home
our
services
about Peter Davis+Assoc.
contact
security/audit
info
Privacy Test
Security & Audit
Tools
CyberScribblings
Windows NT Server IIS
Windows 95
Cookies
Java, JavaScript and
ActiveX
Intrusion Detection
Systems
Security Industry
Shakeout
Securing Groupware
Client/Server Audit:
One Bite At A Time
Configuring Cisco
Denial of Service Security Features - Part 1
Configuring Cisco
Denial of Service Security Features - Part 2
Configuring Cisco
Lock-and-Key
Configuring Cisco
Reflexive Access Lists
Dysfunctional Controls: Useless, Impractical, Inefficient and Poorly-Designed
TCPA: Who Can You Trust?
When Getting the Audit Done Is the Only Thing
Palladium: Friend or Foe?
Commentary: Quis Custodiet Ipsos Custodes?
Data Management: Data Destruction and Preservation
- Security &
Audit Products
-
- Top Ten
Security Links
-
- Security &
Audit Checklists
-
- Computer &
Security
- Glossary
-
- Security &
Audit Bibliography
-
- Search Page
legal info
privacy
info
|
In
this my first column, I am going to step out on a limb
and talk about two topics often in the
newsMicrosoft and the Web. Why Microsoft and the
Web? With Windows NT Server 4.0, Microsoft has bundled
the Internet Information Server, so we should start to
see plenty of it.
Like
most operating systems and application software, there
are "gotchas" with Windows NT Server and
Internet Information Server security. For instance, you
could leave a NetBIOS share wide open, and anyone with
Windows 95 could gain access.
Unfortunately, vanilla
Windows NT probably isn't secure enough to survive in the
hostile environment of the Internet. As NT increasingly
finds itself operating in the wild, its administrators
need to master techniques that UNIX administrators have
known for decades.
Here, then, are some
preliminary thoughts for making an NT Web site less
vulnerable.
-
Disable the Guest
account and remove or restrict all other user
accounts. A machine dedicated to providing public
Internet services does not need, and should not
have, user accounts other than for its
administration.
-
Enable event-auditing
using Start | Administrative Tools (Common) |
User Manager | Policies | Audit. You can audit
both successes and failures of various
operations. Obviously, there are some failures
you'll want to log, but you also may want to
capture successes for infrequent
operationssuch as Security Policy
Changesthat might indicate unauthorized
activity.
-
Use the multi-homing
feature very carefully to route packets and
support virtual Web servers.. Allegedly, you can
have 254 addresses per adapter. It is a good
fault tolerance feature, but it can get out of
control.
Most of the defenses
outlined here are simple, but they require effort and
diligence. Out of the box, NT configures itself for a
trusting environment. When you put an NT server on the
Internet, the governing principle must be distrust, not
trust.
Diligence also requires
you to keep up-to-date with Windows NT Server and IIS
security issues. As you begin to work on securing your
Web site, you will discover that the Internet itself is a
great resource. Start by checking out the WWW Security FAQ . In addition,
check out the USENET Newsgroups starting with comp.os.ms-windows.nt. Microsoft also offers a wealth of
information.
|