exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

nt.security.check.part1.txt

nt.security.check.part1.txt
Posted Feb 29, 2000
Authored by Slash | Site b0f.com

Evaluating the security of a NT system. Includes security tips, logging options, and more.

SHA-256 | a0766d9e54d84ea3d83a5bb9053d2b3629b6c1e62ee62709fb52e33c6679ae23

nt.security.check.part1.txt

Change Mirror Download
Windows NT Security Check Part I

by slash
tcsh@b0f.i-p.com

Introduction
------------

What do you do when you face the task of evaluating the security of a Windows NT system?
The only thing You can do is to manually evaluate the security of a system. Although this
can be a daunting task, you will find it a little easier if you follow the steps provided here.
This discussion provides quick steps for analyzing the basic security of a server.


Short Tips
----------

The following settings can serve as the basis for building a very secure system even if they
don't necessarily apply to a network server.

- All drives on the system must be formatted for the NT File System, not the FAT file system.
To check drive status in Windows NT 4.0, right-click on the drive and choose Properties.

- The Security Log should not overwrite old events. To check this, open the Event Viewer and
choose Log Settings from the Log menu. The option called "Do Not Overwrite Events (Clear Log
Manually)" should be enabled.

- Check Your logs daily. They tell a lot if an intruder tried to brake in.

- Do not allow blank passwords. It allows a hacker to get into the system and easily gain
administrator privileges. To check this, open the User Manager for Domains and choose
Account from the Policies menu and disable Permit Blank Passwords in the Minimum Password
Length field. This will require that you choose the "At Least x Characters" field and specify
a value for x.

- Disable the Guest account. In the User Manager, double-click on the Guest account and put
a check mark on the item called "Account Disabled." Having a Guest account means getting
hacked. Leave it only if that's absolutely necessary.

- Disable NetBIOS over TCP/IP network bindings where ever you can.

- Block all non-essential TCP/IP ports, especially UDP 137 and 138 and TCP 139. This may save
You from some DoS attacks.


Logging Options
---------------

Another good thing is to enable the Account Lockout option to prevent unauthorized users from
attempting to access the system by guessing passwords or brute forcing it. For optimum
security, never run the server with this option disabled. Set the following options as
appropriate:

- Lockout after x bad logon attempts. Set x to 3 to 4.

- Reset Count After x minutes Set to approximately 20 minutes to avoid unnecessary lockouts.

- Forcibly disconnect remote users from server when logon hours expire Set this option to
prevent after-hours activities or disconnect systems that were left on

- User must log on in order to change password Set this option to prevent users whose passwords
have expired from logging on. The administrator must change the password.


User Accounts
-------------

After You setup the domain account, check the status of each user account and group
in the User Manager. Check these options as follows:

- It's a good thing to check the password options. Should the user be able to change the
password? Does the password never expire? Is this account disabled? If it is disabled,
has the user left the company? If so, consider removing the account.

- Click the Groups button to determine which groups the user belongs to. Is membership in these
groups appropriate for the user? What rights and permissions does the user obtain from the
groups? What access does the group have to other domains?

- Click the Hours button to evaluate the times that the user can access the network. Make sure
no one can log on after hours if that is your policy.

- Click the Logon To button to evaluate which computers the user can log on to. Make sure
that no one can log on from a computer in an unsupervised area.

- Check for old user accounts and remove them.

- When setting up temporary accounts be sure to set an expiration date for the account, and
assign rights and permissions carefully.


Conclusion
----------

In this issue I explained how to improve security by taking care of user accounts and logging
options. Follow them step by step to help secure Your server. If You don't take care of Your
system, who will ? In the next issue I'm planing to explain user rights on a NT system, give
You some short tips about user groups and help You to setup the Administrators account for best
performance and security. Feel free to discuss any of these topics on Default webboard (http://net-security.org/webboard.htm).

More to come in Part II of "Windows NT Security Check"



Default newsletter (http://default.net-security.org)

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close