IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.75 Protection of the registry under Windows NT
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
All important configuration and initialisation information is stored in the
registry of a Windows NT system. The registry also manages the SAM
database which contains the user and computer accounts.
The registry of a Windows NT system consists of several files which are
located in the directory path %SystemRoot%\SYSTEM32\Config. For this
reason, the rights to access this directory and the files contained therein should
be set as recommended in S 4.53 Restrictive allocation of access rights to files
and directories under Windows NT.
After installation of the operating system, the following security-relevant
components of the registry should additionally be protected through the
explicit entry of access rights with the help of the registry editor (the program
named REGEDT32.EXE in the Windows system directory
%SystemRoot%\SYSTEM32), so that the group "All" only has the access rights
"View value", "List partial keys", "Report" and "Read access" for these
components:
- in the area HKEY_LOCAL_MACHINE:
\Software\Windows3.1MigrationStatus (with all sub-keys)
\Software\Microsoft\RPC (with all sub-keys)
\Software\Microsoft\Windows NT\CurrentVersion
under the key \Software\Microsoft\Windows NT\CurrentVersion\:
+ Profile List
+ AeDebug
+ Compatibility
+ Drivers
+ Embedding
+ Fonts
+ FontSubstitutes
+ GRE_Initialize
+ MCI
+ MCI Extensions
+ Port (with all sub-keys)
+ WOW (with all sub-keys)
- in the area HKEY_CLASSES_ROOT:
\HKEY_CLASSES_ROOT (with all sub-keys)
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000