HostedDB - Dedicated UNIX Servers
nt-part2_43 Analysis of the Security of  Windows NT 1 March 1999 43 •   Set number, which enables a user to set the number at which s/he will be called back at login. Clearly, this method is less secure then the first one, but at least it offers tracing of calls. 5.7.3   Default Deny After RAS has been installed on a server, it must be configured. The first thing to do is to start RAS. By default every user is denied access to the system through this service. An administrator must grant dial-in permission for a user to be able to remotely utilize the server, which is done on a peer user basis. This can be done either with the Remote Access Admin utility or with the User Manager utility. 5.7.4  Access Restrictions In the installation procedure, several access restrictions can be enforced. First, dial-in and dial-out restrictions must be specified. Three options exists: •   Dial-out only •   Receive calls only •   Dial-out and Receive calls A RAS server must at least be able to receive calls, while a RAS client must be able to Dial-out. Second, select which protocol(s) (NetBEUI, TCP/IP and/or IPX) can be used for a connection. Third, select and configure one or more protocol(s) (NetBEUI, TCP/ IP and/or IPX) that are to be allowed on the server. Fourth, decide whether the remote users shall have access to the entire network or to the computer running the RAS server only. Fifth, select which authentication method shall be used. There are three options: •   Allow any authentication including clear text (PAP, SPAP or CHAP are allowed) •   Require encrypted authentication (SPAP or CHAP are allowed) •   Require Microsoft encrypted authentication (only CHAP is allowed) One of the above must be selected. Another setting, which can be specified, is whether or not data encryption is required. 5.7.5  PPTP Filtering If PPTP filtering is enabled on a RAS server, the only way for clients to connect to the server is through PPTP. The server will refuse other types of connections. 5.8  Auditing The auditing in NT is handled by SRM and LSA together with the Event Logger. Dif- ferent types of events are grouped into event categories and auditing is then done based on these groups. There are seven types of event groups. These are: System, Logon/ Logoff, Object Access, Privilege Use, Detailed Tracking, Policy Change and Account Management. For details on event groups see [43] and Table 4. If auditing applies and what is to be audited is determined by the Audit Policy which is handled by the LSA and given to the SRM by LSA.