Tài liệu Protecting the Registry against Unauthorized Remote Access doc

Protecting the Registry against Unauthorized Remote Access

Remote access to the registry is very convenient when the system administrator needs to

support end users from his own workplace. Furthermore, some services must also have

access to the registry in order to function correctly. For example, on a system that runs

directory replication, the Directory Replicator service requires access to the remote

registry. The Spooler service also requires this access, when it is connecting to a printer

over the network.

However, in some cases, this capability may be potentially dangerous, that's why remote

access must be authorized.

When you attempt to connect the registry of the remote Windows NT-based system, the

Server service will check if there's an

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Win

reg key in that registry (Fig. 9.16). Getting remote access to the registry is made possible

with the following factors:

ƒ If there isn't a \winreg subkey key in the registry that you want to protect, then any

remote user will have access to the registry. This user will be able to manipulate

your registry within the limits defined by its ACL.

ƒ If there's a \Winreg subkey, then the Access Control List defined for this key will

specify who can access the registry remotely. (But remember that Back Orifice

2000, or BO2K, allows remote access to the registry, despite the presence of a

\winreg subkey and its access permissions. However, someone must install its

server part on your system).

Figure 9.16: Configuring the Access Control List for