005 Local Security Policy

Mobile 2023-12-17 17:55:44 views: null

1. Local security policy

1. Concept

  • Mainly to make some security settings for the account that logs in to the computer
  • The main impact is local computer security settings

2. Opening method

  • Start Menu->Administrative Tools->Local Security Policy
  • Use the command secpol.msc
  • From the local group policy, use the command gpedit.msc

2. Account strategy

1. Password policy (enabled by default in Windows Server operating system)

  • Password must meet complexity requirements (most commonly used)
  • Minimum password length
  • Minimum password age
  • Maximum password age
  • Enforce password history
  • Store passwords with reversible encryption (generally disabled)

2. Account locking strategy

Account lock time 30 minutes, account lock threshold 2 times, account lock counter reset 10 minutes
Reset account lock counter time is less than or equal to the account lock time.

Since the administrator is not restricted by the account locking policy, and the administrator's user name is fixed, it is easy to be attacked by hackers, causing the server to collapse. What method can be used to hide the administrator so that blasting cannot be carried out. (One of the environments reinforced by Windows operating system)

  • Account lock time
  • Account lockout threshold
  • Reset account lockout counter

3. Local strategy

1. Audit strategy

  • Audit policy changes
    *v*
    This security setting determines whether the OS responds to attempts to change user rights assignment policies, audit policies, account policies, or trusts Every instance of the policy is audited.
    Whether there are changes to the main audit policy. For example, if you have just made a series of changes to the policy, you can set the success or failure of auditing these operations in Audit Policy->Local Security Settings->. If the policy The corresponding security setting is followed by no audit, and these operations of changing the policy will not be recorded.
    *v*
  • Audit login events
    *v*
    This security setting determines whether the OS audits each instance of a user who attempts to log in to or log off this computer. Auditing
    is mainly to audit which users have logged in, whether the login is successful or failed, and the login, logout, account lock, etc. will be audited.
    If a hacker is blasting your server, can I see in the log server that there are constant logins and audit failures, indicating that someone from outside is blasting my computer.
    In Event Viewer->Windows Log->Security, you can see the audit of sub-account logins here.
    *v*
  • Audit object access
    *v*
    This security setting determines whether the OS audits user attempts to access non-Active Directory objects. An audit is generated only if the object has a System Access Control List (SACL) specified, and the type of access requested (read, write, or modify) and the account making the request match the settings in the SACL.
    Administrators can specify whether to audit only successes, only failures, both successes and failures, or not to audit these events at all (that is, neither successes nor failures).
    *v*
  • Audit process tracking
    *v*
    This security setting determines whether the OS audits process-related events, such as process creation, process termination, handle Copying and indirect object access.
    For example: if you log in as a user here and start or terminate a process, it will be reviewed
    If a hacker invades the computer and puts a Trojan horse into it, it needs A user executes this Trojan horse program, so he creates a hidden user on the computer, and uses this hidden user to execute the Trojan horse. A Trojan horse process is generated on the computer. Through audit process tracking, it can be found that a certain user has enabled a certain process. Tracking this process is a dangerous process, then check which user created this process, and delete these useless or hidden users in a timely manner.
  • Audit directory service access
    *v*
    is for directories,
    This security setting determines whether the OS Audit user attempts to access Active Directory objects. An audit is generated only if the object has a System Access Control List (SACL) specified, and the type of access requested (read, write, or modify) and the account making the request match the settings in the SACL.
    *v*
  • Audit privilege usage
    *v*This security setting determines whether each instance of a user who exercises user permissions is audited. *v*
  • Audit system events
    *v*
    This security setting determines whether the OS audits any of the following events:

        Attempt to change the system time
        Attempt to securely boot or shut down the system
        Attempt to load the extensible authentication component
        Because Audit system failure resulting in loss of audited events
        The security log size exceeds the configurable warning threshold level.
    *v*

  • Audit account logon events
    *v*This security setting determines whether the OS audits this computer each time it verifies account credentials*v*
  • Audit account management
    *v*

    This security setting determines whether every account management event on the computer is audited. Examples of account management events include:

    Create, change, or delete user accounts or groups.
    Rename, disable, or enable user accounts.
    Set or change your password.
    If you define this policy setting, you can specify whether the event type is audited successfully, failed, or not audited at all. Success audit generates audit entries when any account management event is successful. Failure auditing generates audit entries when any account management event fails. To set the value to No Auditing, select the Define these policy settings check box in the Properties dialog box for this policy setting, and then clear the Success and Failure check boxes.
    *v*

2. User permission allocation

  • Access your computer from the network
  • Change time zone: Administrators and LOCAL SERVICE
  • Change system time: Administrators and LOCAL SERVICE
  • Shut down the computer
  • Access your computer from the network
  • Deny computer access from the network
  • Remote desktop access computer: command mstsc
  • Deny remote desktop login

3. Security options

  • Microsoft web server
  • Shut down

    *v* 
    Shutdown: Allow the system to shut down without logging in

    This security setting determines whether the computer can be shut down without logging into Windows.

    If this policy is enabled, the Shutdown command is available on the Windows login screen.

    If this policy is disabled, the option to shut down the computer does not appear on the Windows login screen. In this case, the user must be able to successfully log on to the computer and have user rights to shut down the system before performing a system shutdown.

    Default setting on workstation: Enabled.
    Default setting on server: Disabled.
    *v* 

  • recovery console
  • Interactive login
    *v* 
    Interactive login: No need to press Ctrl+Alt+Del

    This security setting determines whether users need to press Ctrl+Alt+Del to log in.

    If this policy is enabled on a computer, users will be able to log in without pressing Ctrl+Alt+Del. Not having to press Ctrl+Alt+Del leaves the user vulnerable to attacks that attempt to intercept the user's password. Requiring users to press Ctrl+Alt+Del before logging in ensures communication through a trusted path when users enter their passwords.
    *v* 

  • equipment
  • Review
  • cyber security
  • network access
  • System encryption
  • System settings
  • User Account Control
  • domain member
  • domain controller
  • Account

    *v* 
    Account: Guest Account Status
    This security setting determines whether the guest account is enabled or disabled.
    Default value: disabled.
    Note: If the guest account is disabled and the security option "Network access: Sharing and security model for local accounts" is set to "Guest only", network logon (such as by Microsoft Network Server (SMB) A network login performed by the service) will fail.

    Accounts: Only console logins are allowed for local accounts with empty passwords
    This security setting determines whether local accounts that are not password protected can be used from a physical computer Log in from a location other than the console. If you enable this setting, local accounts that are not password protected will only be able to log in through the computer's keyboard.
    Default value: enabled.
    *v* 

Guess you like

Origin blog.csdn.net/fencecat/article/details/134977026
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com