nt-part2_72
Analysis of the Security of Windows NT
1 March 1999
72
UNIX environment, on the other hand, usually only one variant of the operating system
is affected so a potential attacker has to know which target has which variant.
9.3 Recommendations
Last we would like to give some overall recommendations based on the knowledge we
gained by doing this study.
Do not connect any NT system to an outside network without putting a well work-
ing firewall between the outside network and the NT system. There are weaknesses
in the protocols used to connect different machines in the system and one should not
let outsiders take advantage of that. Especially block ports 135-139. No inbound or
outbound traffic should be allowed on those ports.
Get some sort of intrusion detection system, see for example KSA in appendix
D.1.5. The earlier an attacker can be detected the faster one can block the hole in the
defence, or at least detach the system from the outside network until a fix for the
exploit is found.
Get as much knowledge on the system, and how it works, as possible. This is espe-
cially important in the NT case since the system at a first glance seems to be so sim-
ple to administrate. But one really need to know what goes on behind the combo
boxes and the windows to be able to judge which actions to take and to make sure
that the system really does what one really wants when the button is pushed. It is
especially important to learn a lot about the Registry. If one not learns, one put a lot
of trust in the hands of Microsoft.
Educate the users. Most of them will probably come from a Windows 95 or Win-
dows for workgroups environment and will be used to almost no restrictions regard-
ing installation of programs or access to resources. It is essential to explain to them
why these restrictions are important, otherwise they might try to circumvent them.
The standard installation is very relaxed, and therefore insecure. Go carefully
through the system and make sure that the configuration is the one that you want.
There are utilities that will help in this situation. Use them. There are also a lot of
recommendations in books and on the Internet. Take an extra look at the security
pages. See the appendix for descriptions of utilities and useful Internet addresses.
Keep as few user accounts as possible on local machine. On a local machine the
SAM database is usually much more exposed than on a Domain Controller and
never use the same password on the local administrator account as on the domain
administrator account. Delete the copy of the SAM in the repair folder.
Block the functionality the users do not need. There are few users who need to
install program or export shares. Unfortunately some of the NT applications needs
to be able to write to directories where the user normally should not have permis-
sions to write. This will, however, change in newer releases.
Consider using encryption on network connection and file systems and stronger
authentication mechanisms if you are very concerned about security. Programs in
this area are available for NT, e.g. SSH. However, make sure that you know how
they affect the performance and the function of the system.