Tutorial:Windows NT
their own updates. Some fixes for
some of the Microsoft Back Office ap
The process of intrusion detection is
plications (SQL Server, Exchange, IIS)
are released separately to those for
something of a black art. However, there
Windows NT, and these will require
installing once the relevant application
are various tools that can be used to assist
is installed.
Application software such as Office
the administrator, but remember that
and Internet Explorer will also require
updating. These applications are not
these tools do not provide full cover!
usually installed on Internet facing
servers, but they are used on many
Workstation installations and as such
they do present issues, which the up
When installing on a machine you
nt/winnt public/fixes/nt40
. It may not
dates resolve.
should start with the minimum re
be necessary to install all the available
quired and add any other components
fixes; however, a minimum subset in
Securing The SAM
you need later. You should not install
cluding all security relevant fixes for
any of the following:
the machine configuration must be in
The next step is to secure the system
stalled.
accounts database (SAM). This is per
G
Any games.
Many applications that would be
formed by executing the application
G
Any accessories.
installed on the machine will have
SYSKEY.EXE. This provides some pro
G
Any communications.
G
Any multimedia options.
Audit Policy
G
Any Windows messaging.
Audit account management
Success, Failure
G
Internet Information Server (IIS)
Audit logon events
Success, Failure
Version 2.0.
Audit object access
Failure
Audit policy change
Success, Failure
You should only install TCP/IP net
Audit privilege use
Failure
working protocols; do not install any
Audit process tracking
No auditing
other network services unless explic
Audit system events
Success, Failure
itly required for instance DNS or
WINS if they are required for the ma
User Rights Assignment
SeAssignPrimaryTokenPrivilege
No one
chine's role.
SeAuditPrivilege
No one
SeBackupPrivilege
Administrators
Software
SeCreatepagefilePrivilege
Administrators
SeCreatePermanentPrivilege
No one
Install any third party software as
SeCreateTokenPrivilege
No one
required, but be aware that some soft
SeDebugPrivilege
No one
ware may require installing once other
SeIncreaseBasePriorityPrivilege
Administrators
items (such as the NT Service Pack)
SeIncreaseQuotaPrivilege
Administrators
SeInteractiveLogonRight
Administrators
have been installed.
SeLoadDriverPrivilege
Administrators
The next step is to install the latest
SeLockMemoryPrivilege
No one
NT service pack and hot fixes. The cur
SeNetworkLogonRight
No one
rent NT service pack at the time of
SeProfileSingleProcessPrivilege
Administrators
writing is SP6. It is important that,
SeRemoteShutdownPrivilege
No one
should you create a backup during the
SeRestorePrivilege
Administrators
service pack installation, this backup is
SeSecurityPrivilege
Administrators
removed before the machine is made
SeShutdownPrivilege
Administrators
SeSystemEnvironmentPrivilege
Administrators
live on a public network. This is simply
SeSystemProfilePrivilege
Administrators
because, if someone should gain access
SeSystemTimePrivilege
Administrators
to the machine, they could use the
SeTakeOwnershipPrivilege
Administrators
older files from the backup as a means
SeTcbPrivilege
No one
to enable further weaknesses that
SeMachineAccountPrivilege
No one
could be exploited.
SeChangeNotifyPrivilege
Everyone
In between service packs, Microsoft
SeBatchLogonRight
No one
releases the latest fixes as hot fixes.
SeServiceLogonRight
No one
These
fixes
are
available
from
ftp://ftp.microsoft.com/bussys/win
Figure 2 Local policies.
File: T1715.2
Issue 115 (February 2000) page 12
PC Network Advisor
< Next page >
New! The best sites for quality inkjet printer cartridges and the best sites for cheap inkjet cartridges