Comparison of the Security of Windows NT and UNIX
Comparison of Features
||maps unsername onto an internal Security IDentifier (SID) which is unique within a Windows domain. SID is not reused
||username is paired with a User IDentification (UID)
||two hashed versions of passwords (LM-hash & NT-native)stored in Security Accounts Manager (SAM). NT-native uses MD4 hash and LM-hash uses variant of DES.
||password stored in /etc/password (or more typically) in /etc/shadow. Uses a modified DES and a salt
||Every object has an Access Control List (ACL) identifying what each group or user is allowed or disallowed to do with that object
||Each file has a list of attributes (filename, permission bits, and a UID and GID). The UID specifies the owner of the file. The permission bits (rwxr--r--) specifies that the owner may read, write, execute the file, while members of the group and everyone may only read the file.
||Done by the Security Reference Monitor (SRM) and the Local Security Authority (LSA). Auditing records are constructed by the SRM which send requests to the LSA and then in turn to the Event Logger.
||syslog facility keeps information in log files. Many systems also support C2 auditing.
||Windows NT uses Server Message Blocks (SMB) to do authentication and RPC on NetBIOS over TCP/IP (NBT). All logging in Windows NT is done by computer name and not IP address. Very chatty.
||UNIX based on TCP/IP supporting rlogin, rcp, rsh, ... Network File System (NFS) add suport for sharing files over a network. Network Information System (NIS) allows hosts to share system databases including account information.
Comparison of Vulnerabilities
||server will by default access plain-text passwords as authentication, so can be instructed to only access plain-text password which can then be captured
||telent and ftp send plain-text password information
|password guessing attacks
||NT passwords stored in LM-hash which uses weak encryption in SAM file
||encrypted files kept previously in /etc/passwd, but now kept in /etc/shadow. Passwords can be retrieved from the NIS system
A Comparison of the Security of Windows NT and UNIX
Please mail any comments about this page to summers_wayne@ColumbusState.edu