General discussion

Locked

Security issues on all Windows O/S

By farisland ·
Can anyone help me out with security issue problems? We have reason to believe that our Windows NT Workstations, NT Servers, Windows 95/98 and HP-UNIX systems have been compromised. We have no intrusion detection or key logging detection or any sortof security software installed on any machines. What I want to check is whether any files have been copied, deleted or modified. Are there any features in the above operating systems to check for these actions? Is it possible to do that and if so how do I go about doing it? Also can anyone recommend software that will detect these actions or any good security software that in the future will monitor these activities?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Security issues on all Windows O/S

by farisland In reply to Security issues on all Wi ...

Point value changed by question poster.

Collapse -

Security issues on all Windows O/S

by Curacao_Dejavu In reply to Security issues on all Wi ...

For the windows nt part, if you didnt have auditing enabled its impossible right now to see what has changed and who accessed what.
Start with changing all password of the users and all services in case of the SAM has been compromised.
You have tostart with enabling auditing for success and failed user logons ( when you changed the passwords and there is a lot of failed logon attempts you can start tracing that) , and for access of the most critical shared data. Make sure the logfilesize is big and make a habit of saving it everyday so you can check back on it.
Make sure your servers are patched against the latest security issues of nt (simply go to the www.windowsupdate.com site and download them or go to the download section of MS todownload the pacthes.
On the servers and on the domain move the everyone group from the logon locally right (this means that everyone can fysically sit behind the servers and logon on, you want only the administrators to do that).
Go to the technet section of MS, the is artickle called securing or hardening a nt server. I will try to look that up.

There is software to detect those issues but I don not know them (+ there is a budget issue :) )

regards,

Leopold

Collapse -

Security issues on all Windows O/S

by Curacao_Dejavu In reply to Security issues on all Wi ...

http://www.enteract.com/~lspitz

a beginners hardening nt.

On thec techrepublic site is also a artickle called.
Also 7 tips for greater server security

Collapse -

Security issues on all Windows O/S

by farisland In reply to Security issues on all Wi ...

Thank You for your invaluable suggestion.

Collapse -

Security issues on all Windows O/S

by PENGUINSRULE In reply to Security issues on all Wi ...

I have to agree with poster #1..

do you have a good firewall installed?

Collapse -

Security issues on all Windows O/S

by farisland In reply to Security issues on all Wi ...

Thanks for the reply. We do have a firewall installed. We are assuming that the compromise was within the firewall enviornment. Thank You

Collapse -

Security issues on all Windows O/S

by PENGUINSRULE In reply to Security issues on all Wi ...

Since you didn't say where the penetration came from, we have to assume the obvious first..

I would:

Turn auditing on for your servers

I would go over the group permissions really well, and lock down as appropriate. Depending on the environment you could have folks with more permissions that they need. I've certainly seen this before.

Like #1 said - make sure you have every possible security patch installed.

You could trace a few things at the packet level using a sniffer.

I'd lock down network properties

Rick

(For Grins - I think you should migrate to secure VMS configured to B2 security - to date, there are NO KNOWN penetrations.) :)
Yes, I'm a VMS bigot - who sometimes does NT/2000 work.

Collapse -

Security issues on all Windows O/S

by farisland In reply to Security issues on all Wi ...

Very kind of you to reply back. I will implement your suggestions. Thank You

Collapse -

Security issues on all Windows O/S

by farisland In reply to Security issues on all Wi ...

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums