Limit network logons for privileged users. This practice helps prevent password guessing attacks against the Administrator account, and it minimizes the threat of an administrative account compromise. Also, limit network and local logons to users and groups that require access to a particular computer. This practice helps contain breached accounts because it limits the number of machines that an attacker can log on to and try to elevate the account privileges.
Do not use domain accounts for services. Otherwise, anyone with administrator privileges on the machine where you install the service can obtain the password and username for the account the service is running under. Use nonadministrative local accounts to run services that do not need administrative privileges. Microsoft is addressing the service password problem, but limiting services to local accounts helps contain the breach to one machine if the service is compromised.
Minimize implied trust relationships between machines: Give different passwords to local accounts that exist on different machines but have the same name. Explain to users that shared passwords compromise security.
If the administrator needs to log on remotely, use passprop.exe in the Microsoft Windows NT Server 4.0 Resource Kit to enable account lockout for the Administrator account. You can also create a different account with administrator privileges, enable account lockout, and disable network logons for the Administrator account.
If machines using file- and print-sharing services are running NT 4.0, upgrade to SP3 and require SMB message signing. Message signing protects the integrity and authentication of remote administration and file sharing, but it does not provide privacy (i.e., encryption). Use message signing if you perform remote administration of servers and workstations.
If a machine has available shares, make sure the underlying file permissions grant access to only appropriate users and groups. If you maintain appropriate file permissions, you reduce the risk of users inadvertently accessing restricted files.
Turn on auditing. In most environments, a good compromise between security and performance is to enable success and failure auditing of logons and logoffs; user and group management; security policy changes; and restart, shutdown, and system events. In high-risk environments, enable auditing for process tracking and selective file and object access.
You can tighten the default file and Registry permissions in NT 4.0. (For more information about securing NT installations, refer to Steve Sutton's Windows NT Security Guide, available at http://www.trustedsystems.com.) Set file and Registry permissions to limit access to users and groups that need access.
If physical security is less than optimal, disable the ability to boot from devices other than the fixed hard drive. Several boot disks and utilities let you edit data on the hard drive to change account passwords. Limiting the ability to boot from removable media helps prevent users from editing the data on the hard drive.
Protect Your Network
NT is a feature-rich environment for users, administrators, and attackers. Unfortunately, the features that make NT network-friendly provide attackers with vital information and avenues of attack. You might need to compromise ease of administration to maintain security. Enable only the features necessary to support business functions, and grant access only to users who need it. As Sun Tzu said, "Those skilled in war cultivate the Tao and preserve the laws and are therefore able to formulate victorious policies."
End of Article
Prev. page
1
2
[3]
next page -->
