What can be done with limited time to secure Windows NT and NT Domains

The following is a list of suggested things to do, ordered by their time costs and benefit. To best use this list, you should:

Prepare now for how you will deal with security incidents - See Incident response cycle in a nutshell (from another talk)
Take time each week/month to do one "High" or "Medium" initial expense item that results in a "High" payoff
Dedicate some time to regularly do the "Low" ongoing expense items
If you find you don't have enough time, ask for more resources

Task

Initial Expense

Ongoing Expense

Payoff

Benefit

References

Apply latest Service Pack from Microsoft. Low Low –
Must be reapplied after any system update
High Keeps system somewhat up to date with security patches and bug fixes. http://www.microsoft.com/NTServer/all/downloads.asp
Also on UWICK kit.

Turn off unnecessary services. Remove unused accounts. Low Low High Prevents attacks on services and accounts that are not used. NT Services control panel. Product documentation.

Remove ftpd service. Low None Medium Keeps clear text passwords off the network. IIS documentation.

Audit passwords with L0phtcrack. Low Low Medium Finds easy to guess passwords. Illustrates that even good passwords can be obtained. http://www.l0pht.com

Install SSH Telnet for host access. Use SSL IMAP for email. Medium Low High Keeps clear text passwords off the network. http://www.washington.edu/computing/software/uwick/teraterm
Also on UWICK kit.

Keep up to date virus protection on server and clients. Low Medium High Prevents most viruses and Trojan horse programs. http://www.washington.edu/computing/software/sitelicenses/avtk
Also on UWICK kit.

Apply latest hotfixes from Microsoft. Medium –
Hotfixes are not well organized
Medium –
Must be reapplied after any system update
High Keeps system more up to date with security patches and bug fixes. ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40

Apply latest patches to services and applications (IIS, IE, Office, etc.) Medium Medium High Closes application security holes than can compromise system. http://www.microsoft.com
or other vendor website

Make regular system and data backups Medium Medium High You are able to recover faster and assist investigation and prosecution

Regularly read CERT, NTBugtraq, comp-virus, and other advisories (netsys/lanadmin) Low High High You know what to expect from attackers and learn about patches from vendors. http://www.cert.org
http://www.ntbugtraq.com

mailto:listproc@u (subscribe comp-virus)

mailto:listproc@u (subscribe lanadmin)

mailto:netsys-request@atmos.washington.edu

Audit your network with nmap (unix) or ISS Medium Medium Medium Better knowledge of potential threats and can uncover security holes before they are exploited. http://www.insecure.org/nmap/
http://www.iss.net

Turn on TCP/IP security in Network control panel High Medium Medium Explicitly states what services are available on your machine. Requires knowledge of what port numbers each service uses. Windows NT 4.0 Resource Kit

[Next] | [Prev] | [Top]

Dave Dittrich <dittrich@cac.washington.edu>

Last modified: Fri Apr 9 10:32:10 1999

Task	Initial Expense	Ongoing Expense	Payoff	Benefit	References
Apply latest Service Pack from Microsoft.	Low	Low – Must be reapplied after any system update	High	Keeps system somewhat up to date with security patches and bug fixes.	http://www.microsoft.com/NTServer/all/downloads.asp Also on UWICK kit.
Turn off unnecessary services. Remove unused accounts.	Low	Low	High	Prevents attacks on services and accounts that are not used.	NT Services control panel. Product documentation.
Remove ftpd service.	Low	None	Medium	Keeps clear text passwords off the network.	IIS documentation.
Audit passwords with L0phtcrack.	Low	Low	Medium	Finds easy to guess passwords. Illustrates that even good passwords can be obtained.	http://www.l0pht.com
Install SSH Telnet for host access. Use SSL IMAP for email.	Medium	Low	High	Keeps clear text passwords off the network.	http://www.washington.edu/computing/software/uwick/teraterm Also on UWICK kit.
Keep up to date virus protection on server and clients.	Low	Medium	High	Prevents most viruses and Trojan horse programs.	http://www.washington.edu/computing/software/sitelicenses/avtk Also on UWICK kit.
Apply latest hotfixes from Microsoft.	Medium – Hotfixes are not well organized	Medium – Must be reapplied after any system update	High	Keeps system more up to date with security patches and bug fixes.	ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40
Apply latest patches to services and applications (IIS, IE, Office, etc.)	Medium	Medium	High	Closes application security holes than can compromise system.	http://www.microsoft.com or other vendor website
Make regular system and data backups	Medium	Medium	High	You are able to recover faster and assist investigation and prosecution
Regularly read CERT, NTBugtraq, comp-virus, and other advisories (netsys/lanadmin)	Low	High	High	You know what to expect from attackers and learn about patches from vendors.	http://www.cert.org http://www.ntbugtraq.com mailto:listproc@u (subscribe comp-virus) mailto:listproc@u (subscribe lanadmin) mailto:netsys-request@atmos.washington.edu
Audit your network with nmap (unix) or ISS	Medium	Medium	Medium	Better knowledge of potential threats and can uncover security holes before they are exploited.	http://www.insecure.org/nmap/ http://www.iss.net
Turn on TCP/IP security in Network control panel	High	Medium	Medium	Explicitly states what services are available on your machine. Requires knowledge of what port numbers each service uses.	Windows NT 4.0 Resource Kit