180 likes | 346 Views
Computer Security and Penetration Testing. Chapter 16 Windows Vulnerabilities. Objectives. Describe the windows operating systems Explain the vulnerabilities of Windows Server 2008/XP/Vista/7/8. Windows Operating System. Windows XP Windows Vista Windows Server 2008 Windows 7
E N D
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities
Objectives • Describe the windows operating systems • Explain the vulnerabilities of Windows Server 2008/XP/Vista/7/8 Computer Security and Penetration Testing
Windows Operating System • Windows XP • Windows Vista • Windows Server 2008 • Windows 7 • Windows 8 Computer Security and Penetration Testing
Vulnerabilities in Windows 2008/XP/Vista/7/8 • All of these operating systems are useful for building large corporate networks • All three have good networking features and user-friendly interfaces • Microsoft continues to support these with new security patches • Not remotely secure with default installation settings Computer Security and Penetration Testing
Passwords • Security of passwords is very important to the security of any system • Encryption algorithms and hash values are used to secure them • Easiest way to break password security • Use a password-burning program, which can set the administrator password to a blank • Windows 2000 and later applications store passwords in the form of hash values • Database called Security Accounts Manager (SAM) Computer Security and Penetration Testing
Passwords (continued) • Operating system locks the SAM database • Making it impossible to read the SAM database from within a Windows operating system • Hackers are able to crack these passwords by using password-cracking tools • Hackers can import passwords from the Windows registry • Hackers might also copy the SAM database and use the password cracker on the file Computer Security and Penetration Testing
Passwords (continued) • Microsoft utility SYSKEY • Safeguards passwords from cracking activities • Encrypts passwords with a 128-bit algorithm, making it very difficult to crack • Newer password crackers like Cain and Abel can crack 128-bit encryption • pwdump3 gives remote access to the SAM database • On a computer in which the SYSKEY utility is active • Hackers need to have administrator privileges Computer Security and Penetration Testing
Default Accounts • Default “Administrator” account • Default password is blank • Nobody can delete the administrator account from a Windows computer • Possible to change the password • Users can change the name from Administrator to something else • Then, make a new account named Administrator but give it no special access privileges Computer Security and Penetration Testing
Default Accounts (continued) • Default “Guest” account • Allows nonregular users to access the system • Default password is blank • Default “default” account • Has full administrative rights at installation • Default accounts make a password cracker’s life much easier Computer Security and Penetration Testing
File Sharing • In Windows, users can share files in a folder • Select the “Share this folder” option to enable the sharing feature • To set the permissions more tightly, click the Permission button in the Properties dialog box • Access can be restricted based on user or group Computer Security and Penetration Testing
Windows Registry • Windows 95 was the first version of Windows to use a registry • One critical vulnerability in the registry is related to the registry information about an action performed by a user during login • Windows registry maintains this information in a key called • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run Computer Security and Penetration Testing
Windows Registry (continued) • Automatically, every user of a Windows 2000 and XP computer has a “SetValue” access to this registry key • “Set Value” access lets any user who has access to the system, make modifications • A user who does not have administrator privileges can alter this key to obtain unauthorized access Computer Security and Penetration Testing
Trust Relationship • Trust relationship • Allows the authenticated users of a Windows domain to access resources on another domain, without being authenticated by it • Operating systems authenticate users • By means of verifying their Security Identifiers (SIDs) in the access control list • Access control lists store SIDs and the user rights related to each SID • Resources maintain an access control list Computer Security and Penetration Testing
Trust Relationship (continued) • A trusting domain allows the trusted domain to authenticate users • Cracker can hack a network and add unauthorized SIDs into that domain’s ACL • Hackers require administrator privileges on the trusted domain in order to exploit this • Furthermore, they need strong technical knowledge • Microsoft provides patch programs for Windows 2000, known as SID filters, that solve this issue Computer Security and Penetration Testing
RPC Service Failure • Remote Procedure Call (RPC) service of Windows • Does not validate inputs that are submitted to it for processing • Hackers can easily send RPC requests with invalid inputs • Invalid inputs lead to the system services stopping for a period of time Computer Security and Penetration Testing
Summary • Microsoft Windows is the most common preinstalled operating system in the world • The security of the applications running on a computer is dependent on the security of the operating system • The belief that Windows is less secure than other operating systems stems in part from the sheer ubiquity of Windows and from the philosophy underlying the design of the original Windows systems Computer Security and Penetration Testing
Summary (continued) • Vulnerabilities affecting one or more of these systems include password security, default accounts, file sharing defaults, Windows registry security defaults, trust relationships between domains, Event Viewer buffer overflow, NBNS protocol spoofing, RPC service failure, SMTP authentication, Telnet vulnerabilities, IP fragments reassembly, and Reset-Browser frame vulnerability • Although Vista places a greater emphasis on security than its predecessors, some vulnerabilities exist Computer Security and Penetration Testing