Check or Attack Name: ntrlogin

The Windows NT host is running the Ataman rlogin service. A user with a rlogin client could potentially compromise the machine's security with a brute force password attack. Also, this service could write sensitive information to the Windows NT Application Log.

Typically, the application log does not contain information an attacker would find useful. However, some applications, such as the Ataman Telnet, Rlogin, and Rexec services, may write sensitive information to the application log.

Disable rlogin if it is not needed or strengthen user name security by implementing strong password security and setting password restrictions in accordance with your security policy.

To check and set the password policy, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select Account to display the Account Policy dialog box.
3. For the Minimum Password Length, require a minimum length of at least seven characters. Click OK.
4. Set other password values in accordance with your security policy.

To stop or disable the rlogin service in Windows NT, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the FTP service.
3. Click Stop.
4. When the service has stopped, click Startup.
5. Choose one of these options:
• To permanently disable the service, click Disabled.
• To turn the service off unless manually activated by the user or a program, click Manual.
6. Click OK, then click Close.