Download presentation
Presentation is loading. Please wait.
Published byGwendoline Murphy Modified over 9 years ago
1
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities
2
Computer Security and Penetration Testing2 Objectives Describe the windows operating systems Explain the vulnerabilities of Windows Server 2008/XP/Vista/7/8
3
Computer Security and Penetration Testing3 Windows Operating System Windows XP Windows Vista Windows Server 2008 Windows 7 Windows 8
4
Computer Security and Penetration Testing4 Vulnerabilities in Windows 2008/XP/Vista/7/8 All of these operating systems are useful for building large corporate networks All three have good networking features and user- friendly interfaces –Microsoft continues to support these with new security patches Not remotely secure with default installation settings
5
Computer Security and Penetration Testing5 Passwords Security of passwords is very important to the security of any system –Encryption algorithms and hash values are used to secure them Easiest way to break password security –Use a password-burning program, which can set the administrator password to a blank Windows 2000 and later applications store passwords in the form of hash values –Database called Security Accounts Manager (SAM)
6
Computer Security and Penetration Testing6 Passwords (continued) Operating system locks the SAM database –Making it impossible to read the SAM database from within a Windows operating system Hackers are able to crack these passwords by using password-cracking tools Hackers can import passwords from the Windows registry Hackers might also copy the SAM database and use the password cracker on the file
7
Computer Security and Penetration Testing7 Passwords (continued) Microsoft utility SYSKEY –Safeguards passwords from cracking activities –Encrypts passwords with a 128-bit algorithm, making it very difficult to crack Newer password crackers like Cain and Abel can crack 128-bit encryption pwdump3 gives remote access to the SAM database –On a computer in which the SYSKEY utility is active –Hackers need to have administrator privileges
8
Computer Security and Penetration Testing8 Default Accounts Default “Administrator” account –Default password is blank Nobody can delete the administrator account from a Windows computer –Possible to change the password Users can change the name from Administrator to something else –Then, make a new account named Administrator but give it no special access privileges
9
Computer Security and Penetration Testing9 Default Accounts (continued) Default “Guest” account –Allows nonregular users to access the system –Default password is blank Default “default” account –Has full administrative rights at installation Default accounts make a password cracker’s life much easier
10
Computer Security and Penetration Testing10 File Sharing In Windows, users can share files in a folder –Select the “Share this folder” option to enable the sharing feature To set the permissions more tightly, click the Permission button in the Properties dialog box Access can be restricted based on user or group
11
Computer Security and Penetration Testing11 Windows Registry Windows 95 was the first version of Windows to use a registry One critical vulnerability in the registry is related to the registry information about an action performed by a user during login Windows registry maintains this information in a key called –HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\ CurrentVersion\Run
12
Computer Security and Penetration Testing12 Windows Registry (continued) Automatically, every user of a Windows 2000 and XP computer has a “SetValue” access to this registry key “Set Value” access lets any user who has access to the system, make modifications –A user who does not have administrator privileges can alter this key to obtain unauthorized access
13
Computer Security and Penetration Testing13 Trust Relationship Trust relationship –Allows the authenticated users of a Windows domain to access resources on another domain, without being authenticated by it Operating systems authenticate users –By means of verifying their Security Identifiers (SIDs) in the access control list Access control lists store SIDs and the user rights related to each SID –Resources maintain an access control list
14
Computer Security and Penetration Testing14 Trust Relationship (continued) A trusting domain allows the trusted domain to authenticate users Cracker can hack a network and add unauthorized SIDs into that domain’s ACL Hackers require administrator privileges on the trusted domain in order to exploit this –Furthermore, they need strong technical knowledge Microsoft provides patch programs for Windows 2000, known as SID filters, that solve this issue
15
Computer Security and Penetration Testing15 RPC Service Failure Remote Procedure Call (RPC) service of Windows –Does not validate inputs that are submitted to it for processing Hackers can easily send RPC requests with invalid inputs –Invalid inputs lead to the system services stopping for a period of time
16
Computer Security and Penetration Testing16 Summary Microsoft Windows is the most common preinstalled operating system in the world The security of the applications running on a computer is dependent on the security of the operating system The belief that Windows is less secure than other operating systems stems in part from the sheer ubiquity of Windows and from the philosophy underlying the design of the original Windows systems
17
Computer Security and Penetration Testing17 Summary (continued) Vulnerabilities affecting one or more of these systems include password security, default accounts, file sharing defaults, Windows registry security defaults, trust relationships between domains, Event Viewer buffer overflow, NBNS protocol spoofing, RPC service failure, SMTP authentication, Telnet vulnerabilities, IP fragments reassembly, and Reset-Browser frame vulnerability Although Vista places a greater emphasis on security than its predecessors, some vulnerabilities exist
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.