If resources aren t protected by the correct permissions, they are susceptible to attack. Refer to Chapter 13.
Sample Test Cases | |
---|---|
Test Case | Description |
NULL DACL | If an object has a NULL DACL (empty permissions), this is a must fix. Having a NULL DACL means that anyone can access the object. |
Weak DACL | Granting permissions to large groups, such as Everyone, Guest, Authenticated Users, Users, Network Service, and World, can be granting too much access to a resource that should be more protected. |
Granting too much permission | If a user or group shouldn t be able to delete a file, don t grant that permission. Restrict the permissions on a securable object to onlythose that are actually needed. |
Look for multistage elevation of privilege attacks | Attackers often can chain multiple weaknesses together to gain a higher access level. For instance, it might not be possible for a user to go straight to an administrator account. However, the user could elevate to Network Service, and then to Administrator. |
Use tools to detect weak permissions | Tools such as AccessEnum from SysInternals can easily indicate weak permissions on files and the registry. |