IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
- Only anonymous FTP connections are permitted. In this case a user cannot
create a connection by entering a username and password under Windows
NT.
Note: As standard, FTP transmits user passwords across the network
unencrypted. Therefore, with the help of a network analysis programme, a
user can find out user passwords for remote accounts during the FTP
authentication procedure.
Whether anonymous FTP connections should be permitted is dependent upon
various factors:
- In a pure NT network there are more secure forms of data transmission,
therefore FTP should not be permitted.
- In a heterogeneous LAN with NT computers, FTP can be necessary for data
transmission between different systems. To prevent tapping of NT user names
including passwords, for example with Sniffers, only anonymous FTP should
be permitted on NT computers.
- When installing FTP in WANs the local network must also be protected with
a firewall. Anonymous connections should only be allowed on systems
specially designed for this purpose; information other than that offered by
FTP may not be stored on these systems.
The username "Anonymous" must be entered for anonymous connections. A
password is not required although the user will be asked to supply his E-mail
address. A local user account must be set up for anonymous connections
under Windows NT. As standard, this account is called "guest". As soon as
data transmission occurs via an anonymous connection, Windows NT
examines the username supplied in the dialogue field and, based on this
username, determines which accesses are permitted.
The user deployed for anonymous connections should be a member of the
"guests" group. It should, under no circumstances, be a member of the "users"
group, since extensive access possibilities may then exist.
When first installing the FTP server, access rights for this service must also
be configured. Drives and partitions for which access rights should be
configured must be selected. Depending upon the security required for the
partition, read or write-access or both may be activated. Permissions granted
are valid for FAT and HPFS partitions for all files on the complete partition.
With the help of this setting, read or write-protection (or both) for NTFS
partitions can be locked for the complete partition.
All restrictions defined in this way are additional to the security safeguards
which are a part of the file system. This means that an administrator can
remove permissions for certain data-media using this dialogue field, but
cannot grant any permissions beyond those contained in the file system. If,
for example, only read access has been provided for a partition, nobody can
write to this partition via FTP, no matter which permissions have been
defined for this partition.
Under version 3.51 of Windows NT, it is possible to record incoming FTP
connections in the system-event log by setting the values for LogAnonymous
and LogNonAnonymous in the registry code
HKEY_LOCAL_MACHINE\SYSTEM\
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000