Windows security
1 / 23

Windows Security - PowerPoint PPT Presentation

  • Uploaded on

Windows Security. Matthew Cook Introduction. Loughborough University Janet Web Cache Service Bandwidth Management Advisory Service. Topics. Security Overview Windows 2000/XP Auditing

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Windows Security' - leann

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Windows security

Windows Security

Matthew Cook


Loughborough University

Janet Web Cache Service

Bandwidth Management Advisory Service


  • Security Overview

  • Windows 2000/XP

  • Auditing

  • Operating System Patching

  • Baseline Security Analyzer

  • Incident Response

  • Useful Books, Tools and URLs

  • Back Office Products

Security overview
Security Overview

“This system is secure.” A product vendor might say: “This product makes your network secure.” Or: “We secure e-commerce.” Inevitably, these claims are naïve and simplistic. They look at the security of the product, rather than the security of the system. The first questions to ask are: “Secure from whom?” and “Secure against what?”

Bruce Schneier

Security overview1
Security Overview

Why bother?

  • Keeping control and service availability

  • Data Integrity (DPA)

  • Legal Liability

  • Reactive Work Loads

  • Bad Public Relations

  • Personal Responsibility

Windows 2000 xp
Windows 2000/XP

Range of secure operating systems

  • Login required

  • ACLs can be applied to files and folders

  • Auditing and logging facilities

  • Security Templates


  • IPSec and Kerberos

Windows 2000 xp1
Windows 2000/XP

  • Install the OS offline

  • Consider partitions for:

    • System

    • User Storage

    • Services

    • Logs

  • Use select slipstreamed CDs

  • Install only required features

  • Install current, relevant SPs and hot fixes offline

Windows 2000 xp2
Windows 2000/XP

Ensure Windows vulnerable ports are blocked at the firewall.

  • NetBIOS Browsing Request [UDP 137]

  • NetBIOS Browsing Response [UDP 138]

  • NetBIOS Communications [TCP 135]

  • CIFS [TCP 139, 445 UDP 445]

  • Port 445 Windows 2000 only


  • Turn it on and configure it!

  • Use the ‘User Manager’ utility (NT) or the ‘Security Settings’ applet (W2K) to ensure the Audit Policy has been configured

  • Check the Event Viewer frequently

  • Use NTLast (Foundstone)URL:

  • Or ELM (TNT Software)URL:

Operating system patching
Operating System Patching

  • Operating Systems do contain bugs, and patches are a common method of distributing these fixes.

  • A patch or hot fix usually contains a fix for one discovered bug.

  • Service packs contain multiple patches or hotfixes. There are well over 200 hotfixes in the soon to be released SP4 for Windows 2000.

Operating system patching1
Operating System Patching…

  • Only install patches after you have tested them in a development environment.

  • Only install patches obtained direct from the vendor.

  • Install security patches as soon as possible after released.

  • Install feature patches as and when needed.

  • Automate patch collection and installation as much as possible (QChain).

Operating system patching2
Operating System Patching…

Use automated patching technology:

  • SUS – Microsoft Software Update Service

  • SMS – Microsoft Systems Management Server

  • Ghost – Symantec imaging software.

    And other application deployment software:

  • Lights out Distribution

  • Deferred installation

Baseline security analyzer
Baseline Security Analyzer

  • Freely available from Microsoft

  • Written by Shavlik Technologies as a direct result of Code Red attacks

  • A GUI to HFNetChk (v3.81)

  • Improved feature set

  • Integrated SUS functionality

Baseline security analyzer1
Baseline Security Analyzer…

MBSA v1.1 supports the following host OS:

  • Windows 2000 Professional / Server

  • Windows XP Home / Professional

  • Windows .NET not officially supported

  • Windows NT not supported as host OS

  • Remote scanning available

Baseline security analyzer2
Baseline Security Analyzer…

What applications does MBSA scan?

  • Operating system

  • Internet Explorer > 5.01

  • Microsoft Office 2000 and 2002

  • Media Player > 6.4

  • Internet Information Services 4.0 and 5.0

  • SQL Server 7.0 and 2000

  • Exchange Server 5.5 and 2000

Baseline security analyzer3
Baseline Security Analyzer…

  • MBSA will replace HFNetChk

  • /hf flag introduced into the CLI

  • mbsacli.exe /hf <hfnetchk switches>

    New features:

  • Security best practices

  • Strong Passwords

  • Security Mis-configurations

  • Application configurations

Incident response
Incident Response

What is an Incident?

“Any real or suspected adverse event in relation to the security of computer systems or computer networks.”


“The act of violating an explicit or implied security policy”

Incident response1
Incident Response…

  • Don’t Panic!

  • Unplug the network

  • Get a notebook

  • Back-up the system and keep the Back-ups

  • Restrict use of email

  • Look for information

  • Investigate the cause

  • Request help and assistance.

Incident response2
Incident Response…

  • Important to return to service swiftly

    • Do not jeopardize security

    • If in doubt, re-build

    • Perform forensics on a backup

  • Keep documentation and evidence

  • Contact RSC or CERT if investigation proves non worm/script kiddie activity.

Useful books tools and urls
Useful Books, Tools and URLs

  • Fport - Foundstone Software

  • L0pht Crack - @Stake

  • Snort – Open Source

  • Nmap – Insecure.org

  • Nessus – Renaud Deraison

Useful books tools and urls1
Useful Books, Tools and URLs

  • Securing Windows NT/2000 Servers for the Internet. (Stefan Norberg.)

  • Incident Response. (Kenneth R. van Wyk, Richard Forno.)

  • Hacking Exposed: Network Security Secrets & Solutions. (Stuart McClure et al)

  • Hacking Exposed Windows 2000: Network Security Secrets and Solutions. (Scambray.)

Useful books tools and urls2
Useful Books, Tools and URLs

  • Microsoft Security Website

  • Computer Security Incident Response Team


  • Bugtraq Mailing List