Bảo mật hệ thống mạng part 46 docx

9 211 0
Bảo mật hệ thống mạng part 46 docx

Đang tải... (xem toàn văn)

Thông tin tài liệu

CHAPTER 16 Windows NT Security Issues 307 Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use. 308 Network Security: A Beginner’s Guide M icrosoft Windows NT is one of the most prevalent operating systems within or - ganizations and across the Internet. It is being used in the traditional roles of file and print servers as well as in new roles such as Web server, application server, and database server. Given the sensitivity of information being stored on Windows NT systems and the sensitivity of applications being run on Windows NT systems, it is critical that system administrators understand how to set up the systems in a secure manner. In this chapter, we will discuss basic steps to take during system setup. These steps will include Registry settings as well as basic system configuration. We will also discuss how to manage users within a Windows NT domain. In the final section of this chapter, we will discuss system management issues from a security perspective and identify some indicators to watch for that may indicate something is going wrong with the system. SETTING UP THE SYSTEM Windows NT is not secure right out of the box. This is the case even though the National Computer Security Center (NCSC) has certified some implementations of Windows NT (4.0 and 3.5) as C2-compliant (for a complete discussion of C2 and other Orange Book Criteria, see Chapter 1). The C2 certification says that Windows NT has the appro- priate security functionality to be certified but it does not say anything about being secure for a particular environment. The certification is also provided to the system when it is not connected to a network. If true C2 functionality is required, the C2 Configuration Manager (provided in the NT Resource Kit) must be used. Given that Windows NT is not secure right out of the box, there are some settings that should be made before the system goes into production that will make the system more secure. The configuration settings are divided into Registry settings and system configu- ration settings. Registry Settings The Windows NT Registry is the internal system database that stores necessary system parameters and values. Take care when making changes to the Registry as mistakes can make the system unusable. That said, some changes to the Registry could aid in securing the system. NOTE: Some Registry changes are necessary to invoke security functions or configurations that come in service packs or hot-fixes. The following sections detail recommended Registry changes. You should edit the Registry using Regedit or Regedit32. Access to either of these programs can be accom - plished through the Run command (see Figure 16-1). Chapter 16: Windows NT Security Issues 309 Enabling Logon Message The logon message provides a vehicle to display a legal notice prior to a user logging on to the network. This is generally a good idea for any organization. To accomplish this on a Windows NT domain, follow these steps: 1. Go to \HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\ CurentVersion\Winlogon. 2. Find the LegalNoticeText key and insert the text you wish to display. NOTE: If the text you wish to display is large, it will be easier to type it out in Notepad or another text editor and paste it into the value. Figure 16-1. A view of Regedit showing the Registry hierarchy 310 Network Security: A Beginner’s Guide Clearing System Pagefile on Shutdown The system pagefile contains important system information when the system is running. This system information may include encryption keys or password hashes. To force Win - dows NT to clear the system pagefile on shutdown, follow these steps: 1. Go to \HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\Session Manager\MemoryManagement. 2. Find the ClearPageFileAtShutdown key and set the value to 1. Preventing Shutdown Without Logon The default Windows NT installation allows anyone to shut down the system by entering CTRL-ALT-DEL and clicking the Shutdown button. To force a user to log on to the system before being able to shut it down, follow these steps: 1. Go to \HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\ CurentVersion\Winlogon. 2. Find the ShutdownWithoutLogon key and set the value to 0. Disabling LAN Manager Authentication LAN Manager authentication is an authentication system that allows Windows NT servers to work with Windows 95 and Windows 98 clients (as well as Windows for Workgroups). LAN Manager authentication schemes are significantly weaker than the NT authentica- tion systems and thus may allow an intruder to perform a brute-force attack on the en- crypted passwords using much less computing power. To force the use of NT authentication, follow these steps: 1. Go to \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa. 2. Find the LMCompatibilityLevel key. (You may have to create it. If so, it is of type REG_DWORD.) Set the value. The value you set depends upon your environment. There are six levels defined as follows: 0 This is the default level. Send both LAN Manager and NT responses. The system will never use NT version 2 session security. 1 Use NT version 2 session security if negotiated. 2 Send NT authentication only. 3 Send NT version 2 authentication only. 4 (Applies to Servers only) Server refuses LAN Manager authentication. 5 (Applies to Servers only) Server only accepts NT version 2 authentication and refuses all others. TEAMFLY Team-Fly ® Chapter 16: Windows NT Security Issues 311 NOTE: Before making the change to this Registry key, determine the operating requirements for your network. If you have Windows 95 or Windows 98 clients on your network, you must use levels 0 or 1. Also, Service Pack 4 or higher is required to use NT version 2 authentication. Restricting the Anonymous User Windows NT allows a null user session to access information such as the usernames on the system, groups, shares, and policy values. This null session uses a blank user name and a blank password. To restrict this ability, follow these steps: 1. Go to \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa. 2. Find the RestrictAnonymous key. (You may have to create it. If so, it is of type REG_DWORD.) Set the value to 1. NOTE: If your network has multiple NT domains or if you are using the Novell NDS, you may not be able to do this. See the Microsoft Knowledge Base (article Q143474) for more details. Restricting Remote Registry Access Tools like Regedit and Regedit32 can be used to read and edit the registries of remote computers. This can be done over a LAN (that is, within an organization) or over the Internet. To restrict this ability, follow these steps: 1. Go to \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ SecurePipeServers\WinReg. 2. Use Regedit32 to set the permissions on WinReg. The permissions should be Full Control to Administrators and System, Read to Everyone. System Configuration Settings Before a Windows NT system is ready for production, there are a number of system configuration settings that should be changed to increase the security of the system. These changes are in four primary areas: ▼ File systems ■ Network settings ■ Account settings ▲ Service packs and hot-fixes As a general rule, the specific settings should be governed by the organization’s security policy and system configuration requirements. 312 Network Security: A Beginner’s Guide File Systems All file systems on Windows NT systems should be converted to NTFS. Windows NT will establish FAT file systems by default. FAT file systems do not allow for file permissions; therefore, NTFS is better from a security point of view. If you have a FAT file system, you can use the program CONVERT to change it to NTFS. This program requires a reboot but it can be done with information already on the drive. Every Windows NT system creates administrative shares when it boots. These are the C$, D$, IPC$, ADMIN$, and NETLOGON (only found on domain controllers) shares. These shares can be used by an attacker to attempt to brute-force administrator pass - words because failed attempts against them do not trigger the failed login attempt lock - outs. Unfortunately, turning these off may have significant consequences to the operation of the system. For example, if the NETLOGON share is removed, no one can log on to the domain. This clearly defeats the purpose of the domain controller. If you choose to disable the administrative shares, there are two reasonable ways to do it: ▼ Install the Windows NT Policy Editor from the Resource Kit and use it to disable the administrative shares. However, doing this will disable all the shares except for IPC$. This may break remote backup programs. ▲ Use the AUTOEXNT program from the Resource Kit and add one line to the batch file for each share you wish to delete. The line to remove a share looks like: net share <share name> /delete Do this for each of the drive shares and the ADMIN share. NOTE: Removing the shares can have significant consequences to the way the Windows NT system or domain operates. Shares should only be removed with great care. When a system is built, it is often a good idea to create an Emergency Repair Disk (ERD). The ERD provides a way to recover the Registry and user database on a broken sys - tem. The ERD is more useful when the number of users is small and if the users on the system do not change often. For domain controllers, it is more useful to have good backups. When the ERD is created, Windows NT also creates a directory called %systemroot%\repair. This directory contains copies of the user database file (SAM file) as well as other impor - tant configuration files. Normally, when the system is in operation, the SAM file is not ac - cessible. However, if the repair directory is not properly secured, the backed up SAM file is accessible. Only administrators should have access to this directory. Network The network is a key part of any Windows NT deployment. Generally, domains are better than workgroups as they allow for a central user database and management. If domains are to be used, each domain should have a primary domain controller (PDC) and at least one backup domain controller (BDC). Large organizations may want to consider divid - ing the user community into multiple domains based on geographic divisions. NOTE: Dividing the user community into multiple domains is not really a security issue but provides for better performance in large organizations. When multiple domains exist within an organization, trust relationships are often es - tablished to allow users from one domain to access resources in another. From a security point of view, trust relationships should be kept to a minimum and the users who are allowed access across the domains should be tightly controlled. NetBIOS is enabled on Windows NT by default. There are many ways that detailed information about a Windows NT network can be gained through NetBIOS. However, NetBIOS also helps the Windows NT network work smoothly. NetBIOS should be turned off for any system that will be accessed from the Internet. To do this, go to the Control Panel and select Network. Select the Services Tab, highlight the NetBIOS Interface, and choose Remove (see Figure 16-2). Your system will need to be rebooted. It is also possible to add additional TCP/IP services (such as ECHO, Time, CHARGEN, and so on) to a Windows NT system. You do this from the Network Services tab by selecting Add and highlighting Simple TCP/IP Services. Do not do this. There is no reason to enable these services on a Windows NT system. Chapter 16: Windows NT Security Issues 313 Figure 16-2. Removing NetBIOS from a Windows NT system Account Settings Windows NT comes with two default accounts: administrator and guest. The guest ac - count should be disabled. In addition, I change the password on the guest account to something very long and very random just in case. The administrator account is an easy target for any brute-force attempts since it does not get locked out after a number of failed login attempts as user accounts may. This account should be renamed. Also, since every Windows NT workstation and server in the organization will have an administrator account that is local to that machine, a procedure should be established to define a pass - word for these accounts that is very strong. The password should be written down, sealed in an envelope, and stored in a locked cabinet. The password policy should be configured per the organization’s security policy. This is done by invoking the User Manager (or User Manager for Domains on the domain controller) and selecting Account Policy from the Policies menu to see the screen shown in Figure 16-3. This screen is used to define the following: ▼ Maximum and minimum password ages ■ Minimum password length ■ Password uniqueness ▲ The account lockout policy NOTE: The account lockout policy is used to prevent an attacker from conducting a brute-force attack to guess passwords. It can also be used to cause a denial-of-service condition to the entire user community. Therefore, it may be wise to consider the consequences of prolonged lockouts of the user community when setting this policy. The account lockout policy will not be enforced against the administrator account unless the PASSPROP utility from the Resource Kit is used. This utility will allow the administrator account to be locked out but it will never be locked out from the console. Service Packs and Hot-Fixes Service packs and hot-fixes are the terms Microsoft uses for new versions of software. Generally speaking, these new versions are good things as they fix bugs and security vul - nerabilities. Unfortunately, some of the service packs and hot-fixes have not worked properly and thus system administrators did not implement them. Service packs and hot-fixes should be implemented within an organization after ap - propriate testing. It is also important to understand that the order in which hot-fixes are installed is critical. If hot-fixes are installed in the wrong order, it is possible that one will negate the effects of another. The installation of some types of software may also affect the service packs and hot-fixes on a system. If the software requires the installation of files from the original Windows NT installation CD, it may overwrite the updates from service packs and hot-fixes. If this occurs, the service packs and hot-fixes should be reinstalled. 314 Network Security: A Beginner’s Guide Chapter 16: Windows NT Security Issues 315 USER MANAGEMENT The management of users on a Windows NT system is critical to the security of the sys - tem and the NT domain. You should have proper procedures in place within the organi - zation to identify the proper permissions each new user should receive. When an employee leaves the organization, you should also have established procedures to make sure that the employee loses access rights to the organization’s systems. Adding Users to the System Add new users to a system or domain through the User Manager. Select New User from the User pull-down menu to see the screen shown in Figure 16-4. Each user should have a unique user ID and his or her own account. If two users require the same access, then two accounts should be created and they should be placed in the same group. Under no circumstances should multiple users be given access to the same user ID. Figure 16-3. Windows NT Account Policy screen . appro- priate security functionality to be certified but it does not say anything about being secure for a particular environment. The certification is also provided to the system when it is not connected. is accessible. Only administrators should have access to this directory. Network The network is a key part of any Windows NT deployment. Generally, domains are better than workgroups as they allow for

Ngày đăng: 02/07/2014, 18:20

Mục lục

  • sample.pdf

    • sterling.com

      • Welcome to Sterling Software

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan