Windows NT Based Web Security COSC 573 By:Ying Li.

Slides:



Advertisements
Similar presentations
Your Definitive Lockdown Guide
Advertisements

Module 1: Installing Windows XP Professional
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Test Review. What is the main advantage to using shadow copies?
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Working with Workgroups and Domains
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Copyright 2000 eMation SECURITY - Controlling Data Access with
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Troubleshooting Windows Vista Security Chapter 4.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Securing ColdFusion and IIS David T Watts, CTO, Fig Leaf Software 28 July 2001.
Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
TCOM Information Assurance Management System Hacking.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Deploying Software with Group Policy Chapter Twelve.
Free Powerpoint Templates Page 1 Free Powerpoint Templates Users and Documents.
NetTech Solutions Security and Security Permissions Lesson Nine.
Understand Permissions LESSON Security Fundamentals.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.
HNC COMPUTING - Network Concepts 1 Network Concepts Network Concepts Network Operating Systems Network Operating Systems.
1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
Module 9: Preparing to Administer a Server
Chapter 6 Application Hardening
Network Operating Systems Examples
Microsoft FrontPage 2003 Illustrated Complete
Lesson 16-Windows NT Security Issues
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Chapter 9: Managing Groups, Folders, Files, and Object Security
PLANNING A SECURE BASELINE INSTALLATION
Module 9: Preparing to Administer a Server
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Windows NT Based Web Security COSC 573 By:Ying Li

Basic Concepts of Windows NT AdvantagesAdvantages –User-friendly graphic front end –Point-and-click configuration –Excellent software development tools DisadvantagesDisadvantages –Relative newcomer to the Internet –A variety of security problems

Basic Concepts of Windows NT Windows NT Server vs. NT WorkstationWindows NT Server vs. NT Workstation –Windows NT Server: More expensiveMore expensive has complete functionalityhas complete functionality can coordinate the activities of other machines, provide remote access services, run Windows name resolution, and host the Internet Information Servercan coordinate the activities of other machines, provide remote access services, run Windows name resolution, and host the Internet Information Server

–Windows NT Workstation a water-down version of the Server producta water-down version of the Server product with most of the server functions disabledwith most of the server functions disabled –Microsoft Internet Information Server runs only on NT Server –However, Web servers from other vendors run with the Workstation version of operating system, as well From the point of view of system security, the main difference between the two flavors is that NT Workstation comes with an undesirably permissive configuration, while NT Server is stricter. Basic Concepts of Windows NT (cont’)

Windows NT Security Risks In theory, the Windows NT system of access control lists, domains, and trust relationships provides a high level of security. In practice, many NT server on the Internet are not secure. How can this be?

Widespread Misconfiguration Problems An out-of-the-box Windows NT Workstation installation is not secure.An out-of-the-box Windows NT Workstation installation is not secure. –Most of the system’s files and directories are read/write by Everyone, which means that any local user can tamper with the system to his heart’s content. –Because of the strange properties of the built-in Everyone group, there are a variety of ways for unidentified Internet users to view and /or alter the system, as well.

Widespread Misconfiguration Problems (Cont’) Windows NT Server, in contrast, has a more reasonable set of default permissions when first installed.Windows NT Server, in contrast, has a more reasonable set of default permissions when first installed. However, it still contains gaps in its configuration that allow for unwanted mischief.However, it still contains gaps in its configuration that allow for unwanted mischief. In practice, many Windows NT Servers are not installed from scratch but are upgraded from previous versions of Windows NT or from Windows 95. In such cases, the access control lists are probably at their least restrictive setting.In practice, many Windows NT Servers are not installed from scratch but are upgraded from previous versions of Windows NT or from Windows 95. In such cases, the access control lists are probably at their least restrictive setting.

Widespread Misconfiguration Problems (Cont’) An Additional problem for Windows NT:An Additional problem for Windows NT: Windows NT actually supports two different file systems: FAT and NTFS. Only NTFS provides access control lists. Machines that use an FAT file system have no file protection.

Vulnerability to NetBIOS Attacks Concept: Windows NT uses a family of networking protocols, known collectively as “NetBIOS,” to provide Windows file sharing, network printing, and remote system administrationConcept: Windows NT uses a family of networking protocols, known collectively as “NetBIOS,” to provide Windows file sharing, network printing, and remote system administration NetBIOS is network-independent. However, NetBIOS was designed with a local area network in mind, not large networks like the Internet.NetBIOS is network-independent. However, NetBIOS was designed with a local area network in mind, not large networks like the Internet. For this reason, it has certain vulnerabilities.For this reason, it has certain vulnerabilities.

NetBIOS Vulnerability Information leakageInformation leakage –NetBIOS will advertise information about a system’s shared volumes, workgroup name, domain name and machine name without requiring the remote machine or user to authenticate Client-Controlled fallback to weaker authenticationClient-Controlled fallback to weaker authentication –In order to be compatible with less-capable operating systems, such as Windows for Workgroups, and Windows 95, NetBIOS will fall back to weaker authentication when a remote client requests it. Anonymous log-inAnonymous log-in –NetBIOS allows a limited form of anonymous, unauthenticated log-in. Designed to allow machines on the local area network to exchange information about themselves, this loophole has been used by would-be intruders to gain access to sensitive parts of the system, such as the registry.

Securing a Windows NT Web Server 1Apply all service patches 2Fix the file system permissions 3Fix the registry access permissions 4Remove or disable all extraneous network services 5Add the minimum number of user accounts necessary to maintain the server 6Install the server software and adjust file and directory permissions to restrict unnecessary access 7Remove or disable unnecessary Web server features, CGI scripts, and extensions 8Monitor system and server log files

Apply All Service Packs and Updates Microsoft releases operating system patches called “service packs” at regular intervalsMicrosoft releases operating system patches called “service packs” at regular intervals These service packs contain patches for known security holes in the operating system, as well as other bug fixes and feature enhancementsThese service packs contain patches for known security holes in the operating system, as well as other bug fixes and feature enhancements Back up your system if it has any valuable data on itBack up your system if it has any valuable data on it

Fix the File System and Registry Permissions After applying operating system patches, the next step is to check and adjust the file system and registry permissionsAfter applying operating system patches, the next step is to check and adjust the file system and registry permissions To get the benefit of file system permissions, you must have formatted Windows NT disk partition as NTFSTo get the benefit of file system permissions, you must have formatted Windows NT disk partition as NTFS For fixing the file system, you should log into the system as Administrator and use the Properties -> Security -> Permissions window to change the access control listsFor fixing the file system, you should log into the system as Administrator and use the Properties -> Security -> Permissions window to change the access control lists For fixing the registry, like the file system, the keys and values of the Windows registry are protected by access control listsFor fixing the registry, like the file system, the keys and values of the Windows registry are protected by access control lists

An Example DirectoryC:\WINNT\PROFILES\DEFAULT_USERDirectoryC:\WINNT\PROFILES\DEFAULT_USERC:\WINNT\PROFILES\ALL_USERS OwnerAdministrator Change contents tooFiles and subdirectories AdministratorsFull control SYSTEMFull control Users Read Rationale: These two directories contain common preferences shared by all users. Users can view the defaults but not change them

User Rights Policies The Windows NT User Manager program establishes certain global user rights. Some of the rights on a default installation are inappropriate for Web server machines; others are simply accident prone. To change these rights, select Policies-> User Rights… in the User Manager program to bring up the User Rights PolicyThe Windows NT User Manager program establishes certain global user rights. Some of the rights on a default installation are inappropriate for Web server machines; others are simply accident prone. To change these rights, select Policies-> User Rights… in the User Manager program to bring up the User Rights Policy

Install Web Server Software If the software isn’t already preinstalled, go ahead and install it by running whatever install program the vendor provides.If the software isn’t already preinstalled, go ahead and install it by running whatever install program the vendor provides. The main task at this point is to tune the directory permissions so that authorized users can make changes to the Web tree without having to become full administrator to do soThe main task at this point is to tune the directory permissions so that authorized users can make changes to the Web tree without having to become full administrator to do so

Turn off Unnecessary Features Microsoft IIS and other servers support a few optional features that potentially can be used by unscrupulous individuals to gain information about your system. Unless you really need these features, you should turn them off.Microsoft IIS and other servers support a few optional features that potentially can be used by unscrupulous individuals to gain information about your system. Unless you really need these features, you should turn them off. –Directory Browsing –Read-Access to the Scripts Directory –Execute-Access to Non-Scripts Directories –Active Server Pages

Monitor the Web Server and Event Logs Both the Web server and Windows NT itself are capable of performing extensive logging. Although the Web server logs are turned on by default, NT event logging (“auditing”) is turned off. It is recommended to enable it.Both the Web server and Windows NT itself are capable of performing extensive logging. Although the Web server logs are turned on by default, NT event logging (“auditing”) is turned off. It is recommended to enable it.

Create a Backup System A recent and complete system-wide backup is essential for recovering from a break-inA recent and complete system-wide backup is essential for recovering from a break-in Even if your system isn’t broken into, a backup will allow you to recover from disasters, ranging from hard disk crash to the accidental deletion of an essential fileEven if your system isn’t broken into, a backup will allow you to recover from disasters, ranging from hard disk crash to the accidental deletion of an essential file

?