Hacking Exposed 5th Edition

Windows seems to be gaining ground when it comes to securitywhatever it may have appeared to lose recently due to the internally-facing RPC and LSASS vulnerabilities has certainly been made up for by its much- hardened Internet- facing exterior (the lack of serious IIS vulnerabilities has been a true turnaround ). The gradual improvements upon Windows 2000 milestones like the firewall and Group Policy have also helped raise the bar for attackers and lower the burden for administrators.

Here are some security tips compiled from our discussion in this chapter:

• Check out Hacking Exposed: Windows Server 2003 (McGraw-Hill/Osborne, 2003; http://www.winhackingexposed.com) for the most complete coverage of Windows security from stem to stern . That book embraces and greatly extends the information presented in this book to deliver comprehensive security analysis of Microsoft's flagship OS and future versions.

• Read Chapter 13 for information on protecting Windows from client-side abuse, the most vulnerable frontier in the ever-escalating arms race with malicious hackers.

• Keep up to date with new Microsoft security tools and best practices available at http://www.microsoft.com/security.

• See http://www.microsoft.com/TechNet/prodtechnol/sql/maintain/security/sql2ksec.asp for information on securing SQL Server 2000 on Windows 2000, and see http://www.sqlsecurity.com for great, in-depth information on SQL vulnerabilities. Also, Hacking Exposed: Windows Server 2003 (McGraw-Hill/Osborne, 2003) contains an entire chapter on SQL attacks and countermeasures that encompasses all these resources.

• Remember that the OS level is probably not where a system will be attacked . The application level is often far more vulnerable especially modern, stateless, Web-based applications. Perform your due diligence at the OS level using information supplied in this chapter, but focus intensely and primarily on securing the application layer overall. See Chapter 12 and Hacking Exposed: Web Applications (McGraw-Hill/Osborne, 2002; http://www.webhackingexposed.com) for more information on this vital topic.

• Minimalism equals higher security: If nothing exists to attack, attackers have no way of getting in. Disable all unnecessary services by using services.msc. For those services that remain necessary, configure them securely (for example, disable unused ISAPI extensions in IIS).

• If file and print services are not necessary, disable SMB according to the instructions in the "Password-Guessing Countermeasures" section.

• Use IPSec filters (Windows 2000 and later) and Windows/Internet Connection Firewall (Windows XP and later) to block access to any other listening ports except the bare minimum necessary for function.

• Protect Internet-facing servers with network firewalls or routers.

• Keep up to date with all the recent service packs and security patches. See http://www.microsoft.com/security to view the updated list of bulletins .

• Limit interactive logon privileges to stop privilege-escalation attacks (such as service-named pipe predictability and Windows stations issues) before they even get started.

• Use Group Policy (gpedit.msc) to help create and distribute secure configurations throughout your Windows environment.

• Enforce a strong policy of physical security to protect against offline attacks referenced in this chapter. Implement SYSKEY in passwordor floppy-protected mode to make these attacks more difficult. Keep sensitive servers physically secure, set BIOS passwords to protect the boot sequence, and remove or disable floppy disk drives and other removable media devices that can be used to boot systems to alternative OSs.

• Subscribe to relevant security mailing lists such as Bugtraq (http://www.securityfocus.com) to keep current on the state of the art of Windows attacks and countermeasures.