Monthly Archive: February 2000

A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. Date published : 2000-02-04

A network service is running on a nonstandard port. Date published : 2000-02-04

A Windows NT administrator account has the default name of Administrator. Date published : 2000-02-04

A Windows NT file system is not NTFS. Date published : 2000-02-04

There is a one-way or two-way trust relationship between Windows NT domains. Date published : 2000-02-04

A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. Date published : 2000-02-04

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. Date published : 2000-02-04

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. Date published : 2000-02-04

A Windows NT system’s registry audit policy does not log an event success or failure for non-critical registry keys. Date published : 2000-02-04

A Windows NT system’s registry audit policy does not log an event success or failure for security-critical registry keys. Date published : 2000-02-04

A Windows NT system’s file audit policy does not log an event success or failure for non-critical files or directories. Date published : 2000-02-04

A Windows NT system’s file audit policy does not log an event success or failure for security-critical files or directories. Date published : 2000-02-04

A Windows NT system’s user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy...

.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. Date published : 2000-02-04