Analysis of Windows NT Security Mechanism

Today, there are more and more websites using Windows NT Server as the server operating system on the Internet. At the same time, many companies use the NT platform as the cornerstone of their intranet solutions. Windows NT has a typical Windows operating interface that is easy to use. However, simplicity and security are two contradictory factors. Simple is not safe, and security may not be simple. Safety and stability are interrelated, and the stability of unsafe systems is directly affected. With the development of the Internet, the disclosure and tampering of online information, hacking, and virus transmission often occur, which makes the security issue of Windows NT more worthy of attention.

Password Security

Windows NT passwords are much more vulnerable than UNIX, which is directly caused by the database storage and encryption mechanisms they employ. NT4.0 saves user information and encrypted passwords in a SAM (Security Account Management) file in the registry. The encryption of the password is nominally divided into two layers, and there is actually only one layer. The first layer encrypts the password with the RSA MD4 system, but the second layer does not take any additional measures, so it lacks basic password complexity and is virtually useless. Use the decryption tool like PW Dump or NT Crack to decode the SAM database and crack the password.

Passwords are the biggest security threat to the system. Theft of passwords means that all information on the machine will be lost. To enhance the security of NT passwords, you need to install SP3 and above patches. According to your experience, SP5 works better. The stability and reliability of SP4 and SP6 are not as good as SP5. However, patches above SP3 have been enhanced for NT passwords; secondly, the name of the administrator account is changed to prevent hackers from attacking the default named account and using a more secure password. Secure passwords should be mixed in uppercase and lowercase letters (note that when there is only one uppercase letter, don't put it at the beginning or end), more than 8 characters, the numbers are added to the letters out of order, and the system user's password contains ~!@#$, etc. symbol. In addition, the tracking administrator account is set up, and the account is locked after several login failures.

File System Security

Windows NT supports two file systems: FAT and NTFS. The difference between the two is that NTFS is designed for hard drives with a capacity of more than 500M. It supports file and directory access settings for storage applications and user files. FAT optimizes hard disks up to 500M and does not support them. File and directory access permissions settings.

Windows NT's security mechanism is user-centric, trying to access each line of code of the protected object, the user must use a password to prove his identity to the client, each security check depends on the user Identification. Files and directories can have two permissions: Share Permissions and File Permissions. Shared permissions are used for users to remotely access a shared file system. When a user attempts to access a file in shared mode, the system checks to see if the user has access. File permissions are access rights that are directly assigned to files and directories, regardless of how the user accesses the file system, and the user or workgroup needs to be associated with a particular access level. In addition, file permissions, file audits, and file owners can be set through the properties of the file.

The wrong setting of file permissions may bring security problems. When copying or moving files, their permission settings will change. If the files are copied to a directory, it will inherit the permissions of the directory. When you move a file, it retains the original permission settings no matter which directory it is moved to. Therefore, you need to check the file permissions settings frequently, especially after the files have been copied or moved. The default permission settings allow everyone to change access to critical directories, such as the root directory of NTFS volumes, System32 directories, etc., and the permissions of these critical directories can be changed to read-only. In addition, you can use FTP to perform unauthorized file access. You must configure the FTP server reasonably to ensure that the server must verify all FTP requests.

Web Server Security

IIS (Internet Information Server) integrates a variety of Internet services such as WWW services, FTP services, Gopher services, etc. It can be easily coordinated with Windows NT Server. Construct a web site. There are many weaknesses in IIS. By default, installing IIS generates the InetPub directory, which in turn contains four subdirectories. The three subdirectories are the root directories of the three Internet servers, which are used to store all the files and directories of the three services, and another directory for text storage. The WEB application developed by CGI, Visual Basic or Perl can be stored here. Under contents. Administrators should periodically check the directory structure of IIS and set the appropriate permissions.

At the same time as IIS is popular, ASP has become a favorite of system programmers for network management programming. ASP development and maintenance are relatively simple, and have powerful features, but there are some security holes. In IIS3.0, I found that adding a string after the ASP program can see the source code of ASP. Since the source code of ASP contains key data such as the access password of the database, this directly affects the security of the Web server.

Compared with IIS3.0, the security of IIS4.0 has been greatly improved. For example, its FTP account is not open in the domain, but on the local machine. If you want to be an FTP server, it is better to use FTP with IIS itself. According to statistics, its security is higher than other FTP server software. Also note that it is important to ensure that all reliable security patches are installed.

NTFS Partition Security

If there are multiple operating systems such as DOS, Windows, and Linux on the same host, it is possible to bypass the security settings of NTFS by accessing other operating systems. Some tools can access NT's various security settings by accessing NTFS-formatted hard drives on Intel systems without authorization. Such as DOS /Windows NTFS file system redirector, Linux NTFS Reader, SAMBA and so on. In this case, a dedicated partition is used, and the system administrator group and the backup operator group are restricted, and the operating procedures used by the administrator are restricted, and such access across the operating system is prohibited.

In general, Windows NT security is guaranteed, and its security vulnerabilities are basically patched by SP. At the same time, it is not easy to be modified by remote management, but users need to follow the procedure. The default configuration is modified, and the system administrator can work hard and secure to obtain a secure and stable network operating environment.