go to . For Example , if your server only acts as a web server you should set the TCP/IP security options to be:
TCP Permit Only:80;443
UDP Permit Only: none
IP Permit All
威胁等级:中
修复:
1 打开"控制面板"
2 打开"网络"
3 点击"协议"面板
4 点击"TCP/IP协议"
5 点击"属性"
6 点击"高级"按钮
7 检查启用安全
8 点击"配置"按钮
9 设置你的"TCP/IP"安全配置
10 点击"确定"退出
Allocate CDROMS
Retina描述:
The allocation of the CDROM drive should be restricted to only the currently logged in user . If an attacker has the ability to place a CDROM in your drive this registry fix will help to make sure they are not able to execute a malicious program from the CDROM.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
将AllocatedCDROM REG_SZ值改为:1
Allocate floppies
Retina描述:
The allocation of floppy drive should be restricted to only the currently logged in user . If an attacker has the ability to place a disk in your drive this registry fix will help to make sure they are not able to execute a malicious program from the floppy.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
将AllocateFloppies REG_SZ值改为:1
Cached Logon Credentials
Retina描述:
By default Windows NT will cache the last interactive logon ( console logon ) so in case your PDC or BDC are down you are still able to locally log into your machine. It is recommended that this feature not be used because its possible an attacker can gain access to this cached information therefore exposing sensitive logon information.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon
将CachedLogonCount REG_SZ值改为:0
CD Auto Run
Retina描述:
When Auto Run is enabled, CDROMs that are inserted into the CDROM drive are automatically run can lead to virus's and even trojan horses being loaded onto your system.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentCOntrolSetServicesCDRom
将Autorun 键值改为:0
CrashonAuditFail
Retina描述:
To make your systems as secure as possible it is recommended that you use the crash on audit fail settings. When the system security log reaches its maximum size it will stop recording security events . By enabling the crash on audit fail system, your system will shutdown until an administrator logs in and clears the event log.
威胁等级:低
修复:
修改注册表:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
将CrashOnAuditFail 键值改为:1
信息来源:[url]http://www.beidaqingniao.org[/url]