nt-part2_65
Analysis of the Security of Windows NT
1 March 1999
65
The Berkeley r protocols mentioned earlier were designed for an environment where
all machines and the network connecting them were located in a single computer room,
and all access to the network was via UNIX machines. Thus the authentication mecha-
nism for these protocols is based on the transmission of clear text passwords via the
network. The concept of an all powerful administrator is carried over in the Berkeley
implementation of the TCP/IP protocol suite, and the r protocols. Any request com-
ing from a TCP/IP port with a port number below 1024 is considered to have come
from a process with administrative privileges on that host. Since none of the above is
not typically true of todays installations these security features leave a lot to be
desired.
NIS and NFS contain few security mechanisms, if any. What little security NIS and
NFS can be configured to have is mostly derived from the reserved port numbers fea-
ture mentioned above, and a simple IP-address host based address check. The over-
whelming majority of information transmitted via the network from these services are
furthermore in the clear, and thus anyone with access to the network is free to listen in,
and/or modify the traffic.
The situation is made worse by the fact that as noted above the trust relationship
between server and client is a trifle naive. If you have a host under your control any-
where on the network, both NFS and NIS will most likely trust it implicitly, and you
can for instance impersonate users, to gain access to their files etc. In the case of NIS it
is easy to gain access to the data it distributes, even though you are not among the hosts
originally intended as a recipient of that information. Some, if not to say most, of this
information; user accounts etc are of a security critical nature. The interested reader is
referred to the standard reference of the subject of UNIX security [59].
8.2 UNIX versus NT
Even though Microsoft Inc. would like to have us believe otherwise, NT does not in
fact contain many ideas that UNIX has not either pioneered or picked up during the
seventies or early eighties. Both systems have from a research perspective a distinctive
seventies feel to them. Especially from a security perspective one is struck by the simi-
larities between the respective systems. There are in fact many more similarities than
differences. NT has adopted the concept of an all powerful administrative account,
even though the corresponding SUID feature is not as heavily depended upon for
administratively critical tasks. NT has the same basic structure when it comes to pro-
cesses and privileges. The file system has the same basic layout even though a few
more operations besides (read/write/execute) can be specified.
About the only relatively recent technological advance that Microsoft has incorporated
is microkernel technology. However, Microsofts implementation is several megabytes
per kernel server, much to large to gain any real security advantage. It is interesting to
note that the NT kernel is of approximately the same size as a typical UNIX kernel, in
terms of services provided. A UNIX kernel on the same hardware is typically smaller
in terms of memory consumption. Furthermore, in later releases of the NT operating
system, much code from the servers, most notably the GUI, have been moved into the
kernel proper, with negative effects on security. Some performance has been gained by
this however.