Security Tweaks

Warning

A surprising number of Windows 2000 and NT’s security features are only accessible through Registry tweaks. For the most part, these adjustments add to your system’s security; except as noted, you are not adding extra risk by not making the changes discussed here. You should carefully note the security suggestions included in Chapter 9. They reflect changes you should make to preserve system security, while the items in this section are optional.

Clear the System Pagefile at Shutdown

The U.S. Government (actually the National Computer Security Center) has established a rating system for configurations of computer operating systems. This rating system, set forth in a document called the Orange Book, rates how secure operating systems are. To earn a particular rating, there are certain features an OS must implement. One of these features is object reuse. Simply put, object reuse just means that objects (including disk blocks, memory, and other shared resources) are cleared out after use. This prevents any leakage of confidential data.

While Windows 2000 and NT can be made compliant, as shipped neither OS clears inactive pages in the virtual memory’s pagefile. A couple of publicized attacks[54] rely on the fact that the system’s pagefile is left intact when the system shuts down; it can then be scanned for useful data. To prevent this, you can add the REG_DWORD value HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ ClearPageFileAtShutdown ...

Get Managing The Windows 2000 Registry now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.