R


rainbow tables, 173–174

random password generators, 187

.rar files, 200

RAS and IAS Servers group, 86, 110

RAS Servers group, 86, 110

Rasphone.pbk file, 26

.rat files, 201

RAT (remote access trojan), 13

rate controls, anti-spam software using, 409–410

RBAC (Role-Based Access Control), 537

RBLs (real-time blacklists), 410–411

.rdp files, 201

RDP (Remote Desktop Protocol) connection objects, 181

Read and Execute permission, 123, 126, 127

Read Attributes permission, 124, 126, 127

Read Control permission, registry keys, 242

Read Data permission, 124, 126, 127

Read Extended Attributes permission, 124, 126

Read permission

definition of, 119–121, 123, 126

for GPOs (group policy objects), 534

interactions with other permissions, 127

Read Permissions permission

definition of, 125, 126

interactions with other permissions, 127

Reading pane, disabling, 404–405

realm trusts, 523

real-time blacklists (RBLs), 410–411

recovery console, security options for, 510

recovery policy for EFS

backing up keys individually, 471–473

Certificate Services (Microsoft), 475–476

comparison of methods for, 475–476

DRA (Default Recovery Agent), 473–475

Recycler folder, 28

RECYCLER folder, 132

Redfall trojan, 46

RedHat Linux, exploitations of, 53

.reg files, 201, 248

Reg_Binary data type, registry, 230

Reg_Dword data type, registry, 230

Regedit.exe program, 82–83, 133, 228

Regedt32.exe program, 228

Reg_Expand_Sz data type, registry, 230

registry

alternate locations for, 237–238

data types in, 230

definition of, 227–228

editing tools for, 228, 238–240

group policy settings applied to, 486–487

group policy settings for, 513

high-risk entries

defending against attacks of, 246–251

list of, 243–246

HKCC (HKEY_CURRENT_CONFIG) entries

default permissions for, 242

definition of, 228, 237

HKCR (HKEY_CLASSES_ROOT) entries

default permissions for, 242

definition of, 228, 231–235

high-risk entries in, 243

malware using, 32–33, 45

HKCU (HKEY_CURRENT_USER) entries

default permissions for, 242

definition of, 228, 229, 236

hardening permissions for, 247

high-risk entries in, 243–245

malware using, 33–40, 46–47

HKLM (HKEY_LOCAL_MACHINE) entries

default permissions for, 242

definition of, 228, 229, 230–231

high-risk entries in, 244–246

malware using, 34, 35–46, 47–49

HKU (HKEY_USERS) entries

default permissions for, 242

definition of, 228, 229, 236

permissions for, 241–243, 251, 332

settings for TCP/IP stack hardening, 71–72

structure of, 228–229

Registry Editor tool, 82–83, 133, 228

registry files, 201

Regmon tool (Sysinternals), 239, 292

Reg_Multi_Sz data type, registry, 230

regression testing of patches, 64

Reg_String data type, registry, 230

Reg_Sz data type, registry, 230

Relative Identifier Master, FSMO role, 523

Relative Identifier (RID), 84–86

Relay Spam Servers (RSSs), 410

Remote Access Auto Connection Manager service, 276

Remote Access Connection Manager service, 276

remote access trojan (RAT), 13

remote administration, IIS, 439–440

Remote Administration using HTML, for IIS, 447

Remote Assistance, HelpAssistant account created by, 101

Remote Desktop connection shortcuts, 201

Remote Desktop Help Session Manager service, 276

Remote Desktop Protocol (RDP) connection objects, 181

Remote Desktop Users group, 86, 110

Remote Desktop, using for IIS, 439–440

Remote Desktop Web Connection, for IIS, 448

remote execution of attacks. See also denial-of-service (DoS) attacks

definition of, 7–8

types of, 14–17

Remote Interactive Logon group, 85, 110

Remote Procedure Call (RPC) Locator service, 277, 288

Remote Procedure Call (RPC) service

attacks on, 253

definition of, 267, 277

Remote Registry service, 277

remote shutdowns, allowing, 500

Remote Storage Notification service, 286

Remote Storage Server Services, 286

Removable Storage service, 277

Replicator group, 86, 110

Resource Manager Authority, 86

resources. See publications; web site resources

restored files, malware in, 30

Restricted Code group, 85, 111, 114

restricted group settings, group policy, 512

Restricted sites zone, IE, 361

Resultant Set of Policy Provider, 277

Resultant Set of Policy (RSoP) tool, 535

reverse DNS lookups, anti-spam software using, 408

RFC 2401, 296

RFC 2412, 296

Rich Text Format files, 201

RID (Relative Identifier), 84–86

Riler trojan, 73

Rlogin URI handler, 250

Role-Based Access Control (RBAC), 537

RootKitRevealer (Sysinternals), 14

rootkits, 14

Routing and Remote Access service, 277

Routing Engine service, Microsoft Exchange, 285

Routing Support, for IIS, 446

RPC (Remote Procedure Call) Locator service, 277,288

RPC (Remote Procedure Call) service

attacks on, 253

definition of, 267, 277

RSoP (Resultant Set of Policy) tool, 535

RSSs (Relay Spam Servers), 410

RTF files, 52, 201

Rudnyi, Evgenii B. (Sid2user and User2sid utilities), 89

RunAs feature

command line execution of, 61–62

definition of, 59–60

limitations of, 62

LUA protections extended by, 63

Restricted Code group and, 114

using, 60

RunAs Service, 278

RunAsAdmin application, 63

Russinovich, Mark (EFS article), 478

Rusty worm, 24



Professional Windows Desktop and Server Hardening
Professional Windows Desktop and Server Hardening (Programmer to Programmer)
ISBN: 0764599909
EAN: 2147483647
Year: 2004
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net