What can be done with limited time to secure Windows NT and NT Domains

The following is a list of suggested things to do, ordered by their time costs and benefit. To best use this list, you should:

Task

Initial Expense

Ongoing Expense

Payoff

Benefit

References

Apply latest Service Pack from Microsoft. Low Low –

Must be reapplied after any system update

High Keeps system somewhat up to date with security patches and bug fixes. http://www.microsoft.com/NTServer/all/downloads.asp

Also on UWICK kit.

Turn off unnecessary services. Remove unused accounts. Low Low High Prevents attacks on services and accounts that are not used. NT Services control panel. Product documentation.
Remove ftpd service. Low None Medium Keeps clear text passwords off the network. IIS documentation.
Audit passwords with L0phtcrack. Low Low Medium Finds easy to guess passwords. Illustrates that even good passwords can be obtained. http://www.l0pht.com
Install SSH Telnet for host access. Use SSL IMAP for email. Medium Low High Keeps clear text passwords off the network. http://www.washington.edu/computing/software/uwick/teraterm

Also on UWICK kit.

Keep up to date virus protection on server and clients. Low Medium High Prevents most viruses and Trojan horse programs. http://www.washington.edu/computing/software/sitelicenses/avtk

Also on UWICK kit.

Apply latest hotfixes from Microsoft. Medium –

Hotfixes are not well organized

Medium –

Must be reapplied after any system update

High Keeps system more up to date with security patches and bug fixes. ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40

 

Apply latest patches to services and applications (IIS, IE, Office, etc.) Medium Medium High Closes application security holes than can compromise system. http://www.microsoft.com

or other vendor website

Make regular system and data backups Medium Medium High You are able to recover faster and assist investigation and prosecution  
Regularly read CERT, NTBugtraq, comp-virus, and other advisories (netsys/lanadmin) Low High High You know what to expect from attackers and learn about patches from vendors. http://www.cert.org

http://www.ntbugtraq.com

mailto:listproc@u (subscribe comp-virus)

mailto:listproc@u (subscribe lanadmin)

mailto:netsys-request@atmos.washington.edu

Audit your network with nmap (unix) or ISS Medium Medium Medium Better knowledge of potential threats and can uncover security holes before they are exploited. http://www.insecure.org/nmap/

http://www.iss.net

 

Turn on TCP/IP security in Network control panel High Medium Medium Explicitly states what services are available on your machine. Requires knowledge of what port numbers each service uses. Windows NT 4.0 Resource Kit

 

[Next] | [Prev] | [Top]


Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Fri Apr 9 10:32:10 1999