Daily Security Tips from Ed Skoudis - Week of February 10, 2003
Security Tip for Friday, February 14th, 2003
Windows Partitions That Improve Security
When deploying Windows 2000 or XP systems, a couple of extra minutes in setting up the partitions on your hard drive can simplify administration and significantly improve your security. When setting up hard drives, set up two partitions for systems that do not have Microsoft's web server (IIS). One partition should hold the operating system, while the other partition holds user home directories. If the system will be running IIS, create three partitions: one for the operating system, one for IIS, and one for user directories. Breaking the system into these partitions makes back-ups easier, fosters the proper assignment of strong permissions to directories, and can foil attempts to hack into the operating system from IIS. Not bad for a no-cost solution!
Security Tip for Thursday, February 13th, 2003
Stealthify Your Web Surfing
Suppose you need to surf to a web site, but you don't want that web site to know you've been accessing it. Perhaps you are doing research on your competition, or analyzing the latest hacker web sites for research into what the bad guys are up to. Whenever you surf the net, the owners of the web sites you visit can see your IP address and could look up the name of your company or ISP. If you don't want your destinations to know that you are surfing their sites, use an anonymizing web service. These services strip out all information about where you are surfing from, such as your browser type, IP address, etc. While many are available, one of the first and best is anonymizer.com, which offers a free service as well as a paid subscription service for better performance. Keep in mind that the folks at anonymizer.com can still see your surfing habits, so you'll have to decide if you trust them.
Security Tip for Wednesday, February 12th, 2003
On Windows, Don't Read E-mail or Surf as Admin
For day-to-day use on a Windows system, DO NOT login as an account with Administrator privileges, either the "Administrator" account or as a user in the "Administrators" group. Never ever read e-mail or browse the Internet as an administrative user. If an attacker can trick you into running a program and you are logged in as Admin, the attacker will have complete control of your machine. If you need to do administrative tasks, login as a non-admin user and use RunAs to start programs. To use RunAs from the GUI, hold down the shift key and right click on the program's icon to select RunAs... From the command line, simply use the runas command by typing "runas /user:[username] [program]", such as:
C:\> runas /user:Administrator cmd.exe
Security Tip for Tuesday, February 11th, 2003
You May Be Running SQL Server and Not Even Know It
Are you running a Microsoft SQL Server database on your system? Are you sure?
Some Microsoft products install the SQL Server database program as an underlying
tool, without your even knowing. Using Regedit, check your systems to see if SQL
Server is installed by looking to see if the registry key
MSSQLServer is defined. If you have this key, you likely have SQL Server installed. The default install for this includes a database with an administrator name of "sa" and a blank password. To be secure, you must set a password for this account, using the instructions provided by Microsoft at this location: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/modadmin/html/deconchangingsqlserveradministratorlogin.asp.
Security Tip for Monday, February 10th, 2003
Clamp Down on Excessive Windows File Sharing
Windows file shares are a convenient way to move files between Windows systems. Too convenient, unfortunately. Many users start sharing folders and forget to disable sharing, leaving their shares exposed to attackers. Review the shares your system is making accessible by right clicking on the My Computer icon on your desktop. Select Manage. Look at System Tools‡Shared Folders‡Shares. By default, you will have ADMIN$, C$, and IPC$ shared for administrative purposes. Any other shares might allow an attacker to steal files from your machine. Do you want to share all of these items? If not, shut them off by right clicking on the shared folder and selecting "Stop Sharing".