Chapter 9: Protecting the Registry

Previous page
Table of content
Next page

Overview

Whatever can be used for good can also be used for evil.

--Alfred Nobel

This chapter is dedicated to measures that will allow you to protect the registry. At the same time, these security measures won't create any difficulties for you when performing everyday tasks. Notice that while this chapter can't be considered a complete security reference, the measures of protecting the system registry discussed here are important, and each system administrator must know them.

In nearly all the chapters of this book, I've tried to emphasize that Windows XP and products of the Windows Server 2003 family are based on the Windows NT/2000 kernel. And, as a matter of fact, Windows NT/2000 is the first Microsoft operating system where security requirements were taken into account at the earliest stages of development. From the very beginning, Windows NT developers knew they would have to create an operating system that would meet the C2-level requirements for protected operating systems. The set of criteria, developed by the U.S. National Security Agency (NSA) for evaluating the level of security for computer systems and software, was published as a series of books. Each of these books' covers had a different color, and because of this, the set of these security standards became known as the Rainbow Series. The "C2 Security Level" is one of the most commonly used terms in the Rainbow Series. Certification of software for C2 security requirements is performed using the Trusted Computer System Evaluation Criteria (TCSEC). The TCSEC criteria, known as the Orange Book, provides specifications for the procedure of evaluating the security level of information systems for governmental organizations. The C2 security class is considered to be the highest security class, by which any general-purpose operating system can be certified.

Note 

It's also necessary to mention an alternative point of view. The C2 class is regarded as the highest security level for general-purpose operating systems. It can't be regarded as the highest security level, though, if you take into account all of the existing operating systems. Notice that if it's necessary to provide the highest security level, you should use specialized operating systems (and all widely used operating systems such as Novell NetWare, Windows NT/2000, Windows XP, Windows Server 2003, UNIX, and Linux can't be considered as such). For certification of the most secure operating systems used by military organizations (for example, nuclear power stations), there are other higher security classes, the highest being the A class. A lower level of security (in comparison to the C2 level) is provided by the C1 and D classes. Notice that there isn't any certification for the C1 class. As for the D class, it includes all the operating systems that don't meet the requirements of other classes. If you're interested in more detailed information concerning the Rainbow Series, download it from http://www.radium.ncsc.mil/tpep/library/rainbow.

Certification and testing of any operating system for the C2 security class includes evaluation and testing the security functions implemented by the operating system. This testing will determine if this function has been implemented satisfactorily and if it works correctly. The C2 security level requirements include the following:

  • Required identification and authentication of all operating system users. The system must provide the capability to identify each user who has authorized access to the system, and provide access for only those users.

  • Discretionary access control - users must be able to protect their data.

  • Auditing capabilities - the system must have the capacity to audit all actions performed by the users and operating system itself.

  • Protecting the system objects against reuse - the operating system must be capable of preventing user access to the resources released by another user (for example, preventing users from reading and reusing released memory or reading deleted files).

The process of certifying the operating system according to the C2 security class includes the following procedures:

  • Investigating the source code

  • Study of the documentation concerning implementation details provided by software developers

  • Repeated testing in order to eliminate errors discovered during previous phases

Note 

A more detailed description of the certification procedure is provided at http://www.radium.ncsc.mil/tpep

Cases of unauthorized access to computer networks are the reality of life today. The most common case of this can be seen when users themselves damage the computer they're working on. This usually happens when a user has just enough knowledge to be dangerous. If such users find one of the registry editors (Regedit.exe or Regedt32.exe), and you didn't take any precautions, they'll only become "worried" when the operating system stops booting.


Previous page
Table of content
Next page
Windows Server 2003 Registry
Unicode Explained
ISBN: 1931769214
EAN: 2147483647
Year: 2005
Pages: 129
Authors: Jukka K. Korpela
BUY ON AMAZON
MySQL Stored Procedure Programming
Beginning Cryptography with Java
Visual C# 2005 How to Program (2nd Edition)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy