1 / 14

A Comparison of the Security of Windows NT and UNIX

A Comparison of the Security of Windows NT and UNIX. Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson Originally presented at the Third Nordic Workshop on Secure IT Systems, November 1998 http://www.ce.chalmers.se/staff/sax/nt-vs-unix.pdf Presented by Clare West. Outline.

cissy
Download Presentation

A Comparison of the Security of Windows NT and UNIX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Comparison of the Security of Windows NT and UNIX Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson Originally presented at the Third Nordic Workshop on Secure IT Systems, November 1998 http://www.ce.chalmers.se/staff/sax/nt-vs-unix.pdf Presented by Clare West

  2. Outline • Introduction • Security Comparison • Identification • Authentication • Networking • Man-in-the-Middle Authentication Attacks on both Windows NT and UNIX • Conclusion

  3. Introduction • “It has been claimed that the security of Windows NT is far better than that of previous commercial operating systems.” • Compare NT with UNIX • Networked Windows NT 4.0 • UNIX with NFS (Network File System) and NIS (Network Information System)

  4. Windows NT Released in 1992 Processes Threads Symmetric multiprocessing Distributed computing Object model to manage resources UNIX Released in ~1974 Processes Threads Symmetric multiprocessing Distributed computing File model to manage resources Introduction cont.

  5. Windows NT Usernames Numeric SID (Security IDentifier) SID is unique to a Domain SIDs are never reused UNIX Usernames Numeric UID (User IDentifier) UID may not be unique within an NIS domain UID may be reused Identification

  6. Windows NT Passwords Stored encrypted in SAM (Security Account Manager). Only accessible to Domain Administrators Encrypted by DES and MD4 UNIX Passwords Stored encrypted in /etc/passwd or NIS (Network Information System). Accessible to any user. Encrypted by DES Authentication

  7. Alice yp_match request Client Server for alice’s passwd entry Alice yp_match response Client Server alice:23:20:sCFNq7Qf8/kwg:Alice Cooper:/home/alice:/bin/tcsh Authenticating with a UNIX NIS Domain The password supplied by Alice is encrypted and compared with the encrypted password in the passwd entry supplied by the NIS Server

  8. Request for Service Alice Server Challenge - random string Alice Server Response - encrypted string Alice Server Authenticating with a Windows NT Domain Alice encrypts her password and then uses this to encrypt the random string sent by the server. The server encrypts the random string it sent with Alice’s encrypted password and compares this with her response.

  9. Windows NT Logging by computer name not IP address Trust placed in clients not acting maliciously UNIX Address based authentication Trust placed in clients not acting maliciously Networking

  10. Mallory yp_match request for alice’s passwd entry Client Server Mallory Mallory yp_match response Client Mallory alice:23:20:FdFNq7Qf85twg:Alice Cooper:/home/alice:/bin/tcsh A Man-in-the-middle Attack vs UNIXGoal: Mallory impersonates Alice to the Client Mallory prepares a yp_match response with the encrypted password of his choice

  11. Request for Service as Alice Mallory Server Challenge - random string (A) Mallory Server Request for Service Alice Server Mallory Challenge - random string (A) Alice Mallory Response - encrypted string (A) Alice Server Mallory Response - encrypted string (A) Mallory Server A Man-in-the-middle Attack vs NTGoal: Mallory impersonates Alice to the Server Mallory waits for Alice to attempt to use the Server

  12. Windows NT Allows access to the server as Alice Mallory must wait for Alice Mallory can only impersonate active users he can spy on UNIX Allows access to the client as Alice Mallory can attack at any time Mallory can impersonate any user Combined with NFS (Network File System) allows access to any file systems exported to the client as any user Man-in-the-Middle AttacksResults

  13. Conclusions • “…the security mechanisms of Windows NT are slightly better than those of UNIX” • “…the two systems display a similar set of vulnerabilities” • “…with the present way of installing and using the systems there seems to be no significant difference between their security level”

  14. Interception Interruption Modification Fabrication Question • What System Security Threats are posed by the Man-in-the-middle attacks presented earlier?

More Related