| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Dec 7 18:30:55 2005 From: dudevanwinkle at gmail.com (Dude VanWinkle) Subject: Restricting access to SVCCTL named pipe on Windows On 12/7/05, Geof <geofgeof@...il.com> wrote: > I'm trying to restrict remote access to the Service Control Manager on a > Windows box in order to forbid a local admin to remotely manage the > services. Indeed, with such an access, it's possible to restart services > that where disabled for security reasons, like remote registry access, or to > install remotely new services. > (See > http://www.hsc.fr/ressources/articles/win_net_srv/ch04s07s09.html > for the available operations) > > Using the pipeaclui from bindview, I guess it's possible to define ACL that > deny any access but it is said that "Anytime a named pipe is restarted (or a > system reboot), the changes made using pipeaclui will be discarded and the > defaults of whatever started the named pipe will be used". > http://www.bindview.com/Services/RAZOR/Utilities/Windows/pipeacltools1_0.cfm > > So, I'm wondering if someone known how to stop definitively this feature. I would go about this a different way than you: just drop in managed firewalls that say only port 135-139, 445, etc from the servers then you dont have to worry about VPN or cross workstation attacks or am I totally off base here? -JP
Powered by blists - more mailing lists