Practical Windows Security - Essay Example

?Practical Windows Security Table of Contents Introduction The developments in computing have brought a lot of facilities and opportunitiesfor the organizations. On the other hand, these developments have also caused illegal use of computers which created a lot of security issues and challenges for the organizations as well as individuals. This paper offers a deep analysis of some of the prime aspects and issues of practical windows security. This paper will discuss and analyze some of the prime issues and factors regarding various types of attack that can be applied to a Windows 2000 and Windows NT systems and their possible mitigation. This paper will analyze the importance of system’s configuration, management and how to efficiently undertake systems configuration and management for Windows 2000 and Windows NT systems. This paper will also analyze a number of important areas like information technology health check (ITHC) and present the role along with the limitations of an ITHC in securing Windows 2000 and Windows NT systems. Windows Domain Structure Windows Domain Structure is fundamental to implementing a well-organized computer network. In operating systems like Windows NT and Windows 2000, a domain structure is a set of servers that allocate a wide group of safety considerations. In Windows 2000 and NT, this situation is basically somewhat the case. The client’s account and other parameters exist on one machine known as server within a network. In it place there is a dire need for controlling admittance to that server machine simply, though, the account controls admittance to each measure or resource inside the domain (TechRePublic, 2000) and (Ray, 2004). We can discover a domain structure in all the large size networks. Additionally, these domains are used to help the network/system administrator to divide the complete network into different components, so that they could be managed in a simple way. Additionally, there are a lot of other causes of using domain structures for administrating a network. In this scenario, domains are not somewhat like software or hardware. On the other hand, it is a technique to structure and handle the Servers, computers, and various other peripherals in an organization’s IT-environment. In addition, the domains refer to a set of computers in all its distinctions. However, if we need to set up a connection between two computers then we don’t need a domain. Here we only need to focus on the given IP statement and the subnet mask of our computers. In this way we can see both the computers in the network. The only function of a workgroup is to arrange the computers in a network. And the computers having identical workgroup could be viewed in the nearer environment. However, the domains can be considered at an upper level as workgroups but they perform same functions as performed by the workgroups. In this scenario, the user who wants to gain access to these resources needs only to log in to the domain, which may be available on several different servers in the network in which one server, acknowledged as the primary domain controller, is responsible for organizing the master user database for the domain. On the other hand, one or more servers are used as backup domain controllers (Winterscheid & Vetter, 2010), (TechTarget, 2000) and (Forouzan & Fegan, 2006). Windows Domain Structure Security The term “security” is referred to the safety of data and information through the use of technology, training, and techniques. However, the security policy of a Windows Domain structure makes sure reliable security across all the computer systems existing in that Windows domain. The Windows Domain structure security policy in Microsoft Windows NT and 2000 is a set of policy objectives that create safety procedure and settings all through a Windows domain. Additionally, it is an improved and modernized edition of what was obtainable in its forerunner, Windows NT Server 4.0. In addition, the Windows Domain structure security policy is able to manage the performance of a variety of user account features. These comprise locking, protection through password and Kerberos that is about the verification for getting access remotely. Moreover, the windows domain structure security policy comprises settings obtainable intended for confined-level security. These comprise checking and user privileges however as well expanded to rough choices like that the registry, a system services, and the file system and event record. The Windows Domain structure security policy is customized by an object known as Group Policy Editor that is employed for the entire objects governed through a group policy. This could be managed on the "Group Policy" tab of the characteristics of the particular domain object, located in the "Active Directory Users as well as systems" part of "Administrative Tools." The Windows Domain structure security policy has the 2nd maximum precedence in scenario of application primacy. It obtains precedence over and will over-write Local and a site strategy however can be surpassed by corporate unit policies (Dalton, 2010), (TechTarget, 2010) and (Shelly et al., 2005). Security Attack So far, business sector and individuals have faced a lot of attacks particularly aimed for platforms designed on Windows technologies. Because of such attacks the vast marketplace share controlled by Microsoft, these security as well as privacy attacks obtains huge amount of media consideration as well as publicity. In case of Host along with Network IPS, discover 3 minor identified attacks next to Windows systems. Discovering these securities plus attacks are related so that security professionals as well as skilled persons those are able to completely hold the significance of security hits which are not essentially being rather stated on in the conventional media and that are violating basic elements of safety arrangement and working design. These attacks can be: (Rash et al., 2005), (TechRePublic, 2010) and (Turban et al., 2005) Witty Attack Kerio Personal Firewall DOS SSHI CRC Compensation Attack Besides above listed attacks there are also lots of famous and most frequent attacks. Below I will present a brief overview of each category of security attack that is compromising the security aspects of Windows 2000 and Windows NT systems: IP Spoofing The main aim of this attack is to take the IP-address of the particular personal computer. It permits the offender to conceal the origin of security attack (pessimistic reaction in any form of service "is employed in attacks of this category"), or else to take advantage from secret data transmit in communications of two network systems (24-7-Solutions, 2010) and (ComptechDoc, 2010). IP-fragmentation attack This type of attack in Windows 2000 and Windows NT systems happens through the communication network in which attacker attacks the windows system that is composed of link analysis TCP, fragment or piece on 2 IP-packages. The primary IP package is composed of 68 bytes as well as holds simply initial eight bytes of heading TCP (a serial number and ports of a source, reason). Information along with data of the subsequent IP-package holds analysis on TCP link. However, this type of attack is less frequently seen because of the contemporary network gateway screens dependably defend as of them (24-7-Solutions, 2010). TCP Session Hijacking Another well known network attack in Windows 2000 and Windows NT systems is the disruption of a TCP-session that permits the offender forward flow TCP. Additionally, cracker is able to surmount password security (like in ftp or else telnet). However, the need of listening (sniffing) restricts validity of that kind of assault equal to a physical section of the intended host network (24-7-Solutions, 2010). ARP Spoofing In Windows 2000 and Windows NT systems this attack reconnects the communication network traffic from a single or more system to the system of the attacker. It is performed in a physical network of a casualty. Additionally, this attack alters a cache of the intended system. In this type of attack attacker/malefactor transmits ARP-replies to the intended system by means of the details on the fresh MAC-address matching (for instance) the internet protocol address of a rinse. In fact, this MAC address communicates to the interface of the attacker's system. Therefore, the entire systems as well as network traffic to a rinse will be established by the target's system. At the present it is probable to pay attention on the traffic (and / or to alter it). Following that, the communication traffic will move to the genuine target address and consequently nobody will become aware of modifications (24-7-Solutions, 2010). DNS Spoofing Domain Name System spoofing changes the name of a domain to its internet protocol address (for instance, 192.168.0.2) and on the divergent. That assault employs technology of phony responses transmitting to DNS-inquiries of a target (24-7-Solutions, 2010) and (Garg, 2009). Response to Attacks This section will outline some of the possible counter mechanisms in order to deal with the possible attacks on Windows 2000 and Windows NT systems platform those I have mentioned earlier. I have outlined below some of the basic and vital mechanisms those are advanced and as well more effective in ensuring the security of Windows 2000 and Windows NT systems: Use of Firewalls In Windows 2000 and Windows NT, a firewall is an essential element of the network that is linked to the internet. In case of unavailability of firewall we can face a lot of security problems. The unavailability of firewall implementation as defender host; a lot of attacks are able to occur beside windows without the administrator unaware of the attacks. The huge numbers of these security and privacy attacks are experienced to be so massive that the systems will stop responding. In such cases firewall based security implementation provide effective protection and safety (Magalhaes, 2004) and (Norton, 2001). Service packs Windows 2000 and Windows NT systems service packs are systems, tools and applications that are introduced behind the public release of a particular Windows product. In case of some possible attack Microsoft introduces a number of specific service packs those should be incorporated to ensure more enhanced security besides such attacks (Magalhaes, 2004). Account considerations We should take care of that if we are utilizing Windows NT and succeeding versions our system administrative account is protected. In this case renaming the administrator account to somewhat normal is nice task after that making again some other system account named administrator and offering that account the majority limiting rights will give some hacker or impostor a tough task if he does get access to our “lure” administrative account (Magalhaes, 2004). Antivirus Antivirus systems are well known tools for the security of data and information on the Windows 2000 and Windows NT systems. In addition these systems offer effective and maximum securities against any inside as well as outside security violations and present more enhanced security management against possible security attacks (Magalhaes, 2004). Dial in access or Remote network access Confine dial in access to reliable clients and confine the services of the users from remote sites. Additionally, the strategies can be made in such manner that user actions could be identified as well mapped out. While getting access to a network from a distant site, a VPN (virtual private network) is protected technique that is able to be competently employed as well as trusted. In addition, the data that moves above a virtual private network link is a great deal less vulnerable to interpret than standard PPP links above the PSTN networks (Magalhaes, 2004). Strong password practices In order to protect the system against the outsider attacks there is a dire need for establishing much stronger passwords. In this scenario we need to choose less frequents names as well as numbers so that some outsider can not gain access to our systems (Magalhaes, 2004). Make Sure Services installed For Windows 2000 and Windows NT systems the services are executed on most computers as registered procedures. Additionally, these services are aimed to restrict attacker who try to get access and incorporate some weaknesses inside. Disabling some idle services is high-quality task to do and leaves almost less or nothing intended for the attacker to discover utilization inside. It as well causes less damage to the hardware and necessitates less checking (Magalhaes, 2004). Install IIS on separate network segments For Windows 2000 and Windows NT systems, Microsoft Corporation has released an IIS lock down tool and it is suggested that this system is employed to lock down some recognized matters as well as exposures that can be found on the IIS package. Normally IIS servers require to be accessed by clients on the internet and this creates a lot of susceptibilities for the server machine. However, establishing an IIS server in the course of an ISA server can facilitate in decreasing some known weaknesses and will assist in adding an additional level of protection to our IIS windows server. SQL servers that as well require to be accessed from the internet should be published through ISA (Magalhaes, 2004). Backups Tasking proper system backup is very good practice. In all businesses the operational permanence should be an important element of the disaster recovery plan and backups will be an element of this plan. In addition, the entire data must be backed up as well as should be reinstated on regular basis since the backups are significant thus it is very important that the network working and operational media is kept to any other location. However, keeping backup media on the original location will not facilitate in circumstances where a physical disaster demolishes the location. Thus, off-site storage of data and information is required in circumstances that necessitate an additional level of data protection (Magalhaes, 2004). Systems Configuration and Management System Configuration Management is the idea of routinely handling and organizing the whole arrangement of one of other systems. It is not to be understood as the Software Configuration Management (SCM), which is a wide-ranging phrase, intended for amendment control systems like that Subversion and CVS (SmartFrog, 2010). In Windows 2000 and Windows NT systems, Control Panel is the core place for system configuration alterations. However, to minimize disorder and to offer simpler access to a number of selections, some applications and tools are not extensively placed in Control Panel (Microsoft., 2011). The main idea to run a sensibly Windows system reliably is the application of effective and enhanced configuration management technique. A usual Windows operation system has thousands of files, hundreds of software systems and supporting modules installed on a system. It is as well about the numbers game: the more parts working together on the system, the better the likelihood that two of them will clash, Linux is meeting towards Windows in terms of the amount of safety reviews introduced. Certainly, making use of an outdated version similar to Windows 98 or Windows ME without current secure memory is a direction to collapse however the NT-based editions, like Windows 2000 and Windows XP are able to encompass realistic dependability, as a minimum for desktop practice (Majid, 2002). Information Technology Health Check (ITHC) A system healthcheck recognizes possible performance problems by means of chosen individual systems. Two categories of inputs can be measured or employed when carrying out server health check. One category can be a machine resource consumption log that records the machine and business working resource at operational level with the passage of time. An instance is CPU usage. The next input type can be a request log that traces the ending time and optionally, the commencement time of individual dealings processed through systems. Individual dealings can be some category of system operations like that web surfing as well as further processing application requirements like that order processing, accounting connections or else some other business operations. With the help of both inputs, the system as well as techniques carry out thorough analysis as well as offer various insights about the health of the chosen systems (Bernardini et al., 2009). Conclusion This research has offered a deep analysis of the some of the prime aspects of the Windows 2000 and Windows NT systems regarding different types of attack that can be applied to a Windows 2000 along with Windows NT systems and the mitigation criteria we can perform. Then I have competently analyzed the importance of systems configuration and management. After that this report has discussed the Information Technology Health Check (ITHC) and its significance. I hope this report will offer a deep insight into the overall analysis of windows practical security. Bibliography 24-7-Solutions, 2010. The basic types of network security attacks. [Online] Available at: http://24-7-solutions.net/reviews/attacks-kinds.html [Accessed 22 January 2011]. Bernardini, F. et al., 2009. Apparatus, System and Method for Healthcheck of Information Technology Infrastructure based on log data. [Online] Available at: http://www.freepatentsonline.com/y2009/0287744.html [Accessed 22 January 2011]. ComptechDoc, 2010. Security Attacks. [Online] Available at: http://www.comptechdoc.org/independent/security/recommendations/secattacks.html [Accessed 22 January 2011]. Dalton, J., 2010. Windows 2000 Domain Security Policy. [Online] Available at: http://www.ehow.com/facts_7319485_windows-2000-domain-security-policy.html [Accessed 21 January 2011]. Forouzan, B. & Fegan, S.C., 2006. Data Communications and Networking, 4th edition. New York: McGraw-Hill. Garg, S., 2009. A Primer on Security Attacks - Computer Security Issues. [Online] Available at: http://ezinearticles.com/?A-Primer-on-Security-Attacks---Computer-Security-Issues&id=2486144 [Accessed 22 January 2011]. Magalhaes, R.M., 2004. Hardening Windows NT/2000/XP Information Systems. [Online] Available at: http://www.windowsecurity.com/articles/Hardening_Windows_NT2000XP_Information_Systems.html [Accessed 21 January 2011]. Majid, F., 2002. Windows configuration management. [Online] Available at: http://majid.info/blog/windows-configuration-management/ [Accessed 22 January 2011]. Microsoft., 2011. Introduction to Configuration and Management. [Online] Available at: http://technet.microsoft.com/en-us/library/cc938746.aspx [Accessed 22 January 2011]. Norton, P., 2001. Introduction to Computers, Fourth Edition. Singapore: McGraw-Hill. Rash, M. et al., 2005. Defend Your Windows System Against These Lesser-known Security Attacks. In Intrusion Prevention and Active Response: Deploying Network and Host IPS. 1st ed. Burlington: Syngress Publishing. Ray, R., 2004. Technology Solutions for Growing Businesses. New York: American Management Association (AMACOM). Shelly, Cashman & Vermaat, 2005. Discovering Computers 2005. Boston: Thomson Course Technology. SmartFrog, 2010. Configuration Management. [Online] Available at: http://www.smartfrog.org/wiki/display/sf/Configuration+Management [Accessed 22 January 2011]. TechRePublic, 2000. Planning your Windows NT domain structure. [Online] Available at: http://www.techrepublic.com/article/planning-your-windows-nt-domain-structure/5033384 [Accessed 21 January 2011]. TechRePublic, 2010. Defend Your Windows System Against These Lesser-known Security Attacks. [Online] Available at: http://www.techrepublic.com/downloads/defend-your-windows-system-against-these-lesser-known-security-attacks/297603 [Accessed 21 January 2011]. TechTarget, 2000. Domain Controller. [Online] Available at: http://searchwindowsserver.techtarget.com/definition/domain-controller [Accessed 21 January 2011]. TechTarget, 2010. Security. [Online] Available at: http://searchsecurity.techtarget.com/sDefinition/0,sid14_gci1244022,00.html [Accessed 22 January 2011]. Turban, E., Leidner, D., McLean, E. & Wetherbe, J., 2005. Information Technology for Management: Transforming Organizations in the Digital Economy. New York: Wiley. Winterscheid, T. & Vetter, A., 2010. Domain Structure and Active Directory. [Online] Available at: www.roggeweck.net/uploads/media/DomainStructureReport.doc [Accessed 22 January 2011]. Read More