TECH TIPS
Windows NT security tools
Adesh Rampat
03.15.2001
Rating: -4.00- (out of 5)
Many system administrators do not fully employ the tools that are included with Windows NT and may therefore purchase third-party security software to enhance their suite of tools. Windows NT does include some tools that can alert the system administrator of malicious activity. The following is a list of ways you can use NT's included resources to protect your network from malicious damage:
1. Apply System Policies. This can limit what users are allowed to do locally on the workstation as well as over the Network. You do this through the System Policy Editor. Using the System Policy Editor, you can:
* Limit browsing of the network so a malicious user will not be able to view any shared resources.
* Apply a log-on banner to allow for authorized access only.
* Disable access to the network control panel.
* Remove the Run capability from users, so they cannot run programs across the network.
2. Setup an Audit Policy to track illegal access to the network resources. Here are some of the things you can track:
* Log-on success. Are there users who are trying to logon who should not be?
* Successful attempts to access files and Object Failures.
* Use of User Rights. Are users trying to do more than they are allowed to?
*Security Policy Changes: You may be able to find users trying to log in to
more than one workstation.
3. Sometimes you may find that response time on a particular server is very slow. By setting up Performance Monitor, you can log activity and use it as a reference. The main objects to be checked for security purposes are:
* % Processor Time: This monitors the percentage of time the processor is busy. If the processor is busy 80 % of the time check your security log in the event viewer for the number of log-ons. There may be unauthorized users trying to log on.
* Interrupts /Sec/Rate (processor): Tracks the number of requests for service from I/O devices. Look for dramatic increases. This could indicate that the hardware is faulty, but before you go about replacing hardware look at the File and Object access for any excessive activity.
4. Another overlooked feature of Windows NT is Task Manager. By using Task Manager to view processes, a system administrator can see if there may be unusual activity on a particular server, especially if that server is an application server. Unusual activity could indicate attempts at unauthorized access.
=======================================================================
About the author:
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also
lectured extensively on a variety of topics.
Related book
Windows NT Security, 1/e
Author: Michael McInerney
Publisher: Prentice Hall
ISBN/CODE: 0130839906
Cover Type: Soft Cover
Pages: 432
Published: Sept. 1999
Summary:
A solid security foundation for enterprise NT 4/Windows 2000 networks!
Understand Windows NT 4 and Windows 2000 security architecture.
Make the most of NTFS file and directory permissions.
Restrict users via system policies and user profiles.
Use encryption, decryption, authentication and Windows 2000 Kerberos support.
Web security via Proxy Server filtering, logging and alerts.
Windows 2000 Security Configuration Toolset, Group Policies, DFS and more.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
