Minimum File & Registry Rights

For Advanced Users of The Satoshi Terminal

Purpose and Scope

This document outlines the implementation, management, and best practices for configuring Minimum File & Registry Rights in The Satoshi Terminal. These rights are established to enforce Principle of Least Privilege (PoLP), ensuring that processes, users, and applications access only the files and registry keys necessary for their function. This approach mitigates security risks, reduces attack surfaces, and ensures compliance with industry standards such as ISO/IEC 27001, NIST SP 800-53, and CIS Benchmarks.

Conceptual Framework

1. File System Access Rights:

   • Defines granular permissions at the file and directory level.

   • Supports read, write, execute, and traversal permissions based on NTFS standards.

2. Registry Rights Management:

   • Regulates access to Windows Registry hives and keys.

   • Enforces secure defaults while enabling application-specific overrides.

3. Dynamic Policy Enforcement:

   • Monitors changes in file and registry permissions in real-time.

   • Automatically rolls back unauthorized modifications.

Key Objectives

• Minimize Attack Surface: Restrict access to critical resources, reducing exposure to malicious activity.

• Ensure Operational Integrity: Prevent accidental or unauthorized modifications to essential files and registry entries.

• Maintain Compliance: Align with regulatory and organizational security policies.

File Permissions Overview

1. Permission Types

• Read (R): Allows viewing the contents of a file or directory.

• Write (W): Grants the ability to modify file contents.

• Execute (X): Permits execution of binary files or traversal of directories.

• Delete (D): Allows deletion of files or directories.

2. Permission Levels

• Full Control: All permissions combined; generally restricted to administrators.

• Modify: Grants read, write, and delete permissions.

• Read & Execute: Combines read and execute for application compatibility.

• Write: Limited to file or directory modification.

Registry Permissions Overview

1. Registry Hives

• HKEY_LOCAL_MACHINE (HKLM): System-wide settings and configurations.

• HKEY_CURRENT_USER (HKCU): User-specific settings.

• HKEY_CLASSES_ROOT (HKCR): File type associations and COM objects.

• HKEY_USERS (HKU): Configuration data for all user accounts.

• HKEY_CURRENT_CONFIG (HKCC): Current hardware profile configurations.

2. Access Levels

• Query Value: Read a registry key or value.

• Set Value: Modify a registry value.

• Create Subkey: Add a new key under an existing one.

• Delete: Remove a registry key or value.

• Enumerate Subkeys: List all subkeys under a given key.

Implementation Details

1. File Rights Configuration

1.1. Tools for Configuration

• Windows File Explorer:

  • Right-click a file or directory → Properties → Security tab → Configure permissions.

• Command-Line Tools:

  • icacls: Modify and view permissions.

  • Example:

    Copy

    icacls C:\SatoshiTerminal\logs /grant "Users:(R)"

  • takeown: Take ownership of files. Example:

    Copy

    takeown /f C:\SatoshiTerminal

1.2. Recommended Permissions for The Satoshi Terminal

2. Registry Rights Configuration

2.1. Tools for Configuration

• Registry Editor (regedit.exe):

  • Navigate to a registry key → Permissions → Configure access.

• Command-Line Tools:

  • reg add and reg delete: Modify registry keys.

  • Example:

    Copy

    reg add HKLM\Software\SatoshiTerminal /v ConfigPath /t REG_SZ /d C:\SatoshiTerminal\configs

  • PowerShell:

    • Example:

      Copy

      Set-ItemProperty -Path "HKLM:\Software\SatoshiTerminal" -Name "LogLevel" -Value "Error"

2.2. Recommended Registry Key Permissions

Dynamic Policy Enforcement

1. Real-Time Monitoring

• Utilizes Event Tracing for Windows (ETW) to track changes in file and registry rights.

• Monitors the following events:

  • Unauthorized icacls or takeown usage.

  • Registry key creation or deletion in protected paths.

2. Automatic Rollback

• Any unauthorized modification triggers:

  • Alert notifications via email/SMS.

  • Reversion of changes using stored baselines.

3. Policy Enforcement Tools

• Group Policy Objects (GPOs):

  • Centralized enforcement of file and registry permissions.

  • Example: Prevent non-admins from modifying HKLM\Software\SatoshiTerminal.

Best Practices

1. General Guidelines

• Assign permissions to groups instead of individual users.

• Avoid granting "Full Control" unless strictly necessary.

• Regularly audit file and registry rights.

2. Hardening Recommendations

• Enable Mandatory Integrity Control (MIC):

  • Ensures that even trusted processes cannot escalate privileges arbitrarily.

• Implement AppLocker Policies:

  • Restricts executable permissions based on file paths.

Advanced Troubleshooting

1. Diagnostic Commands

• List Effective Permissions:

  Copy

  icacls C:\SatoshiTerminal

• View Registry ACLs:

  Copy

  Get-Acl -Path "HKLM:\Software\SatoshiTerminal"

2. Common Issues

• "Access Denied" Errors:

  • Verify that inheritance is enabled for subkeys or directories.

• Permissions Misconfiguration:

  • Restore defaults using:

    Copy

    icacls C:\SatoshiTerminal /reset

3. Escalation Path

• Gather logs from Event Viewer under Security and Application.

• Contact Level 2 support with detailed findings.

By strictly adhering to the Minimum File & Registry Rights outlined in this document, you ensure that The Satoshi Terminal operates securely while reducing risks of unauthorized access or tampering. Proper configuration and ongoing management of these rights are critical to safeguarding sensitive cryptocurrency data and maintaining regulatory compliance.