EXPERT RESPONSE
Windows NT is rich in features and that's what makes it more vulnerable. But no matter what NOS you choose to deploy, security should always be the primary concern. It's not possible to list out all of the vulnerabilities here, but sure I can list out some of the common ones. They are:
Using IPC$ to make anonymous connections.
Unrestricted Registry Access
Open Shares
Weak password (No password policy enforced)
Unrestricted user Permissions
Local Administrator account
Un-encrypted password database.
Unrestricted Trust relationships
Enabling DCOM support
Enabling IP Packet forwarding (even when it's not required)
Running MDAC in unsafe mode.
Running RPC
LocalSystem account does not have a password (most of the privileged services run with the same account)
Using Anonymous, Guest or default Administrator account.
NT uses NetBIOS as an abstration layer from the underlying network transport protocol. This helps an attacker gather information about the hosts (NetBIOS information)
The remote procedure call (RPC) Endpoint Mapper and Distributed Component Object Model (DCOM) Service Control Manager (SCM) listen on TCP and UDP port 135. Any user who can connect to port 135 can obtain information about which dynamic RPC and DCOM services are running and what ports they are listening on. To stop the Endpoint Mapper and SCM from listening on this port, you must disable the RPC Server service, which cripples NT.
I recently responded to a similar question. Below is the link to the same.
http://searchnetworking.techtarget.com/ateQuestionNResponse/0,289625,sid7_cid554727_tax287058,00.html
|
