Chapter 9: Securing the Registry | Linux Enterprise Cluster: Build a Highly Available Cluster with Commodity Hardware and Free Software

Overview

This is a secret, top secret! The testament was enclosed in seven envelopes by seven seals. When the princess opened and read it, she was absolutely alone. The doors and the windows were guarded by the armed guards who closed their ears (though the princess did not read the testament aloud). The content of this top-secret document is well known only to the princess and to our whole town.

E. Schwarz
"The Shadow"

Naturally, you wouldn't like your plans of securing the registry to look like the "top secret" ones described above (although you certainly need to protect and secure your registry). This chapter is dedicated to measures that will allow you to protect the registry. At the same time, these security measures won't create any difficulties for you when performing everyday tasks. Notice that while this chapter can't be considered to be a complete security reference, the measures of protecting the system registry discussed here are important, and each system administrator must know them.

In nearly all the chapters of this book, I tried to emphasize that Windows XP is based on the Windows NT/2000 kernel. And, as a matter of fact, Windows NT/2000 is the first Microsoft operating system where security requirements were taken into account at the earliest stages of development. From the very beginning, Windows NT developers knew they would have to create an operating system that would meet the C2-level requirements for protected operating systems. The set of criteria, developed by the U.S. National Security Agency NSA for evaluating the level of security for computer systems and software, was published as a series of books. Each of these books' covers had a different color, and because of this, the set of these security standards became known as the Rainbow Series. The "C2 security level" is one of the most commonly used terms in the Rainbow Series. Certification of software for C2 security requirements is performed using the Trusted Computer System Evaluation Criteria, TCSEC. The TCSEC criteria, known as the Orange Book, provides specifications for the procedure of evaluating the security level of information systems for governmental organizations. The C2 security class is considered to be the highest security class, by which any general-purpose operating system can be certified.

Note

It's also necessary to mention an alternative point of view. The C2 class is regarded as the highest security level for general-purpose operating systems. It can't be considered the highest security level, though, if you take into account all of the existing operating systems. Notice that if it's necessary to provide the highest security level, you should use specialized operating systems (and all widely used operating systems such as Novell NetWare, Windows NT/2000/XP, UNIX and Linux can't be considered as such). For certification of the most secure operating systems used by military organizations (for example, nuclear power stations) there are other higher security classes, the highest being the A class. A lower level of security (in comparison to the C2 level) is provided by the C1 and D classes. Notice that there isn't any certification for the C1 class. As for the D class, it includes all the operating systems that don't meet the requirements of other classes. If you're interested in more detailed information concerning the Rainbow Series, download it from http://www.radium.ncsc.mil/tpep/library/rainbow.

Certification and testing of any operating system for the C2 security class includes evaluation and testing the security functions implemented by the operating system. This testing will determine if this function has been implemented satisfactorily and if it works correctly. The C2 security level requirements include the following:

Required identification and authentication of all operating system users. The system must provide the capability to identify each user who has authorized access to the system, and provide access for only those users.
Discretionary access control—users must be able to protect their data.
Auditing capabilities—the system must have the capacity to audit all actions performed by the users and operating system itself.
Protecting the system objects against reuse—the operating system must be capable of preventing user access to the resources released by another user (for example, preventing users from reading and reusing released memory or reading deleted files).

The process of certifying the operating system according to the C2 security class includes the following procedures:

Investigating the source code
Study of the documentation concerning implementation details provided by the software developers
Repeated testing in order to eliminate errors discovered during the previous phases

Note

More detailed description of the certification procedure is provided at http://www.radium.ncsc.mil/tpep.

In the past, many reliable sources often stated that Windows NT 4.0 didn't meet the C2 class requirements, and wasn't actually certified. At the time, this was true, because only Windows NT 3.5 (with Service Pack 3) was certified by the C2 security level. However, by the time this book was written, the long-awaited event happened. Windows NT 4.0 Workstation and Windows NT 4.0 Server were finally certified to the C2 security level (this was declared on February 2, 1999). The certification tests involved both servers and a workstation, and both local (without network adapters) and networked environments (TCP/IP networks). The official press release covering this topic can be found on the Microsoft Web-site.

As for the Windows 2000 and Windows XP Professional operating systems, they're just about to be certified to the C2 level.

Cases of unauthorized access to computer networks are the reality of today life. The most common case of this can be seen when users themselves damage the computer. This usually happens when a user has just enough knowledge to be dangerous. If such users find one of the registry editors (Regedit.exe or Regedt32.exe), and you didn't take any precautions, they'll only become "worried" when the operating system stops booting.