GBN's Notes for CTC Retreat Security Panel
November 13, 1998

Pop Quiz

  1. How do you find out about new security problems and fixes?

  2. NT: Have you installed Service Pack 4?

  3. Solaris: What's your current kernel revision?

  4. NT: What have you done to improve on security "out of the box" with your NT Server or Workstation OS?

  5. All: When was the last time you used a port scanner to test systems you manage for vulnerabilities?

  6. All: How would you know if someone broke into a system you manage?

Don't forget physical security

Physical access to a computer practically guarantees it can be accessed illicitely. (Exception: encrypted file systems, but this probably only protects data, not illicit access to the system)

Unix v. NT Security

  1. General: Both require a reasonable level of proficiency to operate a secure server. Both require constant diligence to ensure continued security.
  2. ACLs: NT has more control over file manipulation (with NTFS)
  3. Password encryption: Unix uses stronger (but still weak) encryption (out of the box)
  4. Password hiding: On both NT and Unix, Administrator/root access is enough to get encrypted passwords from a local (or trusting) machine
  5. Internet communication: Unix servers have more external IP-based communication than NT out of the box. Both enable the removal of non-required Internet services.
  6. Multi-users: NT systems tend to have fewer users who can access administrative functions. Correlary: NT systems administrators can make tragic mistakes easily (since they're always "administrator"). "Regular" NT users often require undesirable access to system directories so that software can save configuration files, DLLs, etc., much more so than with Unix systems.
  7. Cost: The NT OS and software is expensive, but runs on commodity PCs. Unix software is often free, but the OS and hardware can be more expensive. The exception is the Linux variant of Unix: free OS running on commodity PCs. Much more free security software is available for Unix.
  8. Web servers: Bottom line: security is comparable, in that both let you have complete control, and both let you make mistakes. NT and Unix both have very fast Web servers. Both have added features (like ODBC capability), but NT is usually easier to configure. NT's BackOffice suite (really, lots of separate software) offers a substantial integrated approach to extending Web functionality - some of which is available free for Unix, but not nearly as integrated or easy to install & use.
  9. Anonymous FTP: Both are fine, although we see Unix more frequently. 3rd party FTP for NT is desirable.
  10. Email: Comparable security issues. NT's Exchange Server has many extended features & capabilities. Unix's sendmail is more frequently used. POP and IMAP clients are available for each.

    Key security mailing lists

    Bugtraq and NTbugtraq are full-disclosure lists where announcements about new security expolits and workarounds are posted. Get advance notice (measured in weeks or months) before vendors post patches, updates or advice.

    NT Security

    Some of the resources on this list of NT security resources was taken from "Maximizing NT Security" by Stephen Cobb & David Brussin in July 1998 BYTE, pp. 88c-88f. Beware! Many resources are out of date, and none are authoritative.

    Standards and Details

    Get help

    Laws

    Incident reporting

    Free resources to protect & educate yourself

    Hacker Hangouts

    Lots of resources

    Some of useful hacking resources, codes, cracks, etc.

    Publications

    Additional hacking resources, not as centralized or organized

    Get hacked by pros


    Prepared by Gregory B. Newby
    Most recent update: November 13, 1998

    URL for this page: http://ruby/gbnewby/presentations/security.html