Are you running Windows NT or 2000 somewhere on your network? I'll bet you are. In fact, many organizations are still running Windows NT and 2000 on core production workstations and servers in some fashion -- critical Web, file, and database servers included. This is all fine and good -- I still run Windows 2000 on my network -- but we've got to be very careful not to let our guard down when it comes to keeping these older operating systems protected from old and new threats and vulnerabilities.
The first step, obviously, is keeping these systems patched. Most new threats against these operating systems are easily fixed with patches -- for 2000 at least, since NT is officially unsupported. With Windows 2000, you've got until 2010 with Microsoft committed to providing security updates for SP4 customers.
Patches for known exploits are one thing, but there are also inherent flaws in the NT architecture affecting both platforms that we can't afford to forget. Among the big things we need to worry about with older versions of Windows are:
- Default share and file permissions that permit full control to "the world"
- Null sessions that allow an attacker to remotely connect to Windows via the IPC$ share and glean a lot of juicy information.
- NetBIOS hacks that permit Windows nbtstat and other tools to glean information
- Password weaknesses associated with LM hashes
These ingrained Windows weaknesses are a surefire invitation for system compromise of Windows NT and 2000 especially on publicly-facing systems that are not adequately protected. Just because you've forgotten about them doesn't mean they shouldn't be protected. What about those long forgotten systems that you can't touch because they're too fragile or those systems that have since been drywalled into their own rooms? <funnystory> There are some old tales of sheetrock being framed up around old NetWare 2.x servers. The funny thing is that no one noticed because they never had to be maintained or rebooted. Ah, the good old days. </funnystory>
These are the main areas where you should focus efforts:
- First and foremost, make sure you've hardened your systems from the elements using best practices.
- Add a second layer of protection on top of your hardening in the form of a personal firewall. BlackICE and BlackICE for Servers has worked wonders for me and others I've heard from by serving as a great catch-all in the event a Windows NT or 2000 system was misconfigured or unpatched.
- Audit your share and file permissions to ensure "world-readable" rights are not causing information leaks.
- Prevent null session attacks from the get-go by locking down your RestrictAnonymous setting.
- Use Group Policy Object security in Windows 2000 wherever possible.
Don't think for one minute that the bad guys have moved away from older versions of Windows and are only focusing on the latest and greatest technologies. They're going to go for the biggest bang for their buck among the masses of Windows installations. If you're running Windows NT or 2000, you're still a target and will continue to be a target. Stay informed and, by all means, keep those hackles up.
About the author: Kevin Beaver is an independent information security consultant, author, and speaker with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Kevin has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.