Upload
chi
View
21
Download
0
Embed Size (px)
DESCRIPTION
Lesson 16-Windows NT Security Issues. Overview. Set up the system. Manage users. Manage the system. Set up the System. Windows NT is not completely secure out of the box. Default configuration of Windows NT includes some settings that will make the system more secure. Set up the System. - PowerPoint PPT Presentation
Citation preview
Lesson 16-Windows NT Security Issues
Overview
Set up the system.
Manage users.
Manage the system.
Set up the System
Windows NT is not completely secure out of the box.
Default configuration of Windows NT includes some settings
that will make the system more secure.
Set up the System
Configuration settings are divided into:
Registry settings.
System configuration settings.
Registry Settings
Windows NT Registry is the internal system database that
stores necessary system parameters and values.
Proper care must be taken while making changes to the
Registry since mistakes can make the system unusable.
Regedit32 must be used to edit the Registry.
Logon message must be used to display a legal notice prior
to a user logging onto network.
Registry Settings
User can force Windows NT to clear the system Pagefile,
containing encryption keys or password hashes, on shutdown.
Shutdown Without Logon key can be changed to force a user
to log on to a system before being able to shut it down.
LAN Manager Authentication system allows Windows NT
servers to work with Windows 95 and Windows 98 clients.
Registry Settings
Since LAN Manager is a weaker scheme than the NT
authentication system, it should be disabled.
The ability of anonymous (null) user session to access
information should be restricted.
Remote Registry access must be restricted to protect
computers from an attack over local network or Internet.
System Configuration Settings
Changes are required in the following areas to increase
security of system:
File systems.
Network settings.
Account settings.
Service packs and hot-fixes.
File Systems
FAT file systems should be converted to NTFS to allow for
file permissions.
NT policy editor or AUTOEXNT program must be used to
disable administrative shares that can be used to brute-
force administrator passwords.
Emergency repair disk (ERD) provides recovery of Registry
and user database in the case of system crash.
Network Settings
Domains allow for a central user database and
management and hence are better than workgroups.
NetBIOS should be turned off for any system that will be
accessed from the Internet.
Simple TCP/IP services should not be enabled on a Windows
NT system.
Account Settings
Windows NT comes with administrator and guest accounts
by default.
The guest account should be disabled and its password
must be changed to something long and random.
Administrator account should be renamed.
Password policy should be configured as per the
organization’s security policy.
Account Settings
Policy can be configured through Account Policy in User
Manager.
The Account Policy screen is used to define maximum
password age, minimum password length, password
uniqueness, and account lockout policy.
Account lockout policy will not be enforced against the
administrator account unless PASSPROP utility is used.
Service Packs and Hot-Fixes
Service packs and hot-fixes are new versions of software that
fix bugs and security vulnerabilities.
Some of them do not work properly and hence are not
implemented.
They should be implemented within an organization after
appropriate testing.
If hot-fixes are installed in the wrong order it is possible that
one will negate the effects of another.
Manage Users
Proper procedures must be there to identify proper
permissions received by new users.
Procedures must make sure that an employee loses access
rights to the organization’s systems after leaving the
organization.
Management of users on a Windows NT system is critical to
the security of the system and the NT domain.
Manage Users
Adding users to the system:
Users are added through the User Manager.
Each user should have a unique user ID and own account.
Multiple users should not be given access to the same user ID.
New users are forced to change the password the first time
they log in.
Manage Users
Setting file permissions:
Groups should be used to set permission on files and shares.
Everyone group is given default access to files and shares. It
includes logged-on users and/or guest and null session users.
If a file or share is accessible to all, Domain User group or
Authorized User group should be used instead of Everyone
group.
Manage Users
Removing users from the system:
When users leave an organization, their account must be
disabled immediately using User Manager.
In case the account contains any important files, the user’s
superior should access and copy them within 30 days.
After 30 days the account should be removed from the system.
Manage the System
Security is important when a system is configured and set
up as well as in day-to-day operations.
The best security mechanism is an administrator who is
paying attention to his systems.
Auditing a system, using log files, and looking for suspicious
signs enhances the administrator’s ability to detect security
problems.
Manage the System
Auditing a system - The audit policy should be set according
to the organization’s security policy.
Log files - Administrators should look at the log files and
back them up on a regular basis.
Manage the System
Looking for suspicious signs:
Security Event Log show failed login attempt entries which
indicate brute-force intrusion.
File access failures may indicate an authorized user who is
attempting to access sensitive files.
Missing log files may indicate intrusion.
Manage the System
Looking for suspicious signs (continued):
If an intruder attempts to modify entries in log files, a gap
would be found in the log file.
System administrators should periodically examine the Task
Manager to see if any unknown processes like CMD are
running.
Summary
Configuration settings like Registry settings and system
configuration settings make the system more secure.
Mistakes in Registry settings can make the system
unusable.
System configuration settings include file systems, network
settings, account settings, and service packs and hot-fixes.
Summary
Managing users in a system involves adding and removing
users and setting file permissions.
Managing a system includes auditing a system, using log
files, and looking for suspicious signs to detect security
problems.