NT Security

Planning on improving your Windows NT/2000

NT Exploits
There are a number of NT Security Exploits that are well-known and widely used in the hacker community.

• NT-getadmin-exploit
• NT-L0phtCrack-exploit
• NT-redbutton-exploit
• Windows 2000 IIS 5.0 "Unchecked Buffer in ISAPI Extension" exploit

...are just a few of the better-known ones. With these tools, a cracker can add users to the Administrators group, or completely crash an NT system (as seen in a program known as NTCrash). Worse, some variations of the getadmin exploit still work even after installing the hotfix that Microsoft originally said fixed the problem!  Even so, we recommend that you load the latest HOTFIX. And be sure to read the README file and KB article as well.

What Can you do?
When configuring your network and addressing security issues, be thorough in your investigations. Cover all the bases!

See Microsoft's HOTFIX section for the latest updates. Service Pack 6a, for example, is a cumulative upgrade that includes all of the hotfixes and updates found in previous NT service packs. If you don't like to be on the bleeding edge with NT Service Packs (and many server administrators with a currently stable system are loathed to make changes) we'd recommend upgrading to SP5 at the very least. It addressed the following issues:

• Active Accessibility Support
• Improved DCOM/HTTP Tunneling
• Euro key patch
• Internet Group Management Protocol (IGMP) version 2
• Microsoft File and Print Service for NetWare (FPNW) Support for Client32
• Proquota.exe to monitor size of users' profiles
• Year 2000 (Y2K) fixes
• Internet Explorer 4.01 Service Pack 2
• Windows NT 4.0 Option Pack fixes
• Security Configuration Manager (SCM)
• DHCP/WINS/DNS improvements and upgrades
• Secure Channel enhancements

Service Pack 6a is available at download.microsoft.com

To learn more about new NT security concerns, subscribe to NTSD.

Windows 2000 Security
Ars Technica has published a good starting point to Windows 2000 security in its article entitled first steps to security. We'd also recommend a visit to grc.com, to evaluate your system's security. If you want a "quick fix" method of improving your Windows 2000 security, Symantec's Norton Internet Security 2001 is a good start. With proper configuration, it closes of all the insecure ports listed in GRC.com's port scanning section.

ICQ issues
Encryption Software has released a freeware program entitled ICQ Password Revealer that does just that -- it is, says the company, a demonstration of just how insecure ICQ (a popular instant messaging utility) really is. It pulls the password out of the program's NEWDB directory, where it is stored, completely unencrypted.

For further Reading

• Visit NTSecurity.Net
• TCP: Practical Guide To Network Security