Making NT secure is possible

“People think NT is
unsecure, and it’s not. It’s the people who set it up,” Brezinski said.

“What I’m doing is not sexy,” Dominique Brezinski advised the people
coming in to hear his talk on attacking Microsoft Windows NT security. But they filled the
room anyway as he clicked his way through an NT server’s directories, gathering bits
of information as he went.

Brezinski, a network security expert at Secure Computing Corp. of Roseville, Minn.,
executed a script to probe the server, asking simple questions and making rudimentary
attempts at entry.

“This crap works,” Brezinski said as he collected user lists and password
policies. “And it’s not hard.”

Brezinski’s was one of the best-attended sessions at the Black Hat Briefings in
Las Vegas last month. Hundreds of network administrators and security managers from the
federal and private sectors showed up to learn about vulnerabilities in the operating
system that the federal government is rapidly adopting.

Brezinski did not blame Microsoft Corp. for the flaws. “People think NT is
unsecure, and it’s not,” he said. “It’s the people who set it

Karan Khanna, lead product manager on Microsoft’s NT security team, agreed with
Brezinski’s assessment.

“Unix is used by savvy administrators,” Khanna said. “NT, because of its
price point, has fanned out to a large group of people who don’t have the same

But that is cold comfort to managers charged with implementing NT. “It’s
a nightmare,” said Frank Tirado, a security officer for an Agriculture Department
research center.

The center is switching to NT Workstation on client machines and soon will install NT

Tirado, who did a lot of homework before he got started, said that anyone who installs
and uses NT out of the box is asking for trouble.

“Most people don’t know how easy it is to get in,” he said.

Implementing security is complicated by the nature of the research center’s work,
Tirado said.

The researchers resent constraints, he said.

“I think what we’re going to do is tighten it down a little and see who
squeaks, then tighten it down a little more,” he said.

Brezinski called TCP port 139 the biggest potential security hole in NT. When server
services are enabled on the port, anonymous connections can be authenticated and used to
probe the server.

“The easiest way to secure an NT box is to turn the server service off,” he

Once a hacker has made a connection, the easiest way to get inside the network still is
the time-honored method of “cracking stupid user-level accounts,” Brezinski

“Dumb passwords are the easiest way to get into an NT box,” he said. “
‘Password’ seems to get the most hits” in brute-force password attacks. In
a test on a 1,200-user system, he said, about 5 percent of the user passwords were simply

Administrators give little thought to NT security, Brezinski said, because the
operating system is easy to use out of the box.

Khanna said Microsoft’s next NT service pack will have a configuration editor to
automate some of the lock-down processes. It was planned for next year’s release of
NT 5.0 but will be released early because of user demand.

The company’s technical information centers also offer an NT security course, he

NT 5.0 will expand support for authentication protocols and encryption, and its
Lightweight Directory Access Protocol directory should ease deployment and management of
security policies, Khanna said. An encrypted file system will secure data on notebook
computers, so that thefts do not result in loss of information, he said.

Brezinski predicted even bigger security concerns for NT administrators down the road.

“If I had to guess where the big exploits are going to be in a year’s time,
they won’t be on the operating system,” he said. “They’re going to
come in back-end applications and distributed applications that have been put on top of

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.