Results 1 to 7 of 7

Thread: M$ security

  1. #1

    M$ security

    I just finished setting up a domain in a office. Can any of you point me to how-to's or tutorials on hardening the M$ domain...

  2. #2
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    what kind of domain are you running? are you running windows 2k with Active Directory or are you running a windows NT domain or maybe windows 2k3, it would help if you gave a little more info on this...

    Do you currently have a firewall running?
    What about other security features, make sure other ppl on the network know proper password policies and such.
    Do you have all the windows updates well up to date?
    Do you have any form of Bandwidth or network monitoring software in use or running?
    Do you have any webservers running?
    Are they up to date?

    There are a lot of opensource solutions for this but some more info on what you are attempting would be helpful
    btw dont be afraid to search here http://www.antionline.com/search.php?s=
    or here www.google.com
    those are 2 huge places to look first that will give you lots of info
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Posts
    23
    there are some good tips here to get you started, but google will assist you most .... http://bunbun.ais.vt.edu/work/securing_nt.html

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: MS Domain security

    The first question I believe you should ask yourself is: "self, where do my vulnerabilities exist?".

    Running around hardening things may actually be counterproductive to the overall security posture you hope to achieve. Keep one of the golden axioms of security in mind: the cost of the countermeasure shall not exceed the cost of the asset you're trying to protect...

    After you identifiy where your risk is, then start identifying ways to mitigate it. If you list some specific concerns, I'm sure the AO community will be able to help out.

    Cheers,
    <0
    Ego is the great Logic killer

  5. #5
    Junior Member
    Join Date
    Mar 2004
    Posts
    11
    Hi... I think following might be of help you to... (although there are oceans of resources) but these are my favorite ones

    http://www.net-security.org/articles_main.php
    http://www.windowsnetworking.com

    Or try googling to find a few matching your mood

    Hope it helps..

    SMarT


    ------------------------------
    Alert: Windows loaded!
    System in danger

  6. #6
    just to reply to some of the questions...

    1. windows server 2000 on a switch w/ 10 or so clients
    2. it is behind firebox soho 6 HD firewall appliance
    3. it's Active Directory Integrated (local) domain (serves only to have centralized login)
    4. no web/mail/ftp ... servers
    5. only 2 share drives on the server (which brings me to a question... can you access those share drives if you are not logged in a domain)
    6. it's a assigned external IP and internal 192.168.111.1/255.255.255.0
    7. are pasword policies neccessary... like changing them every 30 days or so

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    5. only 2 share drives on the server (which brings me to a question... can you access those share drives if you are not logged in a domain)
    Yes and no. You can try to map to those drives, but you will need to enter a domain userid and password. The user ids can be obtained several ways... enum is a good one, and it'll tell the attacker what shares there are along with userids. Make sure you protect yourself from this. Most vuln scanning tools do this too.

    http://razor.bindview.com/tools/files/enum.tar.gz

    Also, run vulnerability scanners such as nessus or languard against your domain controller and your workstations. Fix all found vulnerabilities.

    You may want to audit your users passwords to see if you need to enforce a stronger password policy. Obtain the passwords with pwdump2 and try to crack them using something like LC4
    http://razor.bindview.com/tools/files/pwdump2.zip
    http://www.atstake.com/products/lc/ (costs $$, but there are others out there that don't)

    One thing that I really like to do is to copy the admin, then rename it to something that goes along with your username scheme. Then disable you administrator account.

    If you see someone in your logs trying to log into administrator, then you investigate.
    You can just rename the admin account if you want to... but I prefer disable on domains. I rename the local admin accounts on each workstation. (this can cause problems if you ever have to recover... so make sure all data is on servers and backed up. If you have to reinstall a workstation... oh well. Trying to recover can be a bit more of a pain. Well... not really... with knoppix. )

    Depending on what kind of internet connection you have, you may want to schedule daily updates of the critical m$ updates. Since you only have 10 clients, it shouldn't be too bad. Much larger, and you'd want to implement something else.

    Make sure you have an antivirus solution (updated frequently... I do daily).
    I use norton corportate antivirus, but it costs $$.
    I like it because I can manage everything from one spot (after install).

    Look into implementing group policies and check all your shares and apply appropriate permissions to users/groups.

    Just a couple of suggestions for you... since you didn't have too many specific questions.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •