Block remote access to the Windows Registry _ Registry
Source: Internet
Author: User
Protecting the Windows registry in the way mentioned in this article prevents attackers from attacking it remotely.
problem
The registry is the core of the Windows operating system. However, by default, the registry of all windows-based computers can be accessed on the network. Hackers who know this can take advantage of this security vulnerability to attack your company's computer system, modify file relationships, and allow the insertion of malicious code. In order to protect your network, you need to disable remote access to the registry.
Solution
You can easily reach this goal by modifying the Web Access list. Depending on how complex your network is, you may want to consider banning remote access to the registry.
Attention
Editing the registry can be risky, so you must make sure that you have backed up the registry before you start.
Modify the Registration form
For computers that use Windows 2000, Windows XP, and Windows Server 2003 systems, take the following steps:
4, if the WinReg key already exists, skip to step 8. If the key does not exist, click on the "Edit" menu and choose "Add".
5, the key to the name "WinReg", the category set to REG_SZ.
6, select the newly created key, then click on the "Edit" menu, select "Add Value".
7, the following input:
Name: Description
Type: REG_SZ
Value: Registry Server
8, the Choice winreg key, enters the security | License.
9. Ensure that the local Systems Administrators group (System Administrators groups) has full access to the system account and Everyone group, with read-only permissions.
10. Close Registry Editor and restart the computer.
If you set a special group for your workstation or server support, and the members of these groups are not administrators, you should also set the right permissions for them.
And if the machine you're dealing with is a server or a computer that provides remote services for a particular user, you must allow the account that has access to the service to have read-only access to the relevant content.
Adjust Network
Registry modifications can protect your internal network from unauthorized access, but you also need to protect the registry from external Internet access. Using registry security vulnerabilities to attack Windows systems is still very common, so you need to ensure that your security policies have addressed these vulnerabilities well.
disabling TCP/UDP ports 135, 137, 138, 139, and 455 on the front-end router or firewall is a good workaround. Disabling these ports is not only a way to prevent remote access to the registry, but it also prevents most remote attacks against Windows systems.
Turning off these ports quickly improves the security of your Windows network, and you need to verify that there are commercial reasons to keep these ports open before you disable them.
These are remote registry services that you can shut down, running Windows 2000, Windows XP, and Windows Server 2003 systems (remotely Registry), which is always a helpful and practical way for businesses.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.