The main purpose of this chapter has been to set the stage for subsequent chapters that describe solutions for Windows NT networking vulnerabilities. This chapter has covered the basics of Windows NT networking itself, describing what networking is, and the functions it serves. This chapter has gone over the types of networks, the major components within networks, and the topologies that characterize them. The OSI model presented us with a systematic view of how data is transformed as it is sent from one computer to the other across a network. The discussion then turned to the services and protocols in the Windows NT networking environment. Windows NT networking is, in fact, no simple matter; it encompasses a large range of protocols and services, most if not all of which translate to challenges when it comes to attempting to implement security. This chapter covered the SMB and NetBIOS layers of networking that Windows NT shares and other network applications utilize. SMB/CIFS's method of establishing connections leaves quite a bit to be desired from the perspective of security. We delved into null sessions and discovered still another cause for concern. Finally, this chapter analyzed the major types of vulnerabilities in, and a few solutions with respect to, the SMB and NetBIOS layers of networking.
Chapter 4, "Basic Windows NT Security Exposures," examines other types of vulnerabilities. In the remaining chapters of this book, we once again look at Windows NT networking mechanisms, but from a different perspective. We will increasingly consider options for dealing with the many vulnerabilities inherent in the way Windows NT networking transpires.
Checklist for System Administrators
If you need high levels of security, change the Registry of critical servers to restrict null session access, or at least to limit access via shares and named pipes. Test these changes in a nonproduction environment first to ensure that they do not disrupt your operational environment.
Observing the same constraints as in step 1, consider disabling the NetBIOS bindings if security needs so warrant.
Ensuring first in a nonproduction environment that no application breaks, consider disabling Administrative shares if security needs so warrant.
Install the most recent SP in all your Windows NT hosts, minimally SP5.
Ensure that access to devices and programs that capture network traffic is properly limitedonly a few of the most trusted system and network administrators should be given such access.