Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows NT Based Web Security COSC 573 By:Ying Li.

Published byAubrey Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows NT Based Web Security COSC 573 By:Ying Li."— Presentation transcript:

1

2 Windows NT Based Web Security COSC 573 By:Ying Li

3 Basic Concepts of Windows NT AdvantagesAdvantages –User-friendly graphic front end –Point-and-click configuration –Excellent software development tools DisadvantagesDisadvantages –Relative newcomer to the Internet –A variety of security problems

4 Basic Concepts of Windows NT Windows NT Server vs. NT WorkstationWindows NT Server vs. NT Workstation –Windows NT Server: More expensiveMore expensive has complete functionalityhas complete functionality can coordinate the activities of other machines, provide remote access services, run Windows name resolution, and host the Internet Information Servercan coordinate the activities of other machines, provide remote access services, run Windows name resolution, and host the Internet Information Server

5 –Windows NT Workstation a water-down version of the Server producta water-down version of the Server product with most of the server functions disabledwith most of the server functions disabled –Microsoft Internet Information Server runs only on NT Server –However, Web servers from other vendors run with the Workstation version of operating system, as well From the point of view of system security, the main difference between the two flavors is that NT Workstation comes with an undesirably permissive configuration, while NT Server is stricter. Basic Concepts of Windows NT (cont’)

6 Windows NT Security Risks In theory, the Windows NT system of access control lists, domains, and trust relationships provides a high level of security. In practice, many NT server on the Internet are not secure. How can this be?

7 Widespread Misconfiguration Problems An out-of-the-box Windows NT Workstation installation is not secure.An out-of-the-box Windows NT Workstation installation is not secure. –Most of the system’s files and directories are read/write by Everyone, which means that any local user can tamper with the system to his heart’s content. –Because of the strange properties of the built-in Everyone group, there are a variety of ways for unidentified Internet users to view and /or alter the system, as well.

8 Widespread Misconfiguration Problems (Cont’) Windows NT Server, in contrast, has a more reasonable set of default permissions when first installed.Windows NT Server, in contrast, has a more reasonable set of default permissions when first installed. However, it still contains gaps in its configuration that allow for unwanted mischief.However, it still contains gaps in its configuration that allow for unwanted mischief. In practice, many Windows NT Servers are not installed from scratch but are upgraded from previous versions of Windows NT or from Windows 95. In such cases, the access control lists are probably at their least restrictive setting.In practice, many Windows NT Servers are not installed from scratch but are upgraded from previous versions of Windows NT or from Windows 95. In such cases, the access control lists are probably at their least restrictive setting.

9 Widespread Misconfiguration Problems (Cont’) An Additional problem for Windows NT:An Additional problem for Windows NT: Windows NT actually supports two different file systems: FAT and NTFS. Only NTFS provides access control lists. Machines that use an FAT file system have no file protection.

10 Vulnerability to NetBIOS Attacks Concept: Windows NT uses a family of networking protocols, known collectively as “NetBIOS,” to provide Windows file sharing, network printing, and remote system administrationConcept: Windows NT uses a family of networking protocols, known collectively as “NetBIOS,” to provide Windows file sharing, network printing, and remote system administration NetBIOS is network-independent. However, NetBIOS was designed with a local area network in mind, not large networks like the Internet.NetBIOS is network-independent. However, NetBIOS was designed with a local area network in mind, not large networks like the Internet. For this reason, it has certain vulnerabilities.For this reason, it has certain vulnerabilities.

11 NetBIOS Vulnerability Information leakageInformation leakage –NetBIOS will advertise information about a system’s shared volumes, workgroup name, domain name and machine name without requiring the remote machine or user to authenticate Client-Controlled fallback to weaker authenticationClient-Controlled fallback to weaker authentication –In order to be compatible with less-capable operating systems, such as Windows for Workgroups, and Windows 95, NetBIOS will fall back to weaker authentication when a remote client requests it. Anonymous log-inAnonymous log-in –NetBIOS allows a limited form of anonymous, unauthenticated log-in. Designed to allow machines on the local area network to exchange information about themselves, this loophole has been used by would-be intruders to gain access to sensitive parts of the system, such as the registry.

12 Securing a Windows NT Web Server 1Apply all service patches 2Fix the file system permissions 3Fix the registry access permissions 4Remove or disable all extraneous network services 5Add the minimum number of user accounts necessary to maintain the server 6Install the server software and adjust file and directory permissions to restrict unnecessary access 7Remove or disable unnecessary Web server features, CGI scripts, and extensions 8Monitor system and server log files

13 Apply All Service Packs and Updates Microsoft releases operating system patches called “service packs” at regular intervalsMicrosoft releases operating system patches called “service packs” at regular intervals These service packs contain patches for known security holes in the operating system, as well as other bug fixes and feature enhancementsThese service packs contain patches for known security holes in the operating system, as well as other bug fixes and feature enhancements Back up your system if it has any valuable data on itBack up your system if it has any valuable data on it

14 Fix the File System and Registry Permissions After applying operating system patches, the next step is to check and adjust the file system and registry permissionsAfter applying operating system patches, the next step is to check and adjust the file system and registry permissions To get the benefit of file system permissions, you must have formatted Windows NT disk partition as NTFSTo get the benefit of file system permissions, you must have formatted Windows NT disk partition as NTFS For fixing the file system, you should log into the system as Administrator and use the Properties -> Security -> Permissions window to change the access control listsFor fixing the file system, you should log into the system as Administrator and use the Properties -> Security -> Permissions window to change the access control lists For fixing the registry, like the file system, the keys and values of the Windows registry are protected by access control listsFor fixing the registry, like the file system, the keys and values of the Windows registry are protected by access control lists

15 An Example DirectoryC:\WINNT\PROFILES\DEFAULT_USERDirectoryC:\WINNT\PROFILES\DEFAULT_USERC:\WINNT\PROFILES\ALL_USERS OwnerAdministrator Change contents tooFiles and subdirectories AdministratorsFull control SYSTEMFull control Users Read Rationale: These two directories contain common preferences shared by all users. Users can view the defaults but not change them

16 User Rights Policies The Windows NT User Manager program establishes certain global user rights. Some of the rights on a default installation are inappropriate for Web server machines; others are simply accident prone. To change these rights, select Policies-> User Rights… in the User Manager program to bring up the User Rights PolicyThe Windows NT User Manager program establishes certain global user rights. Some of the rights on a default installation are inappropriate for Web server machines; others are simply accident prone. To change these rights, select Policies-> User Rights… in the User Manager program to bring up the User Rights Policy

17 Install Web Server Software If the software isn’t already preinstalled, go ahead and install it by running whatever install program the vendor provides.If the software isn’t already preinstalled, go ahead and install it by running whatever install program the vendor provides. The main task at this point is to tune the directory permissions so that authorized users can make changes to the Web tree without having to become full administrator to do soThe main task at this point is to tune the directory permissions so that authorized users can make changes to the Web tree without having to become full administrator to do so

18 Turn off Unnecessary Features Microsoft IIS and other servers support a few optional features that potentially can be used by unscrupulous individuals to gain information about your system. Unless you really need these features, you should turn them off.Microsoft IIS and other servers support a few optional features that potentially can be used by unscrupulous individuals to gain information about your system. Unless you really need these features, you should turn them off. –Directory Browsing –Read-Access to the Scripts Directory –Execute-Access to Non-Scripts Directories –Active Server Pages

19 Monitor the Web Server and Event Logs Both the Web server and Windows NT itself are capable of performing extensive logging. Although the Web server logs are turned on by default, NT event logging (“auditing”) is turned off. It is recommended to enable it.Both the Web server and Windows NT itself are capable of performing extensive logging. Although the Web server logs are turned on by default, NT event logging (“auditing”) is turned off. It is recommended to enable it.

20 Create a Backup System A recent and complete system-wide backup is essential for recovering from a break-inA recent and complete system-wide backup is essential for recovering from a break-in Even if your system isn’t broken into, a backup will allow you to recover from disasters, ranging from hard disk crash to the accidental deletion of an essential fileEven if your system isn’t broken into, a backup will allow you to recover from disasters, ranging from hard disk crash to the accidental deletion of an essential file

21 ?

Download ppt "Windows NT Based Web Security COSC 573 By:Ying Li."

Similar presentations

Your Definitive Lockdown Guide

Your Definitive Lockdown Guide
Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Test Review. What is the main advantage to using shadow copies?

Test Review. What is the main advantage to using shadow copies?

Similar presentations

Ads by Google