General discussion

  • Creator
    Topic
  • #2090727

    Ed Bott’s Microsoft Challenge–2/1/01

    Locked

    by ebott ·

    Last week, Microsoft suffered a double whammy, with Web site blackouts that lasted, on and off, for three days. Microsoft insists that the original problem was a misconfigured router, but they admit that a denial of service attack was responsible for the second and third wave of outages. You don’t have to be as big as Microsoft to be a target — anyone who runs any Windows server software needs to be conscious of security holes.

    I’m ready to crack down on my network, but where do I start? How do you test your system to make sure it’s as safe as possible? Can you recommend software, hardware, or services that can identify security issues before they become problems? What kind of procedures do you have in place to make sure that the latest patches are applied to Web servers? If you?ve developed effective security policies for your Windows network, share them with your fellow TechRepublic members and earn up to 2,001 TechPoints. Click here to tackle this week’s Microsoft Challenge.

All Comments

  • Author
    Replies
    • #3854267

      Ed Bott’s Microsoft Challenge–2/1/01

      by bule ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      The best way to ensure that you can retain your network security and integrity is to do frequent security audits, and always check if you can gain access using easily available hacking tools.

      The most important things you need to do in setting upyour network is to ensure that you only run the services you need, and only open the ports needed by your network. Your gateway to the internet should be a system without any important company data, or a hardware solution backed up by a firewall and for webservers ensure that it isnt possible to overload the server (easier said than done) but it is also essential to ensure proper programming of the web content as well, as web pages themselves can cause vulnerabilities. Using patches sometimesrequires rebooting the server, so it would be best to setup windows update notification for the server, and have a backup server ready when you need to run the update (update it first). Always check security bulletins and have them email you alertsif possible (brainbuzz.com have daily mailing lists and so do alot of other sites)
      and join hacking mailing groups etc, to find out whats going on on “the other side” of computer security. Obviously effective security policies will vary from network to network due to different access requirements, but the main thing to do is to reguarly test the security yourself… then you know what to find solutions for.
      Another thing to look for is whether or not users have excessive rights… basically you should ensure that if a user doesnt NEED to be able to perform a task, then they shouldnt have rights to do it, the same goes for data access. Password policies should also be set so users cant use the easiest / most common passwords. The guestaccount should be disabled, and administrator account renamed.

    • #3835541

      Ed Bott’s Microsoft Challenge–2/1/01

      by jay- ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      There is much general wisdom in the answer from “bule”. For “tools” to diagnose your weak spots, a great first source would be Steve Gibson’s website, GRC.com. You’ll find a comprehensive set of tools with full explanations for use and a wealth of unbiased wisdom! I highly recommend a visit!

    • #3835540

      Ed Bott’s Microsoft Challenge–2/1/01

      by jay- ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      There is much general wisdom in the answer from “bule”. For “tools” to diagnose your weak spots, a great first source would be Steve Gibson’s website, GRC.com. You’ll find a comprehensive set of tools with full explanations for use and a wealth of unbiased wisdom! I highly recommend a visit!

    • #3836136

      Ed Bott’s Microsoft Challenge–2/1/01

      by rbreaux ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      I agree with blue on the update. I would go
      to windowsupdate.microsoft.com and select
      product information. Microsoft will then evaluate your pc’s configuration and make suggestions for software upgrades and hardware drivers. You would select what you would like to have upgraded on your pc. It will then upgrade your system for you. It is really nice and may not have everything but does get the important ones and you can then
      go on and search for other patches. I even remembers these so you can uninstall from there. real nice

    • #3836109

      Ed Bott’s Microsoft Challenge–2/1/01

      by clear2fire ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      Well if can happen to Microsoft it can to anyone. First I would scan all ports with a software tool called IP Tools http://www.ks-soft.net/ip-tools.eng/index.htm that will find any open port as well as many other network fuctions. This should leave you less Vulnerable to hackers. Certain routers have built in utilites that reject pings to its IP. Have a proxy with a good firewall and hope some young kid with time on his hands doesn’t come after your server.

    • #3836066

      Ed Bott’s Microsoft Challenge–2/1/01

      by blinkr ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      A very simple answer to your problem. Hose the Windows 2000 OS & install NetWare 5.1. It can outperform any MS networking OS. It will run rings around MS “security” also. Why not just switch to a REAL network operating system?!!

    • #3836025

      Ed Bott’s Microsoft Challenge–2/1/01

      by jeremy_wills ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      Ed:
      I agree with user Bule’s answer, go to http://www.grc.com, Steve gibson’s Shields Up webpage. Its a fantastic site that will tell you just which ports are listening to the outside world. Also loaded with lots of great information about one key ingredient that everyone using the internet should get and for free even, yes I said free. It’s called Zone Alarm from Zone Labs. Compared to Mc Afee’s and Norton’s Firewall softwares, it does exactly the same and only takes a few minutes of your time todownload. I have been told by an IT person that it is the better of the freebie ones on the web. Give it a whirl. Im using it right now on a dial up modem, but it is able to handle every connection under the sun, T3,T1,DSL,Cable Modem, etc… and that fact that its free… Hmm… spend millions to make millionares more rich and still be non secure or spend nothing and stay secure. I ran it with http://www.grc.com and then ran http://www.grc without it, and it was pretty scary when http://www.grc.com says greetingsand displays my name on its webpage, but didnt with the firewall running!!! Kinda scary!!!
      Hey at least something is better than nothing, hope this information is useful to someone.
      Jeremy 🙂

      • #3836024

        Ed Bott’s Microsoft Challenge–2/1/01

        by jeremy_wills ·

        In reply to Ed Bott’s Microsoft Challenge–2/1/01

        Sorry Guys:
        A correction and I owe user Jay an apology, it was User Jay who had already mentioned http://www.grc.com, and to all who have commented on this topic, you have had good things to say, and just wanted to add if we were to get a real networked OS, lets all get Linux, again another freebie gem and a big part part of what the internet runs on. And a powerful network OS.
        Thanks for reading my thoughts
        Jeremy

      • #3825323

        Ed Bott’s Microsoft Challenge–2/1/01

        by ebott ·

        In reply to Ed Bott’s Microsoft Challenge–2/1/01

        The question was auto-closed by TechRepublic

    • #3835870

      Ed Bott’s Microsoft Challenge–2/1/01

      by jugband ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      While not a complete security check, I’d go to http://www.grc.com (Gibson Research, the guys who brought you OptOut) and see ShieldsUp and LeakTest. You will get a fast, comprehensive look at your network as a “3rd party” might see it. Great for home use. If you try it at work, you might want to warn the NetOps folks, it scans ports, and that can make firewall folks jumpy.

    • #3834335

      Ed Bott’s Microsoft Challenge–2/1/01

      by alex griffiths ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      Of-course, you’ll need a decent anti-virus program, McAfee comes to mind although most offer similar features.

      On thing many people forget are security problems that come with the Internet. Many people have DSL or Cable Modems that leave them connected to Internet all the time, if your PC is also left switched on it can be vulnerable to Internet attacks.

      To help with this problem it’s possible to buy a router or firewall, but the price can be to high for many people, and the configuring the box can be daunting to people who are unfamiliar with the technology. To avoid this problem I recommend ZoneAlarm, particularly to my smaller clients.

      ZoneAlarm sits on a Windows PC and watches for unauthorized network connectivity, both incoming and outgoing. It blocks bad guys from connecting to the PC and it only allows authotized software to use the Internet. It’s simple to configure, within a couple of days you’ll have filled it’s database of trusted programs, and best of all it’s free to home users.

      You’ll be amazed how often you’ll see unauthorized access attempts, most of them come from servers at web sites you visit but many are people sweeping the Internet.

      Cheers,
      –alex

      http://www.unifiedcomputing.com

    • #3834329

      Ed Bott’s Microsoft Challenge–2/1/01

      by web maxtor ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      I find my best security tool is the guy named Craig who works in a cube in the back of my office. His extension number is 1226. After implementing any sort of network change, I casually mention it, in passing, to Craig.

      If the next day, Craig issmirking, I give him 5 dollars to tell me how he did it.

    • #3834184

      Ed Bott’s Microsoft Challenge–2/1/01

      by dlw6 ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      The products that worked for me were Internet Security Systems’ products, at http://www.iss.net and based in Atlanta.

      They offer proactive security assessment scanners, real-time intrusion detection sensors, and security management tools that collate and interpret all the data generated by the scanners and sensors.

      Their network assessment tool is the Internet Security Scanner. It probes all the machines on your network, returning reports on each machine’s vulnerabilities that can be tailored to several levels of details, from graphs and charts for managers to multi-page “how to fix it” reports for technicians. It can be configured to scan in many pre-defined ways, or a custom scan based on one of the pre-defined profiles. They also offer a Database Scanner and a System Scanner to provide detailed assessment at the local machine level.

      Their intrusion detection suite includes the RealSecure Manager, which provides an easy interface to control the RealSecure Network Sensor, RealSecure OS Sensor, and the RealSecure Server Sensor. Each sensor can monitor for user-configurable types of activity, and make user-configurable responses in real time, according to pre-defined or customized templates.

      Their products are easy to use, with context help that is actually helpful. No matter what your level of proficiency with network security, you can learn a lot from the help files.

      Product updates, such as newly developed types of attacks, come in auto-install packages downloaded from their site. Their R&D team stays on top of new vulnerabilites and attack forms, issuing alerts and product updates as required. I had the priveledge of meeting the company’s founder (now the VP), and his XForce R&D team, and they’re some very smart people who love their work.

      Good fortune,
      Don

    • #3834630

      Ed Bott’s Microsoft Challenge–2/1/01

      by garydw ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      As well as all the excellent answers above I’d suggest going to http://www.ntbugtraq.com/ and subscribing to the excellent bugtraq list. If there is a security problem with a product you will hear about it on here.
      Microsoft themseleves pass on thier security bullitens to the list along with links to the latest updates.

      Regards,


      Gary Williams

    • #3833356

      Ed Bott’s Microsoft Challenge–2/1/01

      by shantel.wilkins ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      SecureInfo Corporation specializes in protection of critical information resources against ever increasing worldwide threats and vulnerabilities. Our staff has over 250 years of extensive knowledge of defense information assurance requirements.

      SecureInfo believes that the integration of physical (information, physical, personnel) and electronic (computer, communications and emissions) security elements is the most effective and cost-efficient approach to security.

      In the scope of its analyses, we include all physical and electronic securities, providing an interdependent perspective of security. This unique multi-disciplinary approach includes:

      physical security
      information security
      personnel security
      computer securit
      telecommunications/communications security
      operations security
      emission security
      security awareness, training and education SATE)

      Certification & Accreditation (C&A)
      SecureInfo performs comprehensive testing and analysis of your system and its environment to determine the level-of-risk. The C&A meets all national, DoD, and service requirements.

      Disaster/Contingency Planning develops strategy to respond, in a synchronized fashion, to impending or in-progress emergencies, take actions to minimize losses while protecting lives, recover critical functions and finally, resume normal operations

      Configuration Management Planning creates a management structure to control inevitable changes to a system or network

      Telephone Switch Security provides analysis, testing, and evaluation (i.e., C&A) of computerized telephone switching systems

      Information Assurance Assessments “IAAP”
      provides posture assessment of electronic securities (i.e., COMSEC, COMPUSEC, and EMSEC) and SATE training programs

      Security Awareness, Training, and Education (SATE)SecureInfo provides system security awareness, training, and education services.

    • #3840296

      Ed Bott’s Microsoft Challenge–2/1/01

      by shanghai sam ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      Good & Bad news. Good news first. You want to remain secure. Yank your network and modem cards. Congrats! Your safe! Granted, that’s not a very USEFUL solution. Bad news – if your going to remain connected to the outside world, you can NEVER be 100%guaranteed secure.
      Now that the gloom and doom is over, you CAN take steps to make an intrusion less likely and more difficult. The keys are simple.
      First, regardless of Operating System, make sure you keep it your OS AND your APPLICATIONS up to date! Linux, Windows, Sun and others all release updates in some form or fashion. (SP’s, RPM’s, and Cluster Patches, etc.) IIS, Apache and Netscape Web Servers are major security risks that demand as much attention as your OS!
      Second, never expose amachine with sensitive data directly to the outside world. Always use a proxy, firewall or brick to add a layer of protection. It can be as simple as a $150 DSL/Cable router with built in firewall, a low or no cost software “firewall”, or an expensive security suite. Remember that a low cost solution can (sometimes)do the job, provided you pick the right one and your willing to learn to make it work as it should.
      Restrict permissions. If your using linux, don’t let every daemon be running as root. In a windows environment – don’t let everyone be a power user or domain admin. Use common sense. Control access. Not just physical, but remote as well.. and secure such connections thru a VPN or PPTP connection. If you don’t need telnet or ftp, close the ports, kill the processes. Kill things like finger on Sun/Unix hosts. If you don’t need it – don’t run it!
      Test and administrate! Try to find loopholes in your own system. No one knows it like you do. Log and scan the areas of weakness,such as remote connections. If you can, check syslog msg’s from a router or (better yet) an IDS box. Rename admin and root accounts. disable guest and temp accounts.
      Its a start.

    • #3840295

      Ed Bott’s Microsoft Challenge–2/1/01

      by shanghai sam ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      Good & Bad news. Good news first. You want to remain secure. Yank your network and modem cards. Congrats! Your safe! Granted, that’s not a very USEFUL solution. Bad news – if your going to remain connected to the outside world, you can NEVER be 100%guaranteed secure.
      Now that the gloom and doom is over, you CAN take steps to make an intrusion less likely and more difficult. The keys are simple.
      First, regardless of Operating System, make sure you keep it your OS AND your APPLICATIONS up to date! Linux, Windows, Sun and others all release updates in some form or fashion. (SP’s, RPM’s, and Cluster Patches, etc.) IIS, Apache and Netscape Web Servers are major security risks that demand as much attention as your OS!
      Second, never expose amachine with sensitive data directly to the outside world. Always use a proxy, firewall or brick to add a layer of protection. It can be as simple as a $150 DSL/Cable router with built in firewall, a low or no cost software “firewall”, or an expensive security suite. Remember that a low cost solution can (sometimes)do the job, provided you pick the right one and your willing to learn to make it work as it should.
      Restrict permissions. If your using linux, don’t let every daemon be running as root. In a windows environment – don’t let everyone be a power user or domain admin. Use common sense. Control access. Not just physical, but remote as well.. and secure such connections thru a VPN or PPTP connection. If you don’t need telnet or ftp, close the ports, kill the processes. Kill things like finger on Sun/Unix hosts. If you don’t need it – don’t run it!
      Test and administrate! Try to find loopholes in your own system. No one knows it like you do. Log and scan the areas of weakness,such as remote connections. If you can, check syslog msg’s from a router or (better yet) an IDS box. Rename admin and root accounts. disable guest and temp accounts.
      Its a start.

    • #3825316

      Ed Bott’s Microsoft Challenge–2/1/01

      by ebott ·

      In reply to Ed Bott’s Microsoft Challenge–2/1/01

      This question was auto closed due to inactivity

Viewing 15 reply threads