windows nt based web security cosc 573 by:ying li
TRANSCRIPT
Windows NT Based Windows NT Based Web SecurityWeb Security
COSC 573COSC 573
By:By: Ying LiYing Li
Basic Concepts of Windows NTBasic Concepts of Windows NT
• AdvantagesAdvantages– User-friendly graphic front endUser-friendly graphic front end– Point-and-click configurationPoint-and-click configuration– Excellent software development toolsExcellent software development tools
• DisadvantagesDisadvantages– Relative newcomer to the InternetRelative newcomer to the Internet– A variety of security problemsA variety of security problems
Basic Concepts of Windows NTBasic Concepts of Windows NT
• Windows NT Server vs. NT WorkstationWindows NT Server vs. NT Workstation– Windows NT Server:Windows NT Server:
• More expensiveMore expensive
• has complete functionalityhas complete functionality
• can coordinate the activities of other machines, can coordinate the activities of other machines, provide remote access services, run Windows name provide remote access services, run Windows name resolution, and host the Internet Information Serverresolution, and host the Internet Information Server
– Windows NT WorkstationWindows NT Workstation• a water-down version of the Server producta water-down version of the Server product
• with most of the server functions disabledwith most of the server functions disabled– Microsoft Internet Information Server runs only on NT Microsoft Internet Information Server runs only on NT
ServerServer
– However, Web servers from other vendors run with the However, Web servers from other vendors run with the Workstation version of operating system, as wellWorkstation version of operating system, as well
From the point of view of system security, the From the point of view of system security, the main difference between the two flavors is that main difference between the two flavors is that NT Workstation comes with an undesirably NT Workstation comes with an undesirably permissive configuration, while NT Server is permissive configuration, while NT Server is stricter.stricter.
Basic Concepts of Windows NT (cont’)Basic Concepts of Windows NT (cont’)
Windows NT Security RisksWindows NT Security Risks
In theory, the Windows NT system of access control lists, In theory, the Windows NT system of access control lists, domains, and trust relationships provides a high level of domains, and trust relationships provides a high level of security. In practice, many NT server on the Internet are security. In practice, many NT server on the Internet are not secure. not secure.
How can this be?How can this be?
Widespread Misconfiguration ProblemsWidespread Misconfiguration Problems
• An out-of-the-box Windows NT Workstation An out-of-the-box Windows NT Workstation installation is not secure. installation is not secure. – Most of the system’s files and directories are read/write Most of the system’s files and directories are read/write
by by Everyone, Everyone, which means that any local user can which means that any local user can tamper with the system to his heart’s content. tamper with the system to his heart’s content.
– Because of the strange properties of the built-in Because of the strange properties of the built-in EveryoneEveryone group, there are a variety of ways for group, there are a variety of ways for unidentified Internet users to view and /or alter the unidentified Internet users to view and /or alter the system, as well.system, as well.
Widespread Misconfiguration Problems (Cont’)Widespread Misconfiguration Problems (Cont’)
• Windows NT Server, in contrast, has a more Windows NT Server, in contrast, has a more reasonable set of default permissions when first reasonable set of default permissions when first installed.installed.
• However, it still contains gaps in its configuration However, it still contains gaps in its configuration that allow for unwanted mischief. that allow for unwanted mischief.
• In practice, many Windows NT Servers are not In practice, many Windows NT Servers are not installed from scratch but are upgraded from installed from scratch but are upgraded from previous versions of Windows NT or from previous versions of Windows NT or from Windows 95. In such cases, the access control lists Windows 95. In such cases, the access control lists are probably at their least restrictive setting.are probably at their least restrictive setting.
Widespread Misconfiguration Problems (Cont’)Widespread Misconfiguration Problems (Cont’)
• An Additional problem for Windows NT:An Additional problem for Windows NT:
Windows NT actually supports two different file Windows NT actually supports two different file systems: FAT and NTFS. Only NTFS provides systems: FAT and NTFS. Only NTFS provides access control lists. Machines that use an FAT file access control lists. Machines that use an FAT file system have no file protection.system have no file protection.
Vulnerability to NetBIOS AttacksVulnerability to NetBIOS Attacks
• Concept:Concept: Windows NT uses a family of Windows NT uses a family of networking protocols, known collectively as networking protocols, known collectively as “NetBIOS,” to provide Windows file sharing, “NetBIOS,” to provide Windows file sharing, network printing, and remote system network printing, and remote system administrationadministration
• NetBIOS is network-independent. However, NetBIOS is network-independent. However, NetBIOS was designed with a local area network NetBIOS was designed with a local area network in mind, not large networks like the Internet.in mind, not large networks like the Internet.
• For this reason, it has certain vulnerabilities.For this reason, it has certain vulnerabilities.
NetBIOSNetBIOS VulnerabilityVulnerability• Information leakageInformation leakage
– NetBIOS will advertise information about a system’s shared NetBIOS will advertise information about a system’s shared volumes, workgroup name, domain name and machine name volumes, workgroup name, domain name and machine name without requiring the remote machine or user to authenticatewithout requiring the remote machine or user to authenticate
• Client-Controlled fallback to weaker authenticationClient-Controlled fallback to weaker authentication– In order to be compatible with less-capable operating systems, In order to be compatible with less-capable operating systems,
such as Windows for Workgroups, and Windows 95, NetBIOS will such as Windows for Workgroups, and Windows 95, NetBIOS will fall back to weaker authentication when a remote client requests it.fall back to weaker authentication when a remote client requests it.
• Anonymous log-inAnonymous log-in– NetBIOS allows a limited form of anonymous, unauthenticated NetBIOS allows a limited form of anonymous, unauthenticated
log-in. Designed to allow machines on the local area network to log-in. Designed to allow machines on the local area network to exchange information about themselves, this loophole has been exchange information about themselves, this loophole has been used by would-be intruders to gain access to sensitive parts of the used by would-be intruders to gain access to sensitive parts of the system, such as the registry.system, such as the registry.
Securing a Windows NT Web ServerSecuring a Windows NT Web Server1 Apply all service patchesApply all service patches
2 Fix the file system permissionsFix the file system permissions
3 Fix the registry access permissionsFix the registry access permissions
4 Remove or disable all extraneous network servicesRemove or disable all extraneous network services
5 Add the minimum number of user accounts necessary to Add the minimum number of user accounts necessary to maintain the servermaintain the server
6 Install the server software and adjust file and directory Install the server software and adjust file and directory permissions to restrict unnecessary accesspermissions to restrict unnecessary access
7 Remove or disable unnecessary Web server features, CGI Remove or disable unnecessary Web server features, CGI scripts, and extensionsscripts, and extensions
8 Monitor system and server log filesMonitor system and server log files
Apply All Service Packs and UpdatesApply All Service Packs and Updates
• Microsoft releases operating system patches Microsoft releases operating system patches called “service packs” at regular intervalscalled “service packs” at regular intervals
• These service packs contain patches for These service packs contain patches for known security holes in the operating known security holes in the operating system, as well as other bug fixes and system, as well as other bug fixes and feature enhancementsfeature enhancements
• Back up your system if it has any valuable Back up your system if it has any valuable data on itdata on it
Fix the File System and Registry PermissionsFix the File System and Registry Permissions
• After applying operating system patches, the next step is After applying operating system patches, the next step is to check and adjust the file system and registry to check and adjust the file system and registry permissionspermissions
• To get the benefit of file system permissions, you must To get the benefit of file system permissions, you must have formatted Windows NT disk partition as NTFShave formatted Windows NT disk partition as NTFS
• For fixing the file system, you should log into the system For fixing the file system, you should log into the system as as AdministratorAdministrator and use the and use the Properties -> Security -> Properties -> Security -> PermissionsPermissions window to change the access control lists window to change the access control lists
• For fixing the registry, like the file system, the keys and For fixing the registry, like the file system, the keys and values of the Windows registry are protected by access values of the Windows registry are protected by access control lists control lists
An An ExampleExample
• DirectoryDirectory C:\WINNT\PROFILES\DEFAULT_USERC:\WINNT\PROFILES\DEFAULT_USER
C:\WINNT\PROFILES\ALL_USERSC:\WINNT\PROFILES\ALL_USERS
OwnerOwner AdministratorAdministrator
Change contents tooChange contents too Files and subdirectoriesFiles and subdirectories
AdministratorsAdministrators Full controlFull control
SYSTEMSYSTEM Full controlFull control
Users Users ReadRead
Rationale:Rationale: These two directories contain common These two directories contain common preferences shared by all users. Users can view the preferences shared by all users. Users can view the defaults but not change themdefaults but not change them
User Rights PoliciesUser Rights Policies
• The Windows NT User Manager program The Windows NT User Manager program establishes certain global user rights. Some establishes certain global user rights. Some of the rights on a default installation are of the rights on a default installation are inappropriate for Web server machines; inappropriate for Web server machines; others are simply accident prone. To change others are simply accident prone. To change these rights, select Policies-> User Rights… these rights, select Policies-> User Rights… in the User Manager program to bring up in the User Manager program to bring up the User Rights Policy the User Rights Policy
Install Web Server SoftwareInstall Web Server Software
• If the software isn’t already preinstalled, go If the software isn’t already preinstalled, go ahead and install it by running whatever ahead and install it by running whatever install program the vendor provides.install program the vendor provides.
• The main task at this point is to tune the The main task at this point is to tune the directory permissions so that authorized directory permissions so that authorized users can make changes to the Web tree users can make changes to the Web tree without having to become full administrator without having to become full administrator to do soto do so
Turn off Unnecessary FeaturesTurn off Unnecessary Features • Microsoft IIS and other servers support a few Microsoft IIS and other servers support a few
optional features that potentially can be used by optional features that potentially can be used by unscrupulous individuals to gain information unscrupulous individuals to gain information about your system. Unless you really need these about your system. Unless you really need these features, you should turn them off.features, you should turn them off.– Directory Browsing Directory Browsing
– Read-Access to the Scripts DirectoryRead-Access to the Scripts Directory
– Execute-Access to Non-Scripts DirectoriesExecute-Access to Non-Scripts Directories
– Active Server PagesActive Server Pages
Monitor the Web Server and Event LogsMonitor the Web Server and Event Logs
• Both the Web server and Windows NT Both the Web server and Windows NT itself are capable of performing extensive itself are capable of performing extensive logging. Although the Web server logs are logging. Although the Web server logs are turned on by default, NT event logging turned on by default, NT event logging (“auditing”) is turned off. It is (“auditing”) is turned off. It is recommended to enable it.recommended to enable it.
Create a Backup SystemCreate a Backup System
• A recent and complete system-wide backup A recent and complete system-wide backup is essential for recovering from a break-inis essential for recovering from a break-in
• Even if your system isn’t broken into, a Even if your system isn’t broken into, a backup will allow you to recover from backup will allow you to recover from disasters, ranging from hard disk crash to disasters, ranging from hard disk crash to the accidental deletion of an essential filethe accidental deletion of an essential file
??