Windows NT security tools

This article explains how to use NT's included resources to protect your network from malicious damage.

Many system administrators do not fully employ the tools that are included with Windows NT and may therefore purchase third-party security software to enhance their suite of tools. Windows NT does include some tools that can alert the system administrator of malicious activity. The following is a list of ways you can use NT's included resources to protect your network from malicious damage:

1. Apply System Policies. This can limit what users are allowed to do locally on the workstation as well as over the Network. You do this through the System Policy Editor. Using the System Policy Editor, you can:
* Limit browsing of the network so a malicious user will not be able to view any shared resources.
* Apply a log-on banner to allow for authorized access only.
* Disable access to the network control panel.
* Remove the Run capability from users, so they cannot run programs across the network.

2. Setup an Audit Policy to track illegal access to the network resources. Here are some of the things you can track:
* Log-on success. Are there users who are trying to logon who should not be?
* Successful attempts to access files and Object Failures.
* Use of User Rights. Are users trying to do more than they are allowed to?
*Security Policy Changes: You may be able to find users trying to log in to more than one workstation.

3. Sometimes you may find that response time on a particular server is very slow. By setting up Performance Monitor, you can log activity and use it as a reference. The main objects to be checked for security purposes are:
* % Processor Time: This monitors the percentage of time the processor is busy. If the processor is busy 80 % of the time check your security log in the event viewer for the number of log-ons. There may be unauthorized users trying to log on.
* Interrupts /Sec/Rate (processor): Tracks the number of requests for service from I/O devices. Look for dramatic increases. This could indicate that the hardware is faulty, but before you go about replacing hardware look at the File and Object access for any excessive activity.

4. Another overlooked feature of Windows NT is Task Manager. By using Task Manager to view processes, a system administrator can see if there may be unusual activity on a particular server, especially if that server is an application server. Unusual activity could indicate attempts at unauthorized access.


About the author:
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Related book
Windows NT Security, 1/e
Author: Michael McInerney
Publisher: Prentice Hall
ISBN/CODE: 0130839906
Cover Type: Soft Cover
Pages: 432
Published: Sept. 1999
A solid security foundation for enterprise NT 4/Windows 2000 networks!
Understand Windows NT 4 and Windows 2000 security architecture.
Make the most of NTFS file and directory permissions.
Restrict users via system policies and user profiles.
Use encryption, decryption, authentication and Windows 2000 Kerberos support.
Web security via Proxy Server filtering, logging and alerts.
Windows 2000 Security Configuration Toolset, Group Policies, DFS and more.

This was last published in March 2001

Dig Deeper on Microsoft Windows security