How to provide network security: recommendations for Radmin 2.x users
We at Famatech would like to give our users a few recommendations on how to increase their network security. If not enough attention is paid to the settings of both the Windows security system and of Remote Administrator software, malicious users could gain unauthorized access to your computers to upload and run any program. You will find recommendations on how to secure your Windows and Radmin to avoid such situation below.
Network security policy:
1. Never leave passwords to administrative accounts empty, especially when your computer is connected to the Internet directly with no firewall and/or NAT.
2. In order to provide information security do not share your %windir% folder (the folder where the OS is installed) or the entire hard drive containing this folder. Even limited to read-only access, a malicious user can copy system files (.pwl files, Windows registry files, etc) to their computer and extract the information from these files to illegally access your systems.
Double (and triple) check that only those folders you must share are shared and no others. Make sure they are only shared for specific users who need to use them. Avoid excess permissions (e.g., when Joe's permissions is not limited by \Users\Joe\ folder and Joe can access \Users\ folder):
1) Find a shared folder;
2) Right-click it and select Properties from the pop-up menu;
3) Switch to the Sharing tab and press Permissions button.
You can get a list of all the shared folders by using the NET SHARE command. For more detailed information on this, refer to the Microsoft Windows documentation.
3. When using Remote Administrator's own password, never leave Radmin Server passwords empty. Do not use dictionary words as a password. Such a password is not secure and can be easily tried using a dictionary. This is applicable to any password protected software.
4. If security policy is configured incorrectly, even an anonymous user can gain access to a remote computer's registry using the Remote Registry service. As Radmin Server stores it's encrypted password in [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\Parameter] registry key, this would be a threat to your system security. Someone having write-access to this key is able to change or delete your Radmin Server password. The ability to read this registry key is not enough, however, to obtain the actual password, because decrypting Radmin Server password is almost impossible.
(It is theoretically possible for a malicious user to use an encrypted password to connect to a remote Radmin Server, but this would require coding an alternative client for Radmin Server.
We recommend the following actions to ensure your system is secure:
Security recommendations for Windows NT/2000/XP/2003:
I. Stop the Remote Registry service so no one can remotely access your Windows registry:
1. Go to Start->Run->Control Panel->Administrative Tools->Services;
2. Browse to Remote Registry Service;
3. Right-click "Remote Registry Service" and select Properties;
4. Change the Startup type to "Disabled" and press "OK";
5. Execute the Action->Stop command.
II. Restrict access to [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\] registry branch:
1. Go to Start->Run-> and execute regedt32;
2. Find [HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters] branch;
3. Execute the Security->Permissions command;
4. Uncheck "Allow inheritable permissions from parent..." and select "Copy" from the dialog that appears;
5. Click the "Remove" button to empty the list of everyone except local groups (Administrators, Power Users, Users) and SYSTEM user;
6. Make sure that Full Control rights are only granted to local Administrators group and SYSTEM user, while all other local groups have Read only;
7. Press "OK".
Note: Now you must log on under a local user profile to run Radmin Server.
Security recommendations for Windows 95/98/ME:
I. Block the possibility of remote access to your Windows registry by following these steps:
1. Run Start->Settings->Control Panel->Network;
2. If "Microsoft Remote Registry" or "Remote Registry Service" is present in the installed components list, select it and press "Uninstall";
3. Press "OK".
II. Make sure that you only share those folders that must be shared. Check that they are only shared for those specific users who really do need to use them (see above). Don't share your %windir% folder (the folder where the OS is installed and where the Windows registry is stored).
Respecting this simple network security policy you keep your information safe and confidential.