Windows Host Security: Network Security Hacks - Hacks 27 and 28: Disable Default Shares, and Encrypt Your Temp Folder
(Page 7 of 8 )
Hack 27: Disable Default Shares
Stop sharing all your files with the world.
By default, Windows enables sharing for each logical disk on your system (C$ for the C drive) in addition to another share called ADMIN$ for the %SystemRoot% directory (e.g., C:WINNT). Although this is accessible only to Administrators, it is wise to disable these shares (if at all possible) since they still present a potential security hole.
To disable these shares, open the Registry by running regedit.exe and then find the HKey_Local_MachineSYSTEMCurrentControlSetServices lanmanserverparameterskey.
If you’re using Windows 2000 workstation, add an AutoShareWks DWORD key with the value of 0 (as shown in Figure 2-5) by clicking Edit -> New -> DWORD Value. For Windows 2000 Server, add an AutoShareServer key with a value of 0. When you’re done editing the Registry, restart Windows for the change to take effect.
After Windows has finished loading, you can verify that the default shares no longer exist by running net share:
C:\>net share
Share name Resource Remark
-----------------------------------------------------------
IPC$ Remote IPC The command completed successfully.
Before doing this, you should be sure that disabling these shares will not negatively affect your environment. Lack of these shares can cause some sys tem management software—such as HFNetChk [Hack #21] or System Manage ment Server—to not work. This is because software like this depends on remote access to the default administrative shares in order to access the con tents of the systems disks.
Hack 28: Encrypt Your Temp Folder
Keep prying eyes out of your temporary files.
Many Windows applications will create intermediary files while they do their work. They typically store these files in a temporary folder within the current user’s settings directory. Most often these files are created world-readable and aren’t always cleaned up when the program exits. How would you like it if your word processor left a copy of the last document you were working on for anyone to come across and read? Not a pretty thought, is it?
One way to guard against this situation is to encrypt your temporary files folder. To do this, open an Explorer window and go to the C:Documents and Settings Local Settings folder. In this folder you should see another folder called Temp. This is the folder that holds the temporary files. Right-click the folder and bring up its Properties dialog. Make sure the Gen eral tab is selected, and click the button labeled Advanced. This will bring up an Advanced Attributes dialog, as seen in Figure 2-6. Here you can choose to encrypt the folder.
Check the “Encrypt contents to secure data” box and click the OK button. When you have done that, click the Apply button in the Properties dialog. Another dialog (as seen in Figure 2-7) will open asking you whether you would like the encryption to apply recursively.
To apply the encryption recursively, choose the “Apply changes to this folder, subfolders and files” option. This will automatically create a public-key pair if you have never encrypted any files before. Otherwise, Windows will use the public key that it generated for you previously. When decrypting, Windows ensures that the private keys are stored in nonpaged kernel memory, so that the decryption key will never be left in the paging file. Unfortunately, the encryption algorithm used, DESX, is barely an improvement on DES and is nowhere near as strong as 3DES. However, it serves the purpose of transpar ently encrypting temporary files very well. If you want to encrypt other files, it is suggested you use a third-party utility such as GnuPG (http://www.gnupg.org), which has Windows binaries available on its web site.
 | If you've enjoyed what you've seen here, or to get more information, click on the "Buy the book!" graphic. Pick up a copy today!
Visit the O'Reilly Network http://www.oreillynet.com for more online content. |
Next: Hacks 29 and 30: Clear the Paging File at Shutdown, and Restrict Applications Available to Users >>
More Windows Security Articles
More By O'Reilly Media
