Transcript Windows NT Security

By Daniel Grim
Outline
• What Is Windows NT?
• IPSEC/Windows Firewall
• NTFS File System
• Registry Permissions
• Managing User Accounts
• Conclusion
What is Windows NT?
• First version 3.1 released July 27, 1993 alongside the existing Windows 3.1
OS
• Windows NT uses a hybrid kernel which was designed to replace the
monolithic kernel used in DOS and the Windows 95/98 series
• Provides both server and client versions
• Includes all versions of Windows from Windows 2000 forward, including
Windows 8 and Windows Server 2012
• Designed to allow multiple users to run applications on the same
computer simultaneously and to allow users to run applications with
alternate credentials
Windows Firewall/IPSEC
• Windows 2000 included an Local Security policy management snap-in for
MMC(Microsoft Management Console)
• Allows users to specify rules for both inbound and outbound connections
from the workstation or server to other computers
• IP Security policy editor is not available in Home or Starter editions of
newer Windows versions
• Windows XP SP2 introduced similar functionality in the Windows Firewall
feature for Home and Starter editions
IPSEC Policies
Run secpol.msc or use Control Panel Administrative Tools to access
IPSEC Policies
• Can allow or deny access to specific ports for outbound or inbound traffic
• Can hide the presence of a server on the network by blocking incoming
traffic without sending a network reset response back to the client
• Can block commonly abused protocols such as ICMP (used for ping)
• Resource kits for select Windows versions provide a command-line tool
called ipsecpol.exe to manage policies
Windows XP/Vista/7 Firewall
Accessed via Control Panel
Windows XP/Vista/7 Firewall
• Provides all functionality of Windows 2000 IPSEC policies and some new
features
• Allows the user to give specific rules to individual programs
• Can setup a policy to deny network access to all programs that are not
whitelisted
• IPSEC policy editor can be accessed in Professional and Enterprise
editions of Windows 7/8 also
NT File System (NTFS)
• More secure than FAT file systems
• Default File System for Windows 2000 and above installer, though those
operating systems still support FAT
• Allows every file on the file system to have permissions assigned to it
specifying who can access/modify a file or directory
• Supports encrypted files and directories
• Command-line utility (cacls.exe) available as well as GUI interface for
managing permissions
Registry Permissions
• Windows NT registry editor provides similar permissions settings to the
NTFS file system options
• On earlier version of NT, up to and including 2000, Regedt32.exe is used
to set permissions for registry keys
• In newer releases the standard regedit.exe is used to set registry key
permissions
• This feature allows an administrator to specify exactly which users should
be able to modify certain parts of the windows registry
• Certain registry keys should only be writable by Administrators, but
readable by all users
• Example:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run
Managing User Accounts and Groups
• Can place users in multiple groups to be used to assign different security
permissions
• Default Groups are Administrators and Users
• Accounts can be managed using the User Accounts option in Control
Panel or using a command-line utility: net.exe user /?
• Groups can also be managed using these same tools, but the commandline for local groups is: net.exe localgroup /?
• Account policies such as password length, password requirement and other
requirements can be set in the Local Security Policy Settings in Professional,
Enterprise, and Server versions
Managing User Accounts and Groups
• There are two default accounts which exist on every Windows NT
workstation machine, they are Administrator and Guest
• Accounts that are not needed, such as Guest, can be deactivated using
either control panel or the command-line utilities
• Accounts should be set to require a password using these utilities,
especially those with administrative privileges
Conclusion
• Windows NT provides many tools for workstation security
• Windows NT can be a very secure OS when these tools are implemented
properly
• These tools can be used to control access to files, registry keys, and even
network ports or protocols without any additional software needing to be
installed with the OS
• Many other tools are available within the OS, especially in the Server
editions, but the tools covered in this presentation are essential for taking
the first steps to secure a system running Windows NT
Questions?
References
• A History of Windows – Microsoft Windows –
http://windows.microsoft.com/en-us/windows/history#T1=era3
• Using IPSEC to Lock Down a Server - http://technet.microsoft.com/enus/library/bb726948.aspx
• Applying permissions to a Windows registry key http://www.sophos.com/en-us/support/knowledgebase/13811.aspx
• Local Security Policy Editor – Windows 7 Help Forums http://www.sevenforums.com/tutorials/7357-local-security-policy-editoropen.html
• Hybrid Kernel – Wikipedia http://en.wikipedia.org/wiki/Hybrid_kernel#NT_kernel