nt-part2_42
Analysis of the Security of Windows NT
1 March 1999
42
Lockout after n bad logon attempts, where n must be assigned a positive integer
value.
Reset count after m minutes, where m specifies how many minutes shall pass before
the bad logon counter is cleared.
Lockout duration, where forever (i.e. until an administrator unlocks) or duration in
minutes are the possible choices.
5.6 Port Filtering
The TCP/IP protocol suite was not specified to be particularly secure. Lately, a number
of successful network attacks have been described. Many of these intrusion attempts
have utilized different protocols in the TCP/IP family, e.g. TCP and UDP.
A common way to minimize weaknesses in a system is only to permit services that are
proved secure and necessary, see [22] for a detailed discussion on this topic. In NT,
blocking communication to both TCP ports and UDP ports is possible. This implies
that a system can be configured to accept only packets sent to specific ports on which
secure and necessary servers listen. This feature is referred to as TCP security in NT
terminology.
5.7 Security Features in RAS
As already stated, RAS opens a network to the world. Some users will appreciate this
feature while some will not. For example, sales persons and consultants might do their
job more efficiently if they have the possibility to access files and other resources from
the office when they are out on the field. Administrators as well as people responsible
for security know fairly well that this feature may also be taken advantage of by an
intruder. For the latter reason, RAS has a variety of mechanisms to protect against
attackers.
5.7.1 Authentication
In PPP, three different authentication protocols are supported. The first and least secure
option is enabling the RAS server to allow clear text passwords. In this case, the Pass-
word Authentication Protocol (PAP) is used. A more secure authentication protocol is
the Shiva Password Authentication Protocol (SPAP). Unlike PAP, SPAP encrypts
passwords before sending them over the wire. SPAP is used if either side of the com-
munication uses a product from Shiva, Inc. However, the most secure authentication
protocol [64] is the Challenge-Handshake Authentication Protocol (CHAP), which
uses DES-encrypted authentication. This protocol is described in appendix A.7.
5.7.2 Callback
With the callback facility, a user will be called back after s/he has provided a valid user
name and a valid password. This provides added security, since NT now knows from
where the call came from. There are two different kinds of callbacks:
Predefined number, which implies that a predefined number will be used in the call-
back.