This is our general information page containing links to specific pages that contain information we find of value to our visitors and clients. You may find everyday problems answered concerning Windows Operating Systems, Linux Operating Systems, Tips & Tricks, or other additional links. You may take this link to our IS/IT Security Information pages.

Windows NT Tips

April 20, 2001

Exploit devastates WinNT/2K security - The Register reports "An application called SMBRelay, written by cDc's Sir Dystic, exploits a design flaw in the SMB (Server Message Block) protocol on Win NT/2K boxes, easily enabling an attacker to interpose himself between the client and the server.

The program enables access to the server using the client's authentication by acting as a 'man in the middle' to both. For this reason it's quite difficult to defend against, unless a user blocks port 139 -- which is needed for NetBIOS sessions and therefore not practical for networked boxes -- or by using NTLMv2 which employs 128bit encrypted keys and eliminates LANMAN (NT LAN Manager, or NTLM) hashes for NT clients. "

Update, Update, Update

Update your Windows Operating Systems today, and then check for new updates every day. It only takes a few minutes. Think you are good to go? So did Disney, the Wall Street Journal's WebWatch, British Telecomms, the U.S. Navy, the U.S. Army, the Greatest Show on Earth and the American Society for the Prevention of Cruelty to Animals on April Fools Day. Full Story

IE security hole launches e-mail attachments

Do you have version 5.01 or 5.5 of Internet Explorer? Then you need to download a patch ASAP to protect against a security flaw that can make the browser open e-mail attachments that an attacker could use to execute malicious code.

Killing a rouge process

One of the handiest utilities that comes with the Windows NT Resource Kit is called kill.exe. This utility gives you the ability to stop processes that sometimes cannot even be stopped from the Task Manager. The context of the utility is very simple, you type {process id | pattern} from the command prompt. The process ID can be obtained from the Task Manager or from another Resource Kit utility called tlist.exe. The pattern is the name of the rouge process. The great thing about this is that you can use wildcards to end multiple processes at the same time.

Dealing with the temporary employee

Organizations may from time to time employ personnel on a contractual or temporary basis to assist in various projects. This may require the temporary employee to utilize company computer equipment to perform their jobs. All temporary personnel that will be using the organization's computer equipment to perform their job function must become familiar with the organization's computer security policy. The network administrator must also perform the following additional security measure:

- Create a new account for the temporary employee. This account must have the hours of log on and log off. Do not use the guest account. Include an expiration date for each temporary account. In most cases this is the date on which the employment contract expires. You can alter the date in the event that the temporary employee needs to stay on.

- Create a group account that will include only temporary personnel. Apply necessary log-on scripts. For example, there may be a standard log-on script for permanent employees that may not apply to the temporary user.

- Be aware that when a new user is created, he/she automatically becomes a member of the group "everyone." To prevent the temporary user from accessing certain folders that the group "everyone" has access to, apply the temporary group account to these folders.

- Limit access to network browsing.

- Email access with SMTP addresses should be prevented, because company information can easily be sent to unauthorized sources. However you may be required to assign a SMTP email address, and if so, you should periodically submit reports on mail-server communication logs located in most firewall software to track any communication that may be a threat to the company.

Securing the Windows 2000 workstation

When applying security to network equipment the network administrator needs to pay special attention to securing the Windows 2000 workstation. Certain security procedures remain the same as compared to the server. The following steps can be applied when looking to implement security to the Windows 2000 workstation:

- Use NTFS partitions to apply security permissions and be able to perform audit procedures on files and folders;

- Rename the Guest Account which will help prevent unauthorized personnel from logging on to the workstation locally;

- Rename the Administrator Account to help prevent an unauthorized user from gaining access to the computer locally and performing administrative functions such as altering user restriction options;

- Apply user-level restrictions after consultation with the CIO. When a user account is created, the network administrator is presented with various user restriction options that specify what level of access the user has to the workstation;

- Make sure that the anti-virus engine and its virus definitions are always updated to prevent files from being infected;

- Limit the number of users logging on to the workstation locally;

- Don't identify workstations on the network using standard naming conventions, such as Jim Brown or J. Brown. It is preferable to use workstation serial numbers instead;

A workstation that is to be used for Internet access should have file sharing disabled. Otherwise, it presents an open port for a hacker to browse through the hard drive.

Copyright © 1998 - 2004 RHP Studios
All Rights Reserved!
Report errors to
Last Updated on July 24,2004 @ 11:45 hrs EST