HP StorageWorks X5000 Technical Manual page 104

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Vulnerability:

This means that an attacker only needs eight characters to refer to a file that may be

20 characters long. For example, a file named Thisisalongfilename.doc, could be referenced by its

8.3 filename Thisis~1.doc. If administrators avoid using 16-bit applications, they can turn this feature

off. Disabling short name generation on an NTFS file system (NTFS) partition also increases directory

enumeration performance. Attackers could use short file names to access data files and applications

with long file names that would normally be difficult to locate. An attacker who has gained access to

the file system could access data or execute applications.

Countermeasure:

Configure MSS: Enable the computer to stop generating 8.3 style filenames to a

value of Enabled. The possible values for this Registry value are:

1 or 0; default is 0 (disabled)

•

In the SCE UI, these options appear as:

•

Enabled

Disabled

•

Not Defined

•

Potential Impact:

The 16-bit applications in the network will not be able to access files with names

longer than the 8.3 format allows.

Note: If administrators apply this setting to an existing server that already has files with auto

generated 8.3 file names, it does not remove them. To remove existing 8.3 file names, administrators

will need to copy those files off the server, delete the files from the original location, and then copy

the files back to their original locations.

2.8.6.5 Drive AutoRun Settings

Disable Autorun: Disable Autorun for all drives

This entry appears as MSS: Disable Autorun for all drives in the SCE. Autorun begins reading from a

drive on the computer as soon as media is inserted in it. As a result, the setup file of programs and

the sound on audio media starts immediately. The following registry value entry has been added to

the template in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

Subkey Registry Value Entry

NoDriveTypeAutoRun

Alternatively, configuring the following setting to a value of 1 will disable CD/DVD autorun only. The

following registry value entry has been added to the template in the following registry key:

HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Cdrom\ registry key.

Format

Recommended Value (Decimal)

DWORD

104

255

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

HP StorageWorks X5000 Technical Manual page 104

Related Manuals for HP StorageWorks X5000

Related Products for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents