Handbook for Windows NT Network Security

by

Mitun Gulati

CS 800: Special Studies Spring 2000

This Handbook was prepared by Mitun Gulati in partial fullment of a Masters of Science in Computer Science in the Department of Computer Science, School of Applied Science and Liberal Arts, Stevens Institute of Technology, Castle Point on Hudson, Hoboken, NJ.

Supervising Professor: Lawrence Bernstein

 

1. WINDOWS NT

Introduction

Windows NT is on a roll. Enterprises are choosing Windows NT over Unix to host web applications for intranets, extranets and even for the public Internet. As Windows NT becomes more popular for application servers, NT administrators are concerned about security.

This handbook provides a step-by-step recipe for using Windows NT security features with a layman’s description of security requirements.

Windows NT security accomplish two very simple but important things:

  1. Restricts access to system resources, files and device.

  2. Audits acess to system resources, files and devices by making a log entry.

The idea is to verify the users during logon, and authorize their access to resources. This requires a user account that defines who the users are and what they can do on the system. In a network environment, security is critical. Since users place data on servers shared with others, they expect a high level of security.

You cannot install Windows NT without its advance security features. But the default securities setting that are made during the initial set up are not optimized for tight security. You must evaluate and upgrade the security settings to fit your needs.

Windows NT takes advantages of features in the Intel 30836 and above processors to implement some of its security features. Protected-memory features prevent any program from accessing the code or data used by another program or by the operating system itself. Every program runs in its own protected memory. Unauthorized attempts by one program or process to access the memory of another program or process are denied by the operating system.

The user account is a central theme of a Windows NT operating system. Anyone who wants access to computer or network types a user name and a password to gain access. The information about user type is checked in a user account database and holds information to verify users. If the information matches, the user is authenticated onto the network.

Computer Security

Definition:

The term Security immediately evokes the notions of:

  • Protection

  • Peace of mind

  • Trustworthiness

In the most basic sense, Computer system security ensures that your computer does what it is supposed to do even if its users don't do that what they are supposed to do. It protects the information stored in it from being lost, changed whether maliciously or accidentally, or read or modified by those not authorized to access it. It tracks all access so that it knows if someone forces their way into palces they you don’t want them. After all, the lock on your front door does not keep criminals out, it leaves evidence that someone has broken in.

Proper administration of system, client and server, as well as the faithful observance of related business procedure, physical access controls, and audit functions are vital in a sefcure envionment. Security means:

    1. Legitimate use,

    2. Confidentiality,

    3. Data integrity,

    4. Audits.

Introduction to Orange Book.

The US department of defense has published its security evaluation specification in Trusted Computer Security Evaluation Criteria (TCSEC), which is often called "Orange Book". The Orange Book defines four broad hierarchical division of security protection in increasing order of trust, they are.

D Minimal Security
C Discretionary
B Mandatory Protection
A Verified protection

Each division consists of one or more numbered classes, with higher numbers indicating a greater degree of security.

Orange Book Security Levels

Level

Name

D

Minimal Protection

C1

Discretionary security Protection

C2

Controlled Access Protection

B1

Labeled Security protection

B2

Structured Protection

B3

Security Domain

A1

Verified Design

 

2. Security Classification

All networked facilities, system and data are classified according to their sensitivity to disclosure and their mission critically. Following is the security classification.

  • Unclassified: Distribution of this material is not limited.

  • Confidential: Disclosure of this information could cause measurable damage to the organization as a whole.

  • Secret: Disclosure of this information would cause grave and irreparable harm to the organization as a whole.

Here, I will not discuss in detail each of this classification, as this is not my main topic of concern.

Security zones:

According to Matthew Sterbe in the NT network security, the security zones are:

  • Human Security: Defines those security policies that regulate nonusers or potential users prior to the contact with the system.

  • User Policy: Define those security policies that regulate the normal use of networked system by authorized users. These policies seek to limit the extent of damage that can be caused accidentally or otherwise by authorized users.

  • Client Security: Regulates the software used to connect network clients to network servers, including networked file system, user accounts, and logon methods.

  • Server Security: Regulates the service s and application that run on servers.

  • Data Security: Protects the data stored on servers through fault tolerance and account base permission.

  • Remote Access Security: Protected networked system from unauthorized access via direct remote attachment.

Security Requirements:

The object of computer security is to control Who has access to What. The Who in the case of computer security are those network users with access, and everyone else to whom you wish to restrict access. The What are the resources on your network including files, directories, printers etc.

A computer operating system that has good security mechanism does the following:

  • Tracks individual users with an account name and password.

  • Tracks security by creating group of users.

  • Applies the security to the users.

  • Restricts or relaxes what the user may access depending on the location or mode of access.

  • Tracks owners of the files and directories.

  • Differentiates between operations that may be performed by the user or by the operating system.

  • Provides a security system that can be used over network as well as locally.

 

3. The Evolution of Windows NT Server

The most notable design objectives for Windows NT were and still are:

  • Extensibility The ability for the Windows NT operating system to grow over time and meet market requirements. Extensibility may be accomplished through Windows NT’s modular design, the creation of a privileged processor mode (kernel mode) and non privileged processor mode (user mode), use of objects, ability to load device drivers, remote procedure call facility, and the ability for applications to utilize the Windows NT services.

  • Security The role of security in an operating system was analyzed and the layered security model of Windows NT resulted. This was accomplished through the development of the Security subsystem and it’s associated components: LSA, SRM, SAM, and the discretionary access controls.

  • Portability The ability to function on multiple architectures. Windows NT may operate in certain CISC and RISC architectural environments. Portability may be accomplished through the Windows NT Hardware Abstraction Layer. This layer separates Windows NT from the architecture.

  • Reliability The ability to guard against adverse potential events: robustness. Reliability was designed into NT through its government C2 security rating and the error exception handling capability.

  • Compatibility The ability to execute applications written for other operating systems. Windows NT can run the 32 bit applications, MS-DOS 16-bit applications, as well as certain OS/2 applications and POSIX applications.

  • Performance The ability to process data calculations rapidly. Performance goals may be accomplished through Windows NT’s ability to utilize faster multiprocessors, multiple processors (SMP), memory management, and optimized system services.

 

4. The How to of NT Security

How do I enable auditing

Logon as the Administrator (or a member of the Administrators group) and perform the following

  1. From the Start Menu, Programs, Administrative Tools and start User Manager

  2. From the Policies menu, select Audit

  3. Enable the events you want to Audit and click OK

  4. Exit User Manager

It is also possible to configure auditing on a file/directory. Right click on the file/directory, select properties, and select the security tab and then select auditing

How do I view/clear the security log

Logon as the Administrator (or a member of the Administrators group) and perform the following

  1. From the Start Menu, Programs, Administrative Tools and start Event Viewer

  2. From the Log menu, select Security

  3. Double click any entry for more information

  4. Close the individual event information window

  5. To clear, select Log and clear all events. It will ask if you want to save the info, click No. It will prompt again if you are sure, click Yes

  6. Close Event Viewer

How can I copy files and keep their security and permissions?

By default when you copy files from one NTFS partition to another, the files inherit their protections from the parent directory. It is possible to copy the files and keep their settings using the SCOPY program that comes with the NT resource kit. SCOPY can copy owner and security audit information:

SCOPY c:\savilltech\secure.dat d:\temp\ /o /a
would copy the owner and auditing information. You can also use /s to copy information in subdirectories.

Note: Both the origin and target drives must be NTFS or the command will fail.

How do I enable auditing on certain files/directories?

Auditing is only available on NTFS volumes. Follow the instructions below:

  1. Start Explorer

  2. Right click on the file/directory you want to audit, and from the context menu select properties

  3. Select the Security tab and click Auditing

  4. If you have selected a directory, check the "replace auditing on subdirectories"

  5. Click the Add button and add the user(s) who you wish to audit by selecting and clicking Add. When finished adding users, click OK

  6. Select the events you wish to audit and then click OK

Note: You must ensure that File access auditing is enabled (Start - Programs - Administrative Tools - User Manager - Policies - Audit). These events can then be viewed using the Event Viewer (Start - Programs - Administrative Tools - Event Viewer - Log - Security)

How can I configure the system to stop when the security log is full?

To avoid security logs being lost you can configure the system to halt if the security log becomes full so that only Administrators can logon, they can then archive the log and purge  

  1. Start the registry editor (regedit.exe)

  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. If CrashOnAuditFail exists then skip to step 4, if not from the Edit menu select New - DWORD value and enter a name of CrashOnAuditFail. Click OK

  4. Double click on CrashOnAuditFail and set to either:

    (a) Stop if the audit log is full
    (b) This is set by the operating system just before the system crashes due to a full audit log. When set to 2 only the administrator can logon.

  5. Close the registry editor

When this happens the OS will display a BSOD

How can I clear the pagefile at shutdown?

As pagefile contains areas of memory that were swapped out to disk, it may be in a secure environment you want this pagefile cleared when the machine is shutdown as parts of memory containing passwords/sensitive information may have been mapped out to the pagefile.

  1. Start the registry editor (regedit.exe)

  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

  3. If the value ClearPageFileAtShutdown does not exist, from the Edit menu select New - DWORD value and enter a name of ClearPageFileAtShutdown

  4. Double click on ClearPageFileAtShutdown and set to 1

  5. Reboot the machine and next time you shutdown the pagefile will be cleared

How do I enable strong password filtering?

Windows NT 4.0 introduced a password filter, passfilt.dll, which implements the following new restrictions

  • Passwords must be at least 6 characters long

  • Passwords must meet at least 3 of the following criteria
    - Uppercase letters A-Z
    - Lowercase letters a-z
    - Number(s) 0-9
    - Non-alphanumeric character (e.g. !, etc.)

  • Password may not contain your user name or any part of your full name

To enable this functionality perform the following on all PDC's (and stand alone's if used). You do not need to install this on BDC's, however you should in case the BDC is promoted to a PDC.

  1. Start the registry editor (regedt32.exe, do not use regedit.exe)

  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. Double click on "Notification Packages"
    Add PASSFILT on a new line (there may be a FPNWCLNT so you should add this after this value). Click OK

  4. Close the registry editor

  5. Reboot the machine

It should be noted you will still be able to set passwords in User Manager that do not meet the criteria, this is by design as direct SAM updates are not filtered.

 

How can I restrict access to objects from Anonymous accounts?

It is possible to restrict the ability to list domain user names and enumerate share names available to anonymous logon users (also known as NULL session connections). If you feel this is a security risk Windows NT 4.0 introduces an option to stop anonymous users listing users and shares.

To enable this perform the following:

  1. Start the registry editor (regedit.exe)

  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. From the Edit menu select New - DWORD value and enter a name of RestrictAnonymous if it does not already exist

  4. Double click the value and set to 1. Click OK

  5. Reboot the computer

What is a SID (Security ID)?

SID stands for Security Identifier and is used within NT/2000 as a value to uniquely identify an object such as a user or a group. The SID assigned to a user becomes part of the access token, which is then attached to any action attempted or process executed by that user or group. If a duplicate SID did exist then all users with this SID would authenticate as what would be seen as the same user. It is possible for cloned machines to have the same SID, which would be seen by the authentication mechanism as the same machine. The SID under normal operation will be unique and will identify an individual object such as a user, group or a machine.

A SID contains:

  • User and group security descriptors

  • 48-bit ID authority

  • Revision level

  • Variable sub-authority values

For example: S-1-5-21-917267712-1342860078-1792151419-500

 

5. TIPS

  • Always use NTFS disk partition instead of FAT. NTFS offers security features and FAT doesn't - You won't be able to set any access permissions for files and directories on that drive.

  • Make sure that all of NT's password features have been implemented. This requiring users to have strong passwords, changing it at regular intervals.

  • Default Administrator account is a target for most intruders. Create a new admin account and take away all permissions from the existing admin account.

  • Do this by creating a new user, add him to the administrator group and duplicate all account policies and permissions granted to the default admin. After that revoke all the permissions from the default admin. But do leave it enabled, this way intruders won't know its crippled until they take the time to actually crack the account.

  • Enable Auditing on all NT systems

  • Be careful about NT domain trusts

  • Block all non-essential TCP/IP ports, both inbound and outbound.

  • Delete or disable unused accounts.

  • Make sure the user do not leave their NT workstation turned on and unattended.

  • Remove or disable the guest account.

  • Don't run services you don't actually need.

 

6. Windows NT Server Attacks and Defenses

As its usage across business and industry increases, Windows NT server has come under closer scrutiny than ever regarding possible security flaws and holes. In the following table, we examine the various attacks on the Windows NT Server operating system and the defenses put in place in attempts to mitigate them.

Windows NT has been shown vulnerable to various Denial of Service (DOS) and other attacks that either attempt to retrieve sensitive information or attempt to gain access with permissions greater that the attackers own. To provide a secure environment, Microsoft provides fixes in the form of patches and service packs. After being notified of the exposure presented, Microsoft issues fixes. Listed below are some of the more widespread attacks that have been identified and the associated fix that has been released.

 

Attack / Method

Defense

Access Gaining and Information Gathering

  

Anonymous User Connections (Red Button) is used to gain information regarding the administrative account and the network shares that are available.

Insert key into registry that prevents the anonymous user from making a network connection to the server:

HKLM\ System\ CurrentControlSet \Control\ LSA\ RestrictAnonymous\*

Type: REG_DWORD

Value: 1

Remote Registry Access attempts to gain access to the registry, either to retrieve passwords or to change system settings.

Remote registry access is prevented in Windows NT Server version 4.0 by the addition of a registry key. This key is present by default in a new installation of Windows NT Server 4.0, but is not present by default in Windows NT Workstation 4.0. It may also not be present in a computer that has been upgraded from Windows NT Server 3.51.

HKLM\ System\ Current Control Set\ Control\ Secure Pipe Servers \ winreg

Password Theft and Cracking is an attempt to capture hashed passwords and crack them in order to gain further access to a system.

Increase password encryption in the SAM by applying the features of SP 3. Remove anonymous accesses to the system and tighten registry security.

Weak and Easily Guessed Passwords

Enforce a strong password policy from the domain controller using passfilt.dll. Passfilt.dll is available from Service Pack 2 onward. Details on how to implement passfilt.

Rollback -- Rollback.exe is included with Windows NT 4.0. It is a tool that forces the systems configuration back to installation settings.

Rollback may be used as a Trojan Horse, and it should be deleted from all systems.

GetAdmin -- The GetAdmin program was recently released from a Russian source. GetAdmin allows a regular user to get administrative rights on the local machine.

A follow on to GetAdmin that may bypass the hotfix has just been released during this writing.

A security hotfix to patch both GetAdmin and the follow-on issue have been released by Microsoft.

Services running under System context could be used to gain access to the registry and other parts of the system as "SYSTEM".

Run Services as accounts other than system wherever possible.

Unsecured Filesystem access using either a DOS or Linux-based tool gives access to the NTFS filesystem without any security controls.

Physically secure the server to prevent access to the diskette drive.

Server Message Block (SMB) NetBIOS access. These access ports that are required for file sharing may present an access path, especially when exposed to the Internet or when used in conjunction with a UNIX server running the Samba toolset.

Apply service pack 3 and disable TCP and UDP ports 137, 138, and 139 on any server connected to an outside network.

Denial of Service

  

Telnet to unexpected ports can lead to lock systems or increased CPU usage. Telnet expects connections to be made to port 23 only. By default, Windows NT does not support a telnet daemon.

Apply Service Pack 2 or 3.

The Ping of Death (Large ping packet). An attack that has affected many major operating systems has also been found to affect Windows NT. The Ping of Death is caused by issuing ping packets larger than normal size. If someone was to issue the ping command, specifying a large packet size (>64 bytes), the TCP/IP stack will cease to function correctly. This effectively takes the system off-line until rebooted. Most implementations of ping will not allow a packet size greater than the 64 byte default, however Windows '95 and NT do allow this exception and can therefore cause or be vulnerable to such a system denial.

A recent version of this problem has affected Windows NT Server version 4.0 SP3 systems that run IIS and are exposed to the Internet. This was due to a fragmented and improperly formed ICMP packet.

This problem was resolved in SP2.

A new hot fix has been released, post SP3, called the icmp-fix.

SYN' Flood Attack -- A flood of TCP connection requests (SYN) can be sent to an IIS server that contain "spoofed" source IP addresses. Upon receiving the connection request, the IIS server allocates resources to handle and track the new connections. A response is sent to the "spoofed" non-existent IP address. Using default values, the server will continue to retransmit and eventually deallocate the resources that were set aside earlier for the connection 189 seconds later. This effectively ties up the server and multiple requests can cause the IIS server to respond with a reset to all further connection requests.

Service Pack 2 provides a fix to this vulnerability.

Out of Band Attacks - Out of Band (OOB) attacks, where data is sent outside the normal expected scope have been shown to affect Windows NT. The first OOB attack was identified after Service Pack 2 (SP2) and a patch were released that was also included in SP3. This attack caused unpredictable results and sometimes caused Windows NT to have trouble handling any network operations after one of these attacks.

Since the release of SP3, another problem has been identified in the TCPIP.SYS network driver that caused Microsoft networking clients to remain vulnerable to variations of the OOB attack, coming from the Apple Macintosh environment. The OOB attack crashes the TCP/IP protocol stack, forcing a reboot of Windows NT. A subsequent hotfix was released to counter this attack.

Apply service pack 3 and the subsequent OOB-fix.

 

7. Security Architecture

Design

Windows NT Server utilizes an integrated architecture to authenticate, validate and record information about security within the operating system. The security architecture consists of several components:

    1. Security Reference Monitor

    2. Local Security Authority

    3. Security Account Manager

    4. Mandatory, Secure Logon Process

    5. Discretionary Access Controls

    6. Access Tokens and Security Identifiers

    7. Access Control Lists

The overall system architecture is divided into two main areas: the kernel and user. These are shown in the diagram. The segments of the architecture that relate to security: Security Reference Monitor, Security Subsystem and the Logon Process; are highlighted on the diagram. Within this architecture, Windows NT is able to apply security to every object and process it controls. This means that every object resident on the Windows NT computer and every process running on that computer are subject to the security controls of the overall architecture.

 

 

1.) Security Reference Monitor

The Security Reference Monitor (SRM) is part of the NT Executive within the NT Kernel as shown in diagram, with the security functions highlighted in gray. It is responsible for enforcing all accesses validation and audit policies defined within the Local Security Authority. In this way, the SRM is designed to protect all system objects from unauthorized access or modification. The SRM is the repository for the system’s access validation code and is the only copy of that code on any given Windows NT system. This ensures that all protection is provided uniformly to objects on the system. The SRM provides services for validating access to objects, generating audit messages that are subsequently logged by the Local Security Authority, and verifying user accounts for the appropriate privileges.

 

 

 

2.) Local Security Authority

The Local Security Authority (LSA) provides many services to the security subsystem of the Windows NT operating system. It is designed to ensure that the user has permission to access the system by validating the user logon. It manages the local security policy as set by the administrator; it generates access tokens, and provides interactive validation services when access is requested for any system object. The LSA also controls the audit policy, set by the administrator, and writes any messages generated by the Security Reference Monitor to the event logs.

3.) Security Account Manager

The Security Account Manager (SAM) controls and maintains the Security Account Database (SAD). The SAD is part of the registry and is invisible to the users during normal processing. The SAD contains account information for all user and group accounts. The SAM provides the user validation service during logon that is used by the LSA. It compares the cryptographic hash of the password given at logon time with the hashed password stored in the SAD. It will then provide the user’s Security Identifier (SID), as well as the SIDs for any group the user belongs to, back to the LSA for the creation of the access token that will be used during that session.

4.) Logon Process

The Windows NT logon process, which is diagrammed in figure, is mandatory for initiating a session with a Windows NT server or workstation. The logon process differs slightly if the user is attempting to logon to a local machine or to a remote server in a network. The logon is a multi-step process that the following list. The numbers that follow the steps match the step with pictures included in figure.

Local Machine Logon

  • Press ctrl+alt+delete keys together to display a logon dialog box (1)

  • Type the userid and password (1)

  • Press enter

  • The password is hashed and sent to the local Local Security Authority (LSA) (2,3)

  • The LSA makes a call to the MSV1_0 authentication package and compares the hash to the hash stored in the local SAM database (4,5)

  • The LSA creates an access token using the user’s account SID and group SIDs returned from the MSV1_0 authentication package (6,7)

  • The NT Explorer Shell opens with the user’s access token attached (8,9)

  • Domain Account Logon

  • Press ctrl+alt+delete keys together to display a logon dialog box (1)

  • Type the userid, password, and select the domain (1)

  • Press enter

  • The password is hashed and sent to the local Local Security Authority (LSA) (2,3)

  • The LSA makes a call to the MSV1_0 authentication package

  • Because the account does not come from the local account database, MSV1_0 calls the NETLOGON service to establish a secure RPC session with a domain controller for authentication

The server issues a 16-byte challenge packet called a nonce (2,3)
The nonce and the hashed password are encrypted together (3)
This encrypted response is sent back to the server (3)
The server uses the nonce plus the hashed password from its SAM to create a copy of the response (4,5)
The response from the user is compared to the server's created response (5)
The NETLOGON service on the domain controller passes the information to the MSV1_0 authentication module on the domain controller, which is in turn compared to the SAM database (4,5)

  • The NETLOGON service on the domain controller returns the user’s SID and global SID information to the requesting client

  • NETLOGON on the client returns the SID information obtained from the domain controller to the local LSA process

  • The local LSA process looks in the local SAM database to acquire local group SID information

  • The user SID, global SID, and local SID information is used generate the access token (6,7)

  • Explorer Shell opened with the user’s access token attached (8,9)

 

5.) Discretionary Access Controls

Discretionary Access Controls (DAC) provide object and resource owners the means to control whom can access resources as well as how much access they may have. Access to system resources, such as files, directories and folders, printers, network shares, and system services; can be controlled either through GUI-based system tools or through the command line.

Objects in Windows NT support discretionary access controls. The NT Explorer, Print Manager, User Manager for Domains, and Server Manager are tools used to manipulate DACs on the common objects that users and administrators work with in the Windows NT environment.

6.) Access Control Lists

Objects within a Windows NT system may have an Access Control List. Access Control Lists (ACL) are lists of users and groups that have some level of permissions to access or operate an object. Each object in the Windows NT system contains a security descriptor, which is comprised of the Security Identifier of the person who owns the object, the regular ACL for access permissions, the system ACL (SACL) which is used for auditing, and a group security identifier.

ACLs may be composed of Access Control Entries (ACE). There are situations where an ACL will have no ACEs. This is known as a null or empty ACL. Each ACE describes the permissions for each user or group that has access to an object. Access Control Entries within Windows NT are composed of permission categories known as either standard or special. Each permission type is valid for both files and directories. Special permissions consist of the six individual permissions, while the Standard permissions are combinations derived from the special permissions. These permission levels include No Access, a level of authority that may supersede all other authorities

 

8. Firewalls

A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.

A firewall, as shown above, puts up a barrier that controls the flow of traffic between networks. The safest firewall would block all traffic, but that defeats the purpose of making the connection, so you need to strictly control selected traffic in a secure way. The highest level of protection today is provided by application-level proxy servers. Here, proxy services run at the application level of the network protocol stack for each different type of service (FTP, HTTP, etc.).

A proxy server is a component of a firewall that controls how internal users access the outside world (the Internet) and how Internet users access the Internal network. In some cases, the proxy blocks all outside connections and only allows internal users to access the Internet. The only packets allowed back through the proxy are those that return responses to requests from inside the firewall. In other cases, both inbound and outbound traffic are allowed under strictly controlled conditions. Note that a virtual "air-gap" exists in the firewall between the inside and outside networks and that the proxies bridge this gap by working as agents for internal or external users.

What are proxy servers and how do they work?

A proxy server (sometimes referred to as an application gateway or forwarder) is an application that mediates traffic between a protected network and the Internet. Proxies are often used instead of router-based traffic controls, to prevent traffic from passing directly between networks. Many proxies contain extra logging or support for user authentication. Since proxies must ``understand'' the application protocol being used, they can also implement protocol specific security (e.g., an FTP proxy might be configurable to permit incoming FTP and block outgoing FTP).

Proxy servers are application specific. In order to support a new protocol via a proxy, a proxy must be developed for it. One popular set of proxy servers is the TIS Internet Firewall Toolkit (``FWTK'') which includes proxies for Telnet, rlogin, FTP, X-Window, HTTP/Web, and NNTP/Usenet news. SOCKS is a generic proxy system that can be compiled into a client-side application to make it work through a firewall. Its advantage is that it's easy to use, but it doesn't support the addition of authentication hooks or protocol specific logging

How do I make FTP work through my firewall?

Generally, making FTP work through the firewall is done either using a proxy server or by permitting incoming connections to the network at a restricted port range. The FTP client is then modified to bind the data port to a port within that range. This entails being able to modify the FTP client application on internal hosts.

 

9. Windows 2000

Features:

  • Plug-n-Play: similar to Windows 98

  • AGP Support: Accelerated Graphics Port, a new initiative by Intel

  • USB & FireWire Support: Universal Serial Bus and 1394 IEEE high-speed interfaces

  • DVD: Digital Video/Versatile Disk support, the successor to CD-ROMs

  • OnNow ACPI: Advanced Configuration & Power Interface to allow systems to seem to turn on instantly, and save power (especially on laptops). This also requires a motherboard with the 440LX chipset.

  • Easier Migration: an upgrade path from Windows 95 to Windows 2000 included

  • Remote Storage Management: Hierarchical storage management and Remote Storage manager

  • Disk Volume Management: An updated Disk Administrator tool.

  • Active Directory: An x.500/LDAP implementation, replacing WINS and the Domain concept

  • Scripting Tools: DOS .cmd files will be replaced with Active Scripting, using Visual Basic

  • TCP/IP: Version 6.0 of the TCP/IP protocol will be supported.

  • ATM Support: Native ATM support will be included with Windows 2000.

  • Defrag Utility: A defragmentation utility for NTFS will be included with Windows 2000..

  • FAT32 Support: Support to read and write FAT32 volumes.

  • More RAM: Can utilize up to 64GB RAM, depending on version

References

Books

  1. Fundamental of Computer Security Technology

    2. By: Amoroso, Edward
  2. NT Network Security

    3. By: Strebe, Matthew; Perkins, Charles; Moncur, Michael G.
  3. Windows NT Security

    4. By: Rutstein, Charles
  4. Windows NT Security Handbook

    5. By: Sheldon, Tom
  5. Computer Security Basics

    6. By: Russell, Deborah; Gangemi, G.T
  6. PC World Magazine

 

URL’s

  1. http://www.ntfaq.com
  2. http://www.ntresearch.com
  3. http://www.linux.org
  4. http://www.pcworld.com/
  5. http://www.faq.org/faqsfirewalls-faq
  6. http://www.linuxdoc.org
  7. http://www.microsoft.com
  8. http://www.bcr.com/bcrmag
  9. http://www.whatis.com