Hardening Systems Windows NT.pptVIP

Hardening Systems: Windows NT Stephen M. Nugen, CISSP NebraskaCERT smnugen@ Introduction Purpose Discuss Windows NT-specific InfoSec issues Provide pointers to specific checklists, etc. Focus Windows NT 4.0 Still outselling Windows 2K Next year: Windows 2K and/or Whistler (- .NET) Server and Workstation versions Broad rather than deep... Consider multiple areas of vulnerability Some topics just too hard or too site-specific to cover with everything else... Understanding the “why” behind the vulnerability, mitigation Preparing for multiple variations on a theme InfoSec is the journey that never ends Introduction cont’d Caveat Presenting and discussing information gleamed from multiple sources Sources believed to be reliable Some sources old... some details may be OBE depending on what service packs, patches, hot-fixes have been installed at your site Some, but not all of these have been tested Limitations of any single presenter... IMPORTANT USE THESE NOTES ONLY AS IDEAS FOR FURTHER STUDY POINTS OF REFERENCE... KEYWORDS FOR SEARCHING TECHNET, MSDN, ETC. CHANGES TO REGISTRY VERY DANGEROUS BACKUP REGISTRY FIRST EXPLORE WITH REGEDT32.EXE... USE OPTIONS | READ-ONLY DON’T TRUST NUGEN’S SPELLING, TYPE, OR VALUE FOR ANY PARTICULAR REGISTRY KEY, ETC LOOK IT UP Introduction cont’d Assumed Already understand InfoSec basics Already understand Windows NT basics Style Very informal Questions and suggestions welcome anytime Now Later If need the source for any specific suggestion/topic, send email to nt-sec@ Ask about abbreviations... like HKLM = HKEY_LOCAL_MACHINE HKCU = HKEY_CURRENT_USER Introduction cont’d Structure Accounts Resources Auditing Services Network Other OBE Exploits Sources Accounts Password Restrictions Passwords should expire after xx days to limit scope of compromised password Password length 12 characters For W9X systems, password length of 8 very bad since encrypted in 7-byte chunks Password uniqueness Don’t keep reusing compromised passwords Set Passwo