HostedDB - Dedicated UNIX Servers
nt-part2_10 Analysis of the Security of  Windows NT 1 March 1999 10 2. Introduction Computer security is traditionally defined by three attributes: (1) confidentiality (or secrecy), (2) integrity, and (3) availability [19] also known as “the CIA”. Secrecy is the aspect of keeping information protected from unauthorized users.  Integrity implies that data only can be modified by authorized parties. Finally,  availability means that the services are provided to any authorized user. A violation to any of these attributes is considered to be a successful attack. Windows NT was designed with security in mind. In fact, it has been classified as a C2 level operating system (OS) by the National Security Agency (NSA) [43]. There were two major goals with this study: first, to find as many vulnerabilities as possible in NT, within a limited time. Second, to gather information about NT and its flaws. A common method to evaluate the security of a system is to use a so called Tiger Team. For example, see [7], which describes a Tiger Team analysis of VM/370 operating sys- tem from the mid-seventies. Such a team is very skilled and has deep knowledge about the system and its potential vulnerabilities. In our case, however, there is a difference. We were novice NT users. There is not much in-depth literature on NT or its security design. Lately, a number of security handbooks have been published, see for example [64], [58], [44] and [18], but most of them lack technical depth. However, there is one evaluation performed by the NSA, and the corresponding report has been issued by the National Computer Security Center (NCSC) [43]. The evaluation is mostly based on the design of the system as defined in the Orange Book [65]. We have, on the other hand, studied the operational security of NT using penetration experiments. These may reveal vulnerabilities in the design, implementation as well as in the installation. Other penetration experiments have been carried out at our department, the most simi- lar being a security analysis of a secure database [68]. However, most of our previous studies differ from the present. Firstly, the object systems were different: a networked UNIX operating system [62], [63] and a PC Network [66]. Secondly, the attackers were final year university students. Thirdly, the attackers had to follow some rules, since the result of these studies were used for mathematical modelling purposes. Section 3 provides a detailed system overview of NT, while section 4 describes the net- working part of the system. Section 5 concentrates on the security features, whereas section 6 focus on utility programs for NT and UNIX. Section 7 presents our intrusion experiments and section 8 is a comparison between the weaknesses found in NT and known UNIX weaknesses. In section 9 we discuss the lessons learned during this study and section 10 concludes. Appendix A presents some of the cryptography used in NT and in appendix B we explain the domain logon process. The SMB data structure as well as a detailed description of the flag fields used in SMB is the topic of appendix C. Appendix D gives examples of utility programs for NT. A list of useful web sites is presented in appendix E. In appendix F, there is a list of security related news groups. Appendix G is a list of abbreviations.