CS459/559 - Network Security - Chapter 6: Security Features
of Network Operating Systems
- "a security policy is by far the most
important piece of the puzzle, more than everything else put together.
Actual adherence to the policy is number two." Dan Farmer (creator
of SATAN)
- Netware
- Novell Directory Service (NDS) based on X.500 uses a directory tree with a directory schema:
- attribute information
- inheritance (describe which objects will inherit rights and properties of other objects)
- naming (describes the structure of the directory tree)
- subordination (describes location of
objects in directory tree)
- Netware Security Categories
- Login security (username / password)
- Trustees (user or group of users who have specific access rights to work with a a particular directory, file, or object)
- Rights (what level of access a given trustee has to a directory, file, object, or property)
- Inheritance (rights granted via trustee asssignment apply to everything below)
- Effective Rights (rights that the user actually has to the directory, file, or object)
- Attributes (flags, characteristics of a particular directory or file)
- Authorization (uses access control (ACL) to authorize individual users to perform directory operations)
- RCONSOLE Vulnerability
- "Unofficial Novell Inc. NetWare Hack FAQ"
- Remote CONSOLE - gives supervisor ability to manage the server from a remote workstation [closed up in 4.1]
- Other Netware Vulnerabilities
- default accounts (Supervisor, Guest)
- standard accounts (Print, POST)
- edit FAT and reset bindery to default upon server reboot
- delete files that contain the security system
guidelines for securing Novell server:
- trust no one
- physically secure the server
- Use SECURE CONSOLE to prevent loading of harmful NLMs from floppy or remote site
- store backups offsite [STARTUP.NCF, AUTOEXEC.NCF, login scripts, bindery or NDF files]
- Generate list of NLMs and files from SYS:LOGIN, SYS:PUBLIC, SYS:SYSTEM, and compare against originals
- Generate list of users and their access priviliges [check frequently]
- Run security from SYS:SYSTEM and see who has Supervisor rights.
- Monitor server console activity with CONLOG.NLM
- Turn on Accounting feature
- Use Supervisor account sparingly
- Use NCP (Netware Core Protocol) Packet Signature to prevent packet spoofing
- Use RCONSOLE sparingly
- Move .NCF files to a secure location
- Use the Lock File Server Console option in Monitor
- Add EXIT to end of System Login script to eliminate Login Script attack
- Upgrade to Netware 4.11
- Remove RCONSOLE.EXE from SYS:PUBLIC
- Remove [Public] from [Root] in NDS
- Windows NT
- Logon Processes
- Local Security Authority - generates an access token, manages policy, and furnishes user authentication services
- Security Account Manager (SAM) - maintains user accounts database & provides user validation services
- Security Reference Monitor - checks to see if user has permission to perform a task or access an object
- Windows NT Registry
- HKEY_LOCAL MACHINE - info about local computer system (H'ware, OS)
- HKEY_CLASSES-ROOT - associations between applications and file types, etc.
- HKEY_CURRENT_CONFIG - configuration data for current hardware profile
- HKEY_CURRENT_USER - user profile for users who are logged on
- HKEY_USERS - all actively loaded user profiles
- Security Access Tokens
- a security access token is generated when a user logs in
- when user attempts to access an object, the security ID of the sat is compared with the master list of access permissions
- administrator can assign user rights (privileges) to users
- Registry Vulnerabilities
- anonymous user account (for machine-to-machine communications) is member of Everyone Group which may be able to access the registry & file shares [get EVERYONE2USERS.EXE from http://www.iss.net
- Unauthorized access to the password database on NT domain controllers
- access to password database via backup tapes
- access password database from Repair directory
- attacker can install an ISAPI DLL with a Trojan horse
- Jobs submitted to Scheduler (AT command) can be modified by an unauthorized user
- Security Levels
- MINIMAL SECURITY SETTING
- use surge protector
- physical security
- defrag & disk scans
- antivirus software
- STANDARD SECURITY SETTING
- establish & enforce policies (don't write down passwords, log off)
- Configure NT to display a legal notice
- Require usernames & passwords
- Press CTRL-ALT-DEL to log on
- Use NTFS (better performance, increased security, better recovery)
- Protect the registry
- HIGH-LEVEL SECURITY SETTING
- control physical access (disable floppy boot [set BOOT.INI time-out to 0, use a lock on case, remove network card if not needed)
- use regular user rights & change default permissions
- Use ACL editor to set restrictions
- set additional protections on some Registry keys
- restrict guess access to EventLog
- restrict which users can add printer drivers
- Not use Schedule service(AT command)
- restrict FTP access (anonymous account, put FTP on separate patition)
- remove other OS's
- permit only logged-on users to shut down computer
- enable system auditing
Sites and Tools for securing NT
NT Security Information Sites
- UNIX
- Physical security
- Console security (console passwords, root passwords)
- Installation media
- Default Configurations (lp, guest, 4Dgifts, demos, jack, jill, backdoor, tutor, tour)
- Password Security
- install password shadowing
- Proactive Password-Checking
- Patches
Examine Services
- r Services (rlogin, rsh)
- finger (if needed, install sfinger
- telnet
- ftp (turn off anonymous)
- tftpd (turn off)
- gopher
- NFS
- http (don't run as root, CGI
- Built-In Features: w, finger, who; ps; last, lastcomm, netstat; examine /var/log/syslog file; use ifconfig to check for sniffers
- Run TripWire (preserves a record of the file system - file system integrity using cryptographic checksums)
- Solaris
- Level 1: password validation, aging, qualification, shadow password file, account expiration
- Level 2: controls which resources can be accessed by valid users, auditing capability.
- Level 3: Secure NIS+, Secure NFS, Secure Transport RPC; accomodates Kerberos, Diffie-Hellman & UNIX-based authentication
- Level 4: physical security through Solstice Firewall-1 and Solstice SunScreen (firewall + network-level authentication)
- Single Sing-On
- HP-UX
- C2 compliant
- System auditing
- ACLs
- Extended password management facility
- logon restrictions
- boot authentication
- Linux???
- IBM Platforms
- Stage 1 (based on OSI Security Framework)
- identification and authentication
- access control
- confidentiality
- data integrity
- nonrepudiation
- security management and audit
- Stage 2 (based on OSF/DCE)
- single sing-on
- security administration
- network security
- distributed data security
- DEC MLS+ (security-enhanced UNIX) and SEVMS (Security-enhanced VMS) - B1
