The Registry controls how Win-dows NT is configured. A number of Registry keys are relevant to security and must be configured with care. The following procedures involve Registry entries and will harden your system against myriad threats. See Table 1 for the actual keys and recommended values.
Control remote access to the Registry. Microsoft provides the ability to administer the Registry from a remote location. This is the single largest security hole in NT and one of the first holes sought by any hacker.
Set a legal notice. The legal notice is required to warn potential attackers that they can and will be prosecuted for misuse of the computer system.
Prevent the last logged-in user name from being displayed. When you press Ctrl-Alt-Del, a login dialog box appears that, more often than not, displays the name of the last user who logged in to the computer. This makes it easy to discover a user name for a password-guessing attack.
Protect the security event log. The event log files are not protected by default. Permissions should be set on the event log files to allow access to Administrator and System accounts only. Access by the Guest account should be restricted through the use of a Registry key.
Secure print drivers. Restricting control of print drivers to administrators and print operators reduces the risk of unauthorized printing. This is particularly important if the printer contains sensitive documents, such as blank checks or invoices.
Restrict anonymous logins. NT allows anonymous connections to list account names. Setting this Registry key restricts this capability.
Restrict scheduling commands. Administrative privileges may be requested by users with the AT command. Access should be restricted to administrators only.
Restrict anonymous Registry access. Restricting anonymous (null session) logins to specific named pipes is another important way of restricting remote access to the Registry.
Internet FAQ top