HostedDB - Dedicated UNIX Servers
nt-part2_48 Analysis of the Security of  Windows NT 1 March 1999 48 7. Vulnerabilities We have found several sites on the Internet that present programs that utilizes flaws that endangers the security of the NT operating system. In this section we will describe some of these programs and use them in order to gain unauthorized access or informa- tion from an NT system. Together with the descriptions of how the program works there is a description of how we intended to use the program and the reward we hoped to get as well as the results we really got. In the end of this chapter, we have tried to classify the weaknesses according to the taxonomy presented in [66]. 7.1  Methodology In this report, we try to find security problems within NT, and to prepare the ground for further investigations. We have mainly concentrated on studying the relevant literature. The sources of information are published books, Usenet newsgroups, mailing lists and other material published on Internet. Firstly, we tried to get a general view on how NT is constructed and works. Secondly, we looked deeper into four areas of the system: file system, account management, access control and networking. Thirdly, we tried to find as many documented weaknesses as possible by searching the World Wide Web (WWW) and newsgroups. All programs that we found were tested on our target system to verify that they did indeed do what the authors claimed. In some cases certain privi- leges were required. On those occasions, the program was tested both with and without these privileges. 7.2  Experimental System The target systems used to test the software have been standard PCs. Both Windows NT 4.0 Workstation and Windows NT 4.0 Server versions of the operating system have been used. The out of the box configuration with Service Pack 3 (SP3) have been used, if nothing else is explicitly stated. The network used has been a standard 10Base- T Ethernet network. The user profiles used have all been members of the standard user group except when special privileges have been needed. On those occasions we have also tested them as Administrator. 7.3  Known Security Problems There are a number of known security problems that are general and not specific for the NT system. They are, however, interesting in this report since some of them do appear in the NT operating system. We believe that the reasons for this are the follow- ing: some of them were introduced by mistake (e.g. missing parameter checks) others in order to achieve the customers demand for backward compatibility and flexibility (e.g. foreign file systems) and some because they where not known at the time of implementation (e.g. collisions in MD4). In the following paragraphs, we will describe and explain some of these problems. 7.3.1  Installation Problems Security weaknesses may be introduced in various stages, i.e. in the requirement speci- fication,  in  the  design,  in  the  implementation,  or  when  the  system  is  eventually