Comparison of the Security of Windows NT and UNIX

Comparison of Features

Feature NT Unix
Identification maps unsername onto an internal Security IDentifier (SID) which is unique within a Windows domain. SID is not reused username is paired with a User IDentification (UID)
Authentication two hashed versions of passwords (LM-hash & NT-native)stored in Security Accounts Manager (SAM). NT-native uses MD4 hash and LM-hash uses variant of DES. password stored in /etc/password (or more typically) in /etc/shadow. Uses a modified DES and a salt
Access Control Every object has an Access Control List (ACL) identifying what each group or user is allowed or disallowed to do with that object Each file has a list of attributes (filename, permission bits, and a UID and GID). The UID specifies the owner of the file. The permission bits (rwxr--r--) specifies that the owner may read, write, execute the file, while members of the group and everyone may only read the file.
Auditing Done by the Security Reference Monitor (SRM) and the Local Security Authority (LSA). Auditing records are constructed by the SRM which send requests to the LSA and then in turn to the Event Logger. syslog facility keeps information in log files. Many systems also support C2 auditing.
Networking Windows NT uses Server Message Blocks (SMB) to do authentication and RPC on NetBIOS over TCP/IP (NBT). All logging in Windows NT is done by computer name and not IP address. Very chatty. UNIX based on TCP/IP supporting rlogin, rcp, rsh, ... Network File System (NFS) add suport for sharing files over a network. Network Information System (NIS) allows hosts to share system databases including account information.

Comparison of Vulnerabilities

NT UNIX
password capturing server will by default access plain-text passwords as authentication, so can be instructed to only access plain-text password which can then be captured telent and ftp send plain-text password information
password guessing attacks NT passwords stored in LM-hash which uses weak encryption in SAM file encrypted files kept previously in /etc/passwd, but now kept in /etc/shadow. Passwords can be retrieved from the NIS system

A Comparison of the Security of Windows NT and UNIX


Please mail any comments about this page to summers_wayne@ColumbusState.edu