NT Server Security Checklist

Windows NT systems have been the subject of much attention lately. I'm not talking about the latest Microsoft public relations campaign extolling NT's virtues, I'm talking about the full-scale security war that hackers are waging against the NT operating system (OS). Several denial-of-service and NT password gathering and hacking utilities such as GetAdmin, RedButton, and TearDrop2-based programs have appeared during the past year. These utilities expose holes in NT's architecture and maliciously attack NT systems in various ways. The hackers and NT security experts who develop these programs are causing some real headaches for Microsoft, as well as enterprises and NT administrators. What was intended as a useful and necessary campaign to expose holes in NT's security architecture has rapidly escalated into a security hole witch hunt.

All the negative publicity about NT's security holes is frightening. After all, who wants to run an OS that's easy to hack? However, NT is very securable. Notice I didn't say secure, I said securable. NT gives you several tools to secure your servers and workstations against many types of attacks. However, Microsoft doesn't enable most NT security features by default, even when you install Service Pack 3 (SP3--for information about SP3 and NT security, see Mark Joseph Edwards, "Service Pack 3 Is Really Security Pack 3," August 1997). Contrary to popular belief, you can't just install the latest Microsoft service pack and walk away. Although installing the latest patches is a good start, you need to implement a comprehensive set of policies and procedures to address various weaknesses in NT and networked PCs as a whole.

Every new denial-of-service attack and security-cracking utility (and the subsequent fixes Microsoft has issued to thwart them) has made NT more secure. Although NT users have to suffer through interim periods in which the OS is defenseless against a particular type of attack, Microsoft has been quick to respond with updates (i.e., service packs and hotfixes) that patch the affected system components.

To effectively address the latest security concerns, you need to develop a comprehensive NT systems security checklist that covers the most important aspects of maintaining a secure NT network environment. In this article, I'll give you security tips to help you audit your system configurations and take the necessary steps to improve the security of your environment.