Weak Permissions

If resources aren t protected by the correct permissions, they are susceptible to attack. Refer to Chapter 13.

Sample Test Cases

Test Case

Description

NULL DACL

If an object has a NULL DACL (empty permissions), this is a must fix. Having a NULL DACL means that anyone can access the object.

Weak DACL

Granting permissions to large groups, such as Everyone, Guest, Authenticated Users, Users, Network Service, and World, can be granting too much access to a resource that should be more protected.

Granting too much permission

If a user or group shouldn t be able to delete a file, don t grant that permission. Restrict the permissions on a securable object to onlythose that are actually needed.

Look for multistage elevation of privilege attacks

Attackers often can chain multiple weaknesses together to gain a higher access level. For instance, it might not be possible for a user to go straight to an administrator account. However, the user could elevate to Network Service, and then to Administrator.

Use tools to detect weak permissions

Tools such as AccessEnum from SysInternals can easily indicate weak permissions on files and the registry.



Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net