IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.79 Unauthorised acquisition of administrator<br />

rights under Windows NT<br />

An administrator account is created during every standard installation of<br />

Windows NT (this applies to Workstation and Server versions, as well as the<br />

domain controller). As opposed to user-configured accounts, this pre-defined<br />

account can neither be deleted nor disabled; this prevents administrators from<br />

being blocked intentionally or by mistake, thus ensuring administration on a<br />

continuous basis. One problem here is that the pre-defined administrator<br />

account cannot be disabled even if the maximum number of invalid passwords<br />

specified for a block in the account guidelines is exceeded. This allows<br />

passwords to be tested using cracking programs.<br />

<strong>The</strong>re are also other methods of obtaining a password assigned to an<br />

administrator account in order to gain administrator rights: if a computer is<br />

remotely administered under the Windows NT operating system, there is a<br />

danger of the login password being transmitted during authentication<br />

procedure, thus allowing an intruder to scan the password. Even if the system<br />

has been adjusted to ensure that login passwords are only transmitted in<br />

encrypted form, it is possible for intruders to record an encrypted password<br />

and decrypt it with the help of appropriate software.<br />

Furthermore, every password is stored in encrypted form in the registry and in<br />

a file located in the directory %SystemRoot%\System32\Repair, as well as on<br />

emergency diskettes or tape backups. Intruders who are able to access this file<br />

could decode the required password with the help of appropriate software.<br />

Finally, a special type of destructive software allows intruders logged locally<br />

into a Windows NT computer to add an arbitrary user account to the<br />

"Administrators" group and thus obtain administrator rights for the holder of<br />

this account.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!