What are some common security vulnerabilities related to Windows NT?
Windows NT is rich in features and that's what makes it more vulnerable. But no matter what NOS you choose to deploy, security should always be the primary concern. It's not possible to list out all of the vulnerabilities here, but sure I can list out some of the common ones. They are:
Using IPC$ to make anonymous connections.
Unrestricted Registry Access
Weak password (No password policy enforced)
Unrestricted user Permissions
Local Administrator account
Un-encrypted password database.
Unrestricted Trust relationships
Enabling DCOM support
Enabling IP Packet forwarding (even when it's not required)
Running MDAC in unsafe mode.
LocalSystem account does not have a password (most of the privileged services run with the same account)
Using Anonymous, Guest or default Administrator account.
NT uses NetBIOS as an abstration layer from the underlying network transport protocol. This helps an attacker gather information about the hosts (NetBIOS information)
The remote procedure call (RPC) Endpoint Mapper and Distributed Component Object Model (DCOM) Service Control Manager (SCM) listen on TCP and UDP port 135. Any user who can connect to port 135 can obtain information about which dynamic RPC and DCOM services are running and what ports they are listening on. To stop the Endpoint Mapper and SCM from listening on this port, you must disable the RPC Server service, which cripples NT.
I recently responded to a similar question. Below is the link to the same.
Dig Deeper on Network Security Monitoring and Analysis
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://...
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...