hpntbast101_9
- 9 -
Conclusion
The TCP/IP security filters works well on Windows NT 4 .0 SP4.
If the filters are enabled, NT will ignore UDP-packets and TCP connection attempts will be reset on the denied
ports.
Secure the application
The last step is to make a security review of the application that is going to run on the system. This might include
NTFS ACLs/Auditing and checking with application vendor for known holes and workarounds or patches.
Summary
Now your system is reasonably secured. The only way of breaking into it over the network (as far as I can tell) is
by exploiting a vulnerability in the applications running on the host (or the MS IP-stack possibly) to run arbitrary
code that opens up the system.
What weve done here is basically rendered our system inoperable from a management perspective. Windows
NT does not provide us with remote logging. NT based remote administration tools like the Event Viewer and
Server Manager is based on NETBIOS and the problem with NETBIOS is that its considered a no go in
perimeter networks. This is because everything runs in NETBIOS (SMB/CIFS, management and other
applications based on named pipes) which means you cannot limit traffic to a host in router access control lists in
a granular way. Hence we have to find other - preferably standardized - ways of administering and monitoring
the Windows NT host.
HP Consulting has world-class security consultants experienced in building perimeter networks in a secure,
manageable and highly available manner. Contact us if you are interested in our services. Send an email to
Mikael Johansson (mijo@sweden.hp.com).
Disclaimer
HEWLETT-PACKARD DOES NOT WARRANT THE ACCURACY OR COMPLETENESS OF THE
INFORMATION GIVEN HERE. ANY USE MADE OF, OR RELIANCE ON, SUCH INFORMATION IS
ENTIRELY AT USER'S OWN RISK.
Copyright
This paper, and all contents, are Copyright
Ó
1999 by Stefan Norberg and Hewlett-Packard. Do not duplicate,
republish, mirror, or reprint without permission.