One hole in the outside occurs if you use the FTP server that ships with NT.
Even if you make the Sub directory the FTP dir a user can cd / to the root.
MS has a product in beta that fixes this problem until then be careful
using FTP when pointing to the outside world.
If you want to secure a server one easy way is to add to or more cards to
the server and we assume that one card is the "secure" (outside) card and
the other "unsecure" (inside) card. On the outside card unbind all network
components except TCP/IP. Get rid of server and workstation
This will allow only TCP/IP socket apps Mail, HTTP, etc
on the other side "inside" users still have access to the server as they
normally would.
From: Ron DuFresne
To: Sick Puppy
Cc: firewalls
Subject: Re: Windows NT holes and Lotus Notes holes (fwd)
Date: Monday, November 27, 1995 17:50
On Mon, 27 Nov 1995, Sick Puppy wrote:
> Several people sent me mail asking for specifics of security
weaknesses
> on Windows NT. I have found very similar weaknesses on Lotus Notes
> servers. We are are talking about some big companies here with some
> big tough lawyers who used to be football players, and I am only a
> skinny little dawg with no legal experience, so pardon my prudence in
> not being specific about holes.
>
> Run CrackerJack as a DOS program under Windoze and look for weak
> passwords. Despite all the hype about various products, I still
> routinely crack 20 percent of passwords on systems I go after.
> Mind you, I use a 20 megabyte password dictionary with 24 different
> languages. But even the Morris Worm's dictionary will get you a
couple
> of accounts on most systems.
>
> Look for large amounts of shared user disk space, such as those used
by
> cc:Mail or word processors or spreadsheets, which are
writable/readable
> by anybody and which most security programs don't check. These are
> great places for hiding your Windows hacking applications. If you do
> it right, you can set up your cracking .DLL to kick off when the user
> starts their "legitimate" application.
>
> Look for file systems which can be remotely mounted across the
network.
>
But you haven't really listed any outside-in holes here. And most of the
inside-in errors you point at are less holes and more configuration /
administration errors <moles sniffing from the inside count not>.
Crawl out from within that safe little net-doghouse and bang at an NT box
directly and document some holes in a supposedly securely setup
system...gawd, I hope admins don't just install out of the box and let
be, no matter the OS/NOS...
The cry for some real evidence continues...
Later,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Because e-mail can be altered electronically,
the integrity of this communication cannot be guaranteed.
Follow-Ups:
|
|
