HostedDB - Dedicated UNIX Servers

nt-part2_49 Analysis of the Security of  Windows NT 1 March 1999 49 installed. In these respects, NT is not different from other operating systems. In this section, we focus on weaknesses introduced in the installation procedure. It is rather simple to install NT on a computer from the box. However, such installation is not secure. The system administrator has to perform a number of tasks. First, install the latest Service Pack announced by Microsoft. Second, fetch and install hotfixes for problems found after a Service Pack has been shipped. Third, since the standard con- figuration of the system is rather relaxed, probably due to the fact there is less com- plaining if things work right away, the system administrator really needs to go through the registry carefully after an installation and change the configuration to suite her/his needs. Microsoft could definitely have made the standard installation more rigorous, especially the Everyone group could be more restricted.         7.3.2  Collisions in MD4 MD4 is a oneway hash function developed by RSA Inc.. It is mainly used to create hashed checksums in mail systems for digital signatures where a variable sized text is hashed into a 16 byte value. In the context of digital signatures constructed by check- sum it is important that different texts do not produce the same checksum, i.e. all the checksums are unique or it is at least impossible to alter a given text and still produce a checksum that is identical to the one for the original text. This was thought true for MD4 until Hans Dobbertin discovered collisions, i.e. two texts producing the same checksum, in the algorithm [21]. He also showed how this could be done fairly easily with any text as long as it had a certain structure [25]. This lead to the conclusion that MD4 is to be considered unsafe and a recommendation to stop using it. In NT, MD4 is used as the main encryption algorithm for passwords. The reason being that it is considered impossible to decrypt a oneway hash function. The encrypted pass- word is compared with the stored encrypted password to identify the user at logon, see section 5.3. However, since only the encrypted passwords are compared and since col- lisions have been detected in MD4 it is possible, but probably unlikely, that two differ- ent passwords can give access to the same user account. This in turn decreases the number of passwords that need to be tested in a brute force password attack, with how much is hard to tell, and therefore weakens the encryption. 7.3.3  Parameter Checks in System Calls One of the oldest programming errors in the book is insufficient error control. This includes checks to make sure that the value of variables and parameters are within the allowed range. In NT 4.0, as well as 3.51, there exist system calls with insufficient validity checks for parameters. These system calls make the system crash if they are called with parameter values outside the allowed range. One program which we found (NTCrash) is primarily designed to detect and log system calls with these kinds of flaws. However, the program can also be used to exploit these weaknesses, see section 7.5.1. Hopefully, Microsoft will correct these programming errors in the near future. 7.3.4  Undocumented System Variables and Functions An operating system exports a number of system functions, often called system calls, and variables to be used by application programs.