Inappropriate granting of user rights can provide system, administrative, and other high level capabilities.Īccounts with the "Debug Programs" user right can attach a debugger to any process or. The Debug programs user right must only be assigned to the Administrators group. If a flaw in an application is exploited while. Using applications that access the Internet or have potential Internet sources using administrative privileges exposes a system to compromise. Enabling Windows Installer to elevate privileges when installing applications can allow malicious persons and applications to gain.Īdministrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Standard user accounts must not be granted elevated privileges. The Windows Installer Always install with elevated privileges must be disabled. Structured Exception Handling Overwrite Protection (SEHOP) blocks exploits that use the Structured Exception. Structured Exception Handling Overwrite Protection (SEHOP) must be enabled.Īttackers are constantly looking for vulnerabilities in systems and applications. Data Execution Prevention (DEP) prevents harmful code from running in protected memory locations reserved for. Configuring this setting prevents autorun commands from executing.ĭata Execution Prevention (DEP) must be configured to at least OptOut.Īttackers are constantly looking for vulnerabilities in systems and applications. The default autorun behavior must be configured to prevent autorun commands.Īllowing autorun commands to execute may introduce malicious code to a system. Such rights would allow the account to bypass or modify required security restrictions on that machine and. Only accounts responsible for the administration of a system must have Administrator rights on the system.Īn account that does not have Administrator duties must not have Administrator rights. Solicited assistance is help that is specifically requested by the local user. Remote assistance allows another user to view or take control of the local session of a user. Solicited Remote Assistance must not be allowed. Websites must only be hosted on servers that have been designed for that purpose and can. Installation of Internet Information System (IIS) may allow unauthorized internet services to be hosted. Internet Information System (IIS) or its subcomponents must not be installed on a workstation. NTLM, which is less secure, is retained in later Windows versions for. The Kerberos v5 authentication protocol is the default for authentication of users who are logging on to domain accounts. The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM. This setting controls whether or not a LAN Manager. The LAN Manager hash uses a weak encryption algorithm and there are several tools available that use this hash to retrieve account passwords. The system must be configured to prevent the storage of the LAN Manager hash of passwords. This setting restricts access to those defined in "Network access: Named Pipes that can.Īnonymous enumeration of shares must be restricted.Īllowing anonymous logon users (null session connections) to list all account names and enumerate all shared resources can provide a map of potential points to attack the system. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the.Īnonymous access to Named Pipes and Shares must be restricted.Īllowing anonymous access to named pipes or shares provides the potential for unauthorized system access. Malicious software can establish a base on individual desktops and servers. The Windows 10 system must use an anti-virus program. Systems at unsupported servicing levels or releases will not receive. Windows 10 is maintained by Microsoft at servicing levels for specific periods of time to support Windows as a Service. Windows 10 systems must be maintained at a supported servicing level. To support this, volumes must be formatted using the NTFS file system. The ability to set access permissions and auditing is critical to maintaining the security and proper access controls of a system. Local volumes must be formatted using NTFS. Findings (MAC III - Administrative Sensitive) Finding ID
0 Comments
Leave a Reply. |