Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation.

Similar presentations


Presentation on theme: "PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation."— Presentation transcript:

1 PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation Guidelines As recommended by corporate officials, programmers and hackers. By William White

2 Introduction Windows NT is easy to secure, compared to some other systems.Windows NT is easy to secure, compared to some other systems. As long as you take some necessary steps, your system will be reasonably secure.As long as you take some necessary steps, your system will be reasonably secure.

3 Securing Windows NT consists of two main areas: Putting filters between your network and the Internet.Putting filters between your network and the Internet. Configuring workstations and servers against unauthorized access.Configuring workstations and servers against unauthorized access.

4 Filters for your Network Firewalls.Firewalls. Packet Filtering.Packet Filtering.

5 Firewalls Set your firewall to disable everything, then enable only the access you need.Set your firewall to disable everything, then enable only the access you need. Firewalls are effective, but they have two major problems:Firewalls are effective, but they have two major problems: 1) High cost.1) High cost. 2) It is hard for users on your network to access the Internet.2) It is hard for users on your network to access the Internet.

6 Packet Filtering Because much traffic goes through two ports, you can:Because much traffic goes through two ports, you can: 1) Enable packet filtering.1) Enable packet filtering. 2) Disable port 138, which handles UDP packets.2) Disable port 138, which handles UDP packets. 3) Disable port 139, which handles TCP packets.3) Disable port 139, which handles TCP packets.

7 Other Ports to Block with Packet Filtering Service Name Port Type Port Name DirectionService Name Port Type Port Name Direction FTP 20 tcp ftp-data incoming FTP 20 tcp ftp-data incoming FTP 21 tcp ftp incoming FTP 21 tcp ftp incoming Telnet 23 tcp telnet incoming Telnet 23 tcp telnet incoming Mail 25 tcp smtp incoming Mail 25 tcp smtp incoming NFS 111 tcp portmapper both NFS 111 tcp portmapper both NFS 111 udp portmapper both NFS 111 udp portmapper both Administration 161 udp snmp both Administration 161 udp snmp both Administration 162 udp snmp both Administration 162 udp snmp both

8 Disable Netbeui over TCP/IP. In control panel->network->bindings disable these:In control panel->network->bindings disable these: 1) NetBIOS Interface -> WINS Client(TCP/IP) -> ethernet.1) NetBIOS Interface -> WINS Client(TCP/IP) -> ethernet. 2) Server -> WINS Client(TCP/IP) -> ethernet.2) Server -> WINS Client(TCP/IP) -> ethernet. 3) Workstation -> WINS Client(TCP/IP) -> ethernet.3) Workstation -> WINS Client(TCP/IP) -> ethernet.

9 Configuring Workstations and Servers against Unauthorized Access: 1) Disable the Guest account.1) Disable the Guest account. 2) Rename Administrator account to something non-obvious.2) Rename Administrator account to something non-obvious. 3) Enable password lock-out user policy.3) Enable password lock-out user policy.

10 Configuration of Workstations and Servers -- continued: 4) Set up accounts with passwords for all local workstations.4) Set up accounts with passwords for all local workstations. 5) Use long, difficult to guess passwords.5) Use long, difficult to guess passwords. 6) Keep you administrative passwords known to a very minimal group of people.6) Keep you administrative passwords known to a very minimal group of people.

11 Configuration of Workstations and Servers -- continued: 7) Change your passwords regularly.7) Change your passwords regularly. 8) Create a backup administrative account, with some complicated password written somewhere outside of the computer system.8) Create a backup administrative account, with some complicated password written somewhere outside of the computer system. 9) Never keep passwords on the disk.9) Never keep passwords on the disk.

12 Configuration of Workstations and Servers -- continued: 10) Don't install FTP Server except for a very restricted area.10) Don't install FTP Server except for a very restricted area. Check if FTP User has permissions to other areas of the server. Check if FTP User has permissions to other areas of the server. 11) Don't use Telnet daemon at all.11) Don't use Telnet daemon at all. 12) Don't use your administrative passwords in any other place, neither in the computer, nor in real life.12) Don't use your administrative passwords in any other place, neither in the computer, nor in real life.

13 Configuration of Workstations and Servers -- continued: 13) Remove Share Permissions to the Everyone group.13) Remove Share Permissions to the Everyone group. 14) Remove Network Access for the Everyone group.14) Remove Network Access for the Everyone group. 15) If you use PERL for CGI programs, DO NOT put perl.exe into the web server's cgi bin directory.15) If you use PERL for CGI programs, DO NOT put perl.exe into the web server's cgi bin directory.

14 Configuration of Workstations and Servers -- continued: 16) Restrict FTP.16) Restrict FTP. 17) Implement APOP, if you use POP3.17) Implement APOP, if you use POP3. 18) Adjust RAS parameters.18) Adjust RAS parameters.

15 Configuration of Workstations and Servers -- continued: 19) Keep track of logons and security failures.19) Keep track of logons and security failures. 20) Check the security log regularly.20) Check the security log regularly. 21) Run the C2 Configuration Manager.21) Run the C2 Configuration Manager.

16 Configuration of Workstations and Servers -- continued: 22) Remove the Bypass Traverse Checking right from all user accounts.22) Remove the Bypass Traverse Checking right from all user accounts. 23) Install all NT Service Packs.23) Install all NT Service Packs.

17 Examples of Past Attacks on Windows NT: L0phtcrack 1.5 and the "PW Crack" attack -- 1997.L0phtcrack 1.5 and the "PW Crack" attack -- 1997. The "GetAdmin” program -- 1997.The "GetAdmin” program -- 1997. The "Red Button" attack -- 1997.The "Red Button" attack -- 1997.

18 Examples of Recent Attacks on Windows NT: IE5 Allows File Creation and Modification -- 8/24/1999.IE5 Allows File Creation and Modification -- 8/24/1999. The “Java VM Sandbox” attack -- 8/26/1999.The “Java VM Sandbox” attack -- 8/26/1999.

19 Close Microsoft releases many fixes for known problems in the form of Hotfixes, Service Packs and new Releases.Microsoft releases many fixes for known problems in the form of Hotfixes, Service Packs and new Releases. There is a tradeoff between Security and Usefulness.There is a tradeoff between Security and Usefulness. Vigilance is the price of Liberty.Vigilance is the price of Liberty.


Download ppt "PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation."

Similar presentations


Ads by Google