IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

onwards, these values can be specified centrally for the individual<br />

workstations with the aid of System Policy Editor.<br />

Loading of sub-systems<br />

<strong>The</strong> optional sub-systems POSIX and OS/2 should, in fact, only remain<br />

installed if they are also needed for executing applications. If this is not the<br />

case, their installation should not take place or, if it has already occurred, the<br />

systems should be deleted again. To do this the sub-directories POSIX and<br />

OS2 of the Windows system directory %SystemRoot%\SYSTEM32 should be<br />

deleted along with any of their sub-directories. Furthermore, the following<br />

programs and loadable libraries in the Windows directory<br />

%SystemRoot%\SYSTEM32 should be deleted:<br />

- OS/2:<br />

OS2.EXE<br />

OS2SRV.EXE<br />

OS2SS.EXE<br />

- POSIX: PSXDLL.DLL<br />

PAX.EXE<br />

POSIX.EXE<br />

PSXSS.EXE<br />

Furthermore the following values in the key<br />

\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems in<br />

HKEY_LOCAL_MACHINE of the registry have to be deleted:<br />

- OS/2: "Os2" with the value %SystemRoot%\system32\os2ss.exe<br />

- POSIX: "Posix" with the value %SystemRoot%\system32\psxxx.exe<br />

Starting of services<br />

If services which are not standard services of Windows NT are to be<br />

configured, when determining the start type of these services (using the<br />

system control option "Services") provision should be made, if possible, for a<br />

separate user account to start each of these services, in order to be able to<br />

restrict the authorisations of the service concerned in a suitable manner. <strong>The</strong><br />

user account used in such cases must have the right "Start as service", and it<br />

should not be used except for this service, i.e. in particular it should also not<br />

allow users to log in. Services which have not been allocated in this way to a<br />

special user account, run in the context of the special user group SYSTEM (see<br />

S 4.50 Structured system administration under Windows NT), i.e. generally<br />

with the most extensive access permissions.<br />

Device protection<br />

If the computer has disk drives, CD ROM drives and/or tape drives, these<br />

should, if possible, be specifically protected, as outlined in Safeguard S 4.52<br />

Equipment protection under Windows NT.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!