Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1998

Anti-Hacking Guide For NT Users Ready For Release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Anti-Hacking Guide For NT Users Ready For Release

To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Anti-Hacking Guide For NT Users Ready For Release
From: Ken Williams <jkwilli2UNITY.NCSU.EDU>
Date: Mon, 2 Mar 1998 16:36:56 -0500
Comments: To: ntseciss.net, ntsecurityiss.net, idsiss.net
Reply-To: Ken Williams <jkwilli2UNITY.NCSU.EDU>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

Anti-Hacking Guide For NT Users Ready For Release

http://www.techweb.com/wire/story/TWB19980302S0002

(03/02/98; 9:48 a.m. EST)
By Amy Rogers, InternetWeek

NT hackers, beware: Some of your tricks  have been revealed.

On Wednesday, the SANS Institute, a Bethesda, Md.-based think tank and
research organization, will release a list of procedures systems
administrators can follow to tighten security on out-of-the-box Windows NT
4.0.

The list was compiled after about 77 universities, corporations, and
vendors got together and compared notes about their tested techniques for
closing security holes in NT.

"The way NT comes out of the box leaves opportunities for people who want
to break in," said Alan Paller, director of research at SANS, which
sponsors seminars in networking and system administration. "What was
fascinating was the holes were so much in front and so easy to close."

It's a matter of opinion whether those holes can be construed as bugs or
simply places Microsoft deliberately left open for future enhancements to
the operating system, Paller said, adding he is not a Windows advocate.

"Microsoft has to leave certain things open to allow certain services to
work," Paller said. "If you are going to do network support, or have an
extranet or an intranet, you can still close them, but you have to go
through five or six steps to do it."

Paller said such gaps can be found in all OSes. "VMS used to come with a
guest account that had no password," he said. "Sun OS used to be very easy
to get into until you closed the holes."

A wide range of organizations contributed to the list of security
procedures. A sampling: Andersen Consulting, Digital Equipment, Exxon
Chemical, Kodak, Motorola Semiconductor, Microsoft, Northern Telecom, the
University of Minnesota, and the U.S. Air Force.

Paller said the 36-paged guide about enhancing NT security is available
from SANS Institute for $19.  SANS will send an e-mail summary of the
steps to people who inquire at infosans.org.

---

Enjoy...

Ken Williams

/--------------------------[   TATTOOMAN   ]--------------------------\
| ORG: NC State Computer Science Dept    VP of The  E. H. A. P. Corp. |
| EML: jkwilli2adm.csc.ncsu.edu         ehaphackers.com             |
| EML: jkwilli2unity.ncsu.edu           ehap-securehackers.com      |
| WWW: http://www4.ncsu.edu/~jkwilli2/   http://www.hackers.com/ehap/ |
| FTP: ftp://152.7.11.38/pub/personal/tattooman/                      |
| W3B: http://152.7.11.38/~tattooman/w3board/                         |
| PGP: finger tattooman152.7.11.38                                   |
\----------------[   http://152.7.11.38/~tattooman/  ]----------------/

Next by Date: Alert: New Teardrop Attack
Next by thread: Alert: New Teardrop Attack
Index(es):
- Date
- Thread