Date: 17 April 2000
Original URL: http://www.auscert.org.au/render.html?cid=1920&it=1971
This document is being published jointly by the
CERT Coordination Center and AusCERT (Australian Computer Emergency
Response Team). The CERT® Coordination Center and AusCERT® do not review, evaluate, or endorse the resources, tools, mailing lists,
or contents of any web sites listed below. The decision to use any of
these resources is the responsibility of each user or organization,
and we encourage each organization to thoroughly evaluate any
resources, any new tools or techniques before installing or using
them. We are simply including this information here so that you may
be aware of their existence and may evaluate them as appropriate for
your site.
Document revision history
Microsoft Resources
NT Server 4.0 Resource Kit
The "Microsoft Windows NT Server 4.0 Resource Kit" is a three volume
book set with a CD-ROM. The kit must be purchased separately from the
operating system. The kit includes the Microsoft Windows NT Server
Resource Guide, the Microsoft Windows NT Server Networking Guide, and
the Microsoft Windows NT Server Internet Guide. The companion CD-ROM
contains deployment strategies and tools and utilities for enhancing
the functionality of NT 4.0.
http://mspress.microsoft.com/prod/books/580.htm
If you currently have the resource kit, review the various RK*.HLP
files. These files explain all the tools and documents in the resource
kit.
TechNet
TechNet is a technical resource that provides information about
Microsoft products. Delivered to subscribers each month, TechNet
provides several CDs containing the latest information from Microsoft,
including Resource Kits, technical notes, knowledge base articles and
the complete library of service packs, software updates and drivers.
Further information on TechNet and how to subscribe can be read at
http://www.microsoft.com/technet/subscription/about.htm
Other Security Guides
Security Improvement Modules (CERT®/CC)
http://www.cert.org/security-improvement/index.html
The CERT/CC Security Improvement modules address important but
narrowly defined problems in network security. They provide
guidance to help organizations improve the security of their
networked computer systems. The modules are written for system and
network administrators. Who install, configure, and maintain
computers and networks on a day-to-day basis.
Securing a Windows NT Installation (Microsoft)
http://www.microsoft.com/ntserver/security/exec/overview/Secure_NTInstall.asp
This white paper is a very useful guide about changing permissions
and registry settings to increase the level of security on your NT
system.
Internet Information Server 4.0 Security Checklist (Microsoft)
http://www.microsoft.com/security/products/iis/CheckList.asp
This checklist helps Microsoft IIS administrators ensure that
security aspects of running an IIS server have been considered.
Windows NT Security: Step-By-Step (System Administration, Networking, and Security)
http://www.sans.org/newlook/publications/ntstep.htm
This book, a prescriptive guide to Windows NT security, gives
step-by-step instructions on everything from installing a machine
to monitoring security. Collaborating from more than 70
organizations, the experts describe problems to be solved, lay out
the actions that will solve each problem, give tips on how to
perform the required actions, and forewarn about times when those
actions could create other problems. In order to explain Windows
NT security in a chronological manner, they present 93 separate
actions and organize those actions into 8 phases. This 36 page
long book, written in February 1998, requires a fee. (Much of the
same information can be found in the whitepaper from Microsoft
called Securing your NT Installation, which is listed
above).
Secure Windows NT Installation And Configuration Guide (Department of U.S. Navy)
http://www.rito.com/nt/ntsec/navy/index.htm
The objective of this project is to provide the U.S. Navy with
concise guidance to securely install and configure Windows NT 4.0
server and workstation operating systems (OS). This guidance is
based on the Navy IT-21 standard and is specific to the Naval
Tactical Command Support System (NTCSS) and Joint Maritime Command
Information System (JMCIS) local area network (LAN)
architectures.
Windows NT Security Guidelines (NSA)
http://www.trustedsystems.com/tss_nsa_guide.htm
"Windows NT Security Guidelines," gives
administrative and operational guidelines for securely installing
NT networks and benchmarks best commercial and military practices.
This 110-page report is the product of a one-year project by the
National Security Agency (NSA) Research Organization. Copies of the
guidelines are available at no charge from the above URL or contact
Trusted Systems Services at +1 217-344-0996.
Steps For Evaluating The Security of a Windows NTŪ Installation -- Tom Sheldon
http://www.ntresearch.com/ntchecks.html
Mailing Lists
Books
- Okountsev, Nikolaio. Windows NT Security Programming, Easy to Use Security Options. R&D Books, September 1997
ISBN 0-87930-473-1
- Rutstein, Charles B. Windows NT Security: A Practical Guide to Securing Windows NT Servers and Workstations. McGraw-Hill, January 1997.
ISBN 0-07057-833-8
- Daniels, Tim. 1001 Secrets for Windows NT Registry
29th Street Pr, January 1998.
ISBN 1-882419-68-5
- McMains, John. Windows NT 4 Backup and Recovery Guide
Osborne McGraw-Hill, June 1997.
ISBN 0-078823-63-3
- Solomon, David. Inside Windows NT Second Edition
Microsoft Press, May 1998.
ISBN 1-572316-77-2
- Edwards, Mark J. Internet Security with Windows NT
29th Street Press, 1997.
ISBN: 1-882419-62-6
- Jumes, James G.; Coopers and Lybrand; Cooper, Neil F.; Feinman, Todd M. Microsoft Windows NT 4.0 Security, Audit, and Control
Microsoft Press, December 1998.
ISBN: 1-572318-55-4
Web Resources
Tools
Microsoft Security Configuration Manager
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/SCM/
The Security Configuration Manager (SCE) provides a mechanism to
consolidate various security settings into a single file. The
configurations in this single file can then be installed to other
Windows NT devices. The SCM does require Service Pack 4 to be
installed. The SCM has a command line tool and a graphical interface.
NukeNabber v2.9b
http://www.dynamsol.com/puppet/nukenabber.html
NukeNabber is used to listen on TCP and UDP ports commonly attacked
over the Internet. A total of 50 ports can be monitored
simultaneously. ICMP dest_unreach attacks are also logged. This
application gives you the information you need to trace an attacker
and a way to find an attacker's nickname on IRC (mIRC, VIRC and PIRCH
clients are supported).
L0phtCrack v2.52
http://www.l0pht.com/l0phtcrack/
"L0phtCrack is designed to recover passwords for Windows NT. NT
does not store the actual passwords on an NT Domain Controller or
Workstation. Instead, it stores a cryptographic hash of the
passwords. L0phtCrack can take the hashes of passwords and
generate the cleartext passwords from them." From the L0phtCrack
web site.
Hotfix Control v1.1.3
http://www.jpl.nu/~magnus/hotfixcontrol/
This is a freeware application that allows you to list the hotfixes
that are installed (Q numbers) on your system and obtain a
description of the purpose and benefit of the fix. To do this, use
the Hotfix Control application to select one of the fixes you have
installed, then click on `Find KB document.' This will connect you
to the Microsoft Support Web page and provide details about the
selected hotfix.
|
