|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 19 - NTCONFIG (13 candidates)
This cluster is a prime example of many of the high-level content decisions for configuration problems. It begins to touch on many of the intricacies of Windows NT configuration which make it a different beast than Unix. The term "security-critical" as used in these descriptions is related to the "Leveraged vs. Assigned Access" decision, and is an attempt to distinguish between configuration problems that are truly dangerous in any configuration, versus those that are dangerous only when interpreted through the enterprise's policy. For example, there's no way that someone or something outside of the enterprise can know if it's a mistake for a particular user to have Administrator privileges; but allowing a minimal password length of 2 can allow an attacker to easliy Leverage that to gain additional access. Almost all of these candidates are High Cardinality and could be described using the dot notation that Dave Mann proposed yesterday. However, some of them are also impossible to completely enumerate, and a dot notation (or any numbering scheme) would not be effective in these cases. CAN-1999-0534 and the audit policy candidates are prime examples of the "Same Checkbox, Same Vulnerability" and "Different Risk, Same Configuration Problem" content decisions. Most tools report CAN-1999-0534 at one level of abstraction lower than the CVE uses, which count as 27 different checks. However, during internal vetting, this was a prime candidate where all sysadmin-savvy people agreed that the LOA used by the CVE was the appropriate one. I consider it a good example of how dot notation would be beneficial. The candidates dealing with audit policy also begin to touch on a previously undiscussed part of the detailed CVE vulnerability definition, namely a state which "(5) allows an entity to prevent or limit the tracking of activities which attempt to exploit another vulnerability." - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0499 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF NETBIOS share information may be published through SNMP registry keys in NT. VOTE: ================================= Candidate: CAN-1999-0534 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. VOTE: ================================= Candidate: CAN-1999-0535 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. VOTE: ================================= Candidate: CAN-1999-0546 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF The Windows NT guest account is enabled. VOTE: ================================= Candidate: CAN-1999-0562 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF The registry in Windows NT can be accessed remotely by users who are not administrators. VOTE: ================================= Candidate: CAN-1999-0572 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF ..reg files are associated with the Windows NT registry editor, making the registry susceptible to Trojan Horse attacks. VOTE: ================================= Candidate: CAN-1999-0575 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. VOTE: ================================= Candidate: CAN-1999-0576 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. VOTE: ================================= Candidate: CAN-1999-0577 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. VOTE: ================================= Candidate: CAN-1999-0578 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. VOTE: ================================= Candidate: CAN-1999-0579 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. VOTE: ================================= Candidate: CAN-1999-0582 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. VOTE: ================================= Candidate: CAN-1999-0585 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990721 Assigned: 19990607 Category: CF A Windows NT administrator account has the default name of Administrator. VOTE:
|
||||
