HARDENING WINDOWS HOST Part 4: ACCOUNTS AND RIGHTS MANAGEMENTS

Publié le par kareldjag





Introduction



With the release of Vista, many home users are certainly wondering if the migration from XP to Vista is absolutely necessary.
As claims the VOX POPULI : "Vista is an evolution, not a revolution".
Hardening the system makes XP as secure as Vista.
Since the hardware works fine, there's consequently no reason for a hasty migration.

In this article are provided exhaustive resources that can be helpful in system's hardening.

All tools linked here have already been tested and experimented.
But as usual, it's suited to check their requirements1 and to choose a tool in relation with the real need and level of knowledge.




Articles, guides and resources


-Principle of Least Privileges (Microsoft,  WikipediaDerek Melber, and here a dedicated site more intended for experienced users and developers).

-Aaron Margosis (important articles here)

-NonAdmin Wiki

-The Lazy Admin

-Living the Least Privilege Lifestyle

-Windowsecurity (especially Derek Melber's articles)

-Windowsnetworking tips

Running Windows under non admin account

-Running as limited user: the easy way (Mark Russinovich)

-10 easy ways to lock down your computer

-10 immutable laws of security

-Launch explorer.exe under admin. privileges on XP Pro

-MST Windows XP Security Guide

-Limited User setup in Windows XP

-Kellys-korner

-Kellys-korner xp tweak

-Locking and restricting the registry in Windows XP (Killian's guide)

-Hardening Windows XP Pro

-NIST guides and checklists

-NSA guide

-Cert

-Dwheeler (securing Windows)

-Windows NT security faq

-Spywarewarrior links and resources

-Reducing browser privileges

-Browsing the web and reading email safely as an administrator

-Windowslibrary

-Stanford (securecomputing)

-Kayodeok resources for XP

-CoreCompetence win XP resources

-Bill Wall's windows NT links (defense and attack)

-First BPGL

-Labmice  Win XP security checklist

-Castlecops check list (part 1)

-TweakHound (securing Win XP)

-Securing Win 2000 (arstechnica)

-Abxzone (securing Win XP)

-Markusjansson (How to secure Win 2000/XP)

-Malwarehelp (hardening windows security)

-Pcnineoneone (securing windows)

-Freefire hardening resources



PDF guides about windows hardening:


-Windows 2000 and XP hardening guides

-The digital underground

-Jonahtan Hassel

-ITS (Win XP Pro)

-M.van Hoenbeek

-Compass Security

-SystemExperts (win 2000)

-SANS (XP)

-NebraskaCert ( Win XP part 1 and part 2)

-Professional Windows Desktop and Server Hardening (doc file, direct download)



About Group Policy :



-Fast Guide

-General Hardening Techniques

-Group Policy Learning Guide (free registration required)

-windowsnetworking

-Petri

-Wikipedia

-Thereldergeek

-Killian 's guide

-Microsoft

-Microsoft Group Policy Reference and Faq

-Microsoft: software policy restrictions

-Circumventing Group Policy Settings/as a limited user (Mark Russinovich)


GP Tools and softs

-Microsost

-
Userenv and GPE logging

-Policy Maker Registry Extension (Microsoft)






Rights and permissions management Tools:


-RunAs

-DropMyRights

-StripMyRights (a more interesting alternative to DropMyRights)

-MakeMeAdmin

-Adwin (gui for MakeMeAdmin)

-RunAsAdmin


-RunAsUser

-RunAsUser ( by M.Puff, in german only, also available for download here)

-MyRunAs

-Safe Run As (keylogger protection)

-Steel Run-As

-Raise My Rights

-RunAsTools

-RunAsSpc

-RFE (Restriction File Executer)

-How to enter RunAs password automatically with a script

-Lauch Admin

-High Road

-Cpau

-Supercrypt (and LsRunAs/LsRunAse)

-Sudowin

A Windows version of Sudo (Unix OS)

A tutorial from The Sans Institut here (pdf)


-WinSudo (new stable version available soon)

-Superior Su

-Sanur (no longuer supported)

-
AutoIt (scripting langage, not suited for classical home users).

-RunAs vbs (also xrunas and other scripts)

-Windows hardening script

-SuperExec

-LUA Buglight (administrators/developers )

-PrivBar (toolbar for Internet Explorer) and IsAdmin (Firefox extension)

-Run Internet Explorer and other browsers and applications under a "condom" :

*For IE: AMUST 1-Defender and Reduced Permissions

*For other browsers and applications:

          -virtual condom such as BufferZone (installation required)

          -sandboxing condom with Sandboxie (installation required)


NB.There's also a virtual condom for browsers called VappWare but i've not evaluated this tool (currently in alpha and beta phase, and not available for download): a few comments are available here and here.
BufferZone is (personal point of view) the most interesting condom here.
But as it seems that "condom" name is amusing for some people, why not a Windows Xp virtual condom...



-PrivDropper

-SwitchRight

-Windows Permission Identifier (WMI)

-ACL View

-ACLTools

-SetACL (also here)

-Cacl and Xcacls from Microsoft

-DumpSec




Paid softs:

It's important to note that there's already enough tools for windows accounts and rights managements, and there's technically no absolute reason to use a paid tool in a home user environment.


-RunAdminBat

-RunAs Professional

-NetExec

-ADVrunas

-Encrypted RunAs

-RunSafe (seems to be no longuer supported by GetData)

-Sudoers





Accounts Management


-ALTools

-Account View

-DumpUsers

-Start menu name hide

-GPList

-DelGuest

-Nuxbox NTUsers and Rights: french and english language (translation not perfect), mostly intended to be used in a Lan).

-Group Manager

-Disable Me

-Unlock Me

-XP UserManager (paid, german only)

-Local Account Manager (paid)


Other tools (for rights and accounts management, task sheduler,password reseting and recovery, boot CD etc).


-Nncron (free and paid version)

-Schtasks

-SiUtils

-Windows Command

-Windows Ressource Kit tools (here or here)

-SystemTools

-Marty List

-Sysinternals Suite

-Toolcrypt tools

-LS Tools

-SamInside (paid)

-Windows Key (paid)

-NTpasswd

-BartPe

Tools and plugins here

-UltimateBoot CD

-UBCD4Win

-REATOGO Xpe

-FIRE

-Helix

-LCP

-MBSA

-Nlite

-BackgroundCMD



Softwares designed for a corporate environement (just for information purpose)

-BeyondTrust privilege manager

-Altiris Security Expression (Symantec)

-Hyena

-Dameware NT Utilities

-Policy template editor

-Emco RunAs Professional



 (.................................etc........................................)




IS YOUR SYSTEM REALLY HARDENED? Test it with Pedestal Software WebAudit:


Now it would be interesting to audit your system before and after hardening.
Pedestal Sofware (aquired by Symantec) provides an online security audit here.
It requires Internet Explorer and ActiveX installation (safe and can easily be removed after the test).
For privacy reasons or for paranoiacs, it could be suited to uncheck the box "collect statistics"  (these statistics concern only number of OK, errors etc).

The result is detailled and can be used as a checklist for the hardening phase.

Here's the test page done on a non hardened system (case of most users):




A good result (really hardened systems) should have "NOT OK" result < 40

An expanded result related to Remote Access Service ( "NOT OK" result):






1. I've installed RunsAdmin on XP Pro, and it was neccesary to back up.
The bug is fixed in the latest version.








HARDENING WINDOWS HOST Part 5: TOOLS AND TESTS



Publié dans LINE DEFENSE

Partager cet article

Commenter cet article

lifeshield security review 23/04/2014 13:12








congratulations guys, quality information you have given!!!



Term Papers 05/06/2010 08:05



Valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up



Expose your passionate love by sending Valentine Flower in Germany 08/05/2010 14:22


In Germany, many people send flowers Germany valentine to their lovers
for the exposition of their passionate emotions for their loved ones. The people of modern era now use internet sources for flower delivery Germany services who want to send Valentine gifts to their close
friends, relatives, teachers, parents, daughters, sons and students etc. when you are sending valentines flowers to Germany , it values greater to your beautiful and romantic gift for your sweet heart. Have a beautiful bouquet of roses for your sweet
heart to say her, “I love you”. Love can be exposed by bouquets of red roses on Valentine Day excitedly than on other days. Red Roses are the most apposite flowers Germany valentine but you may choose color or type of the
flowers according to your choices and feelings for your loved ones as every kind and color of flowers interpret unexpressed feelings for your sweet hearts easily. To present red-rosesflowers Germany is oldest vogue in Germany for about 35 million old and people send valentine flowers Germany to their favorite personalities on
Valentine Day. The presentation of Red roses are the best way to express love, gratitude, respect, and other feelings of warmth for the cherished ones. You may find varied shades and types of roses
to present on different occasions for the exposure of your different feelings for your intimates. Commonly red roses are good for the disclosure of love and friendly feelings on this special event
of Valentine day and you should send flowers Germany for the close relatives
who are resided in Germany. Nowadays, white roses are also considered the symbol of true love as such white roses are interpretation of true love, innocence, simplicity and purity. So be ready to
send Valentine flower delivery Germany to express
your loving feelings for those whom you love secretly and never expose your feelings of heart to your sweethearts. White roses also enhance charms and elegant care for those whom you want to
establish close relationship permanently. Some people arrange white and red roses to make exclusive bouquets to express feelings of purity and simplicity on Valentine day for the loved ones and
they would be happy to see your caring emotions. You and your loved ones would enjoy admirable feelings of sincerity, fun, happiness and carefulness when yousend flowers Germany on Valentine Day. Valentine flower delivery Germany should be selective carefully as
it is the most important to send your Valentine gifts on time. You should expose your deep concerns for choosing right shade of flowers to boost up your passions for the concerning persons in right
way. You may improve your lovely relations with your cherished ones by exchanging lovely gifts on such special events and festivals. You would find yourself closer to your loved ones as Valentine
flowers would be best leverage of your charming and loving feelings. By choosing the perfect combination of flowers Germany valentine, your relations would be more strong and
healthy with your intimates, as your loved one finds more intimacy and intensity in your passions.


term paper guide 10/04/2010 07:53



Blog is so Well, Thank you very much for your information, Well job  I want you to continue your work.


term paper writing | custom term paper | college term paper



dissertation writing 05/03/2010 12:00


Iam very glad too see your good posted information, i was really trying to search like as you post in the blog but now i think i got my information from your blog.
dissertation | dissertations | dissertation writing | writing a dissertation