• Virginia Tech Home
• IT Security Homepage
• Security Lab
• IRM

Security Guidelines for NT

1. Secure the machine physically
2. Disable undesired booting
3. Use NTFS and set permissions within the file system (ACL's)
4. Setup logon/legal warnings
5. Disable default accounts, change default passwords/ids
6. Restrict access to anonymous, guest accounts, etc
7. Account/Password Settings:
• Suggested 60-90 day password age - if secure passwords are used would relax this
• Suggested password minimum of 7 characters (more is better)
• Suggested uniqueness of 5 times
• Suggested lockout of 5 failed tries
• Suggested reset on count of 30 minutes
• Suggested lockout duration of 30 minutes or admin must unlock

Turn on Auditing and audit the following:

• Logon/Logoff failure/success
• File and Object Access failure
• User Rights failure
• Security Policy changes success/failure
• Security sensitive files (such as logs) success/failure

1. Set Administrator accounts so account can be locked out (set one with no access from network)
2. Split admin functions to different accounts (have seperate non-admin account for daily use)
3. Secure import files by restricting access to them:

• log/audit files
• profiles directory
• system root/repair directory
• boot.ini & ntldr
• network and admin tools (such as ftp, telnet, cmd, NT Resource kit tools, etc)

1. Replace the access that everyone group has with authenticated users group
2. Turn off/disable services & network protocals not needed
3. Disable un-needed shares (including administrative shares)
4. Remove network access from the everyone group OWNER: Ray Cornish