Making NT secure is possible
- By William Jackson
- Aug 31, 1998
People think NT is
unsecure, and its not. Its the people who set it up, Brezinski said.
What Im doing is not sexy, Dominique Brezinski advised the people
coming in to hear his talk on attacking Microsoft Windows NT security. But they filled the
room anyway as he clicked his way through an NT servers directories, gathering bits
of information as he went.
Brezinski, a network security expert at Secure Computing Corp. of Roseville, Minn.,
executed a script to probe the server, asking simple questions and making rudimentary
attempts at entry.
This crap works, Brezinski said as he collected user lists and password
policies. And its not hard.
Brezinskis was one of the best-attended sessions at the Black Hat Briefings in
Las Vegas last month. Hundreds of network administrators and security managers from the
federal and private sectors showed up to learn about vulnerabilities in the operating
system that the federal government is rapidly adopting.
Brezinski did not blame Microsoft Corp. for the flaws. People think NT is
unsecure, and its not, he said. Its the people who set it
Karan Khanna, lead product manager on Microsofts NT security team, agreed with
Unix is used by savvy administrators, Khanna said. NT, because of its
price point, has fanned out to a large group of people who dont have the same
But that is cold comfort to managers charged with implementing NT. Its
a nightmare, said Frank Tirado, a security officer for an Agriculture Department
The center is switching to NT Workstation on client machines and soon will install NT
Tirado, who did a lot of homework before he got started, said that anyone who installs
and uses NT out of the box is asking for trouble.
Most people dont know how easy it is to get in, he said.
Implementing security is complicated by the nature of the research centers work,
The researchers resent constraints, he said.
I think what were going to do is tighten it down a little and see who
squeaks, then tighten it down a little more, he said.
Brezinski called TCP port 139 the biggest potential security hole in NT. When server
services are enabled on the port, anonymous connections can be authenticated and used to
probe the server.
The easiest way to secure an NT box is to turn the server service off, he
Once a hacker has made a connection, the easiest way to get inside the network still is
the time-honored method of cracking stupid user-level accounts, Brezinski
Dumb passwords are the easiest way to get into an NT box, he said.
Password seems to get the most hits in brute-force password attacks. In
a test on a 1,200-user system, he said, about 5 percent of the user passwords were simply
Administrators give little thought to NT security, Brezinski said, because the
operating system is easy to use out of the box.
Khanna said Microsofts next NT service pack will have a configuration editor to
automate some of the lock-down processes. It was planned for next years release of
NT 5.0 but will be released early because of user demand.
The companys technical information centers also offer an NT security course, he
NT 5.0 will expand support for authentication protocols and encryption, and its
Lightweight Directory Access Protocol directory should ease deployment and management of
security policies, Khanna said. An encrypted file system will secure data on notebook
computers, so that thefts do not result in loss of information, he said.
Brezinski predicted even bigger security concerns for NT administrators down the road.
If I had to guess where the big exploits are going to be in a years time,
they wont be on the operating system, he said. Theyre going to
come in back-end applications and distributed applications that have been put on top of
William Jackson is a Maryland-based freelance writer.