Categories

Recent Comments

Securing Operating Systems

Written by admin on 27 December 2008

 

You can implement various operating-system security measures to ensure

that passwords are protected.

Regularly perform these low-tech and high-tech password-cracking tests to

make sure that your systems are as secure as possible — perhaps as part of a

 

monthly, quarterly, or biannual audit.

Windows

The following countermeasures can help prevent password hacks on

Windows systems:You can implement various operating-system security measures to ensure

that passwords are protected.

Regularly perform these low-tech and high-tech password-cracking tests to

make sure that your systems are as secure as possible — perhaps as part of a

  •  Some Windows passwords can be gleaned by simply reading the clear

text or crackable cipher text from the Windows Registry. Secure your

registries by doing the following:

 

• Allowing only administrator access.

• Hardening the operating system by using well-known hardening best practices,

such as such as those from SANS (www.sans.org), NIST (csrc.nist.gov), the

National Security Agency Security

Recommendation Guides (www.nsa.gov/snac/index.html).

 

  •  Use SYSKEY for enhanced Windows password protection.

• By default, Windows 2000 encrypts the SAM database that stores

hashes of the Windows account passwords. It’s not the default in

Windows NT.

• You can use the SYSKEY utility to encrypt the database for

Windows NT machines and to move the database-encryption key

from Windows 2000 and later machines.

Don’t rely only on the SYSKEY utility. Tools such as ElcomSoft’s

Advanced EFS Data Recovery program can crack SYSKEY encryption.

  •  Keep all SAM-database backup copies secure.
  •  Disable the storage of LM hashes in Windows for passwords that are shorter than 15 characters.For example, in Windows 2000 SP2 and later, you can create and set the NoLMHash registry key to a value of 1 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
  •  Use passfilt.dll or local or group security policies to help eliminate weak passwords on Windows systems before they’re created.
  •  Disable null sessions in your Windows version:

 

• In Windows XP, enable the Do Not Allow Anonymous Enumeration

of SAM Accounts and Shares option in the local security policy.

• In Windows 2000, enable the No Access without Explicit

Anonymous Permissions option in the local security policy.

• In Windows NT, enable the following Registry key:

HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1

Linux and UNIX

 

The following countermeasures can help prevent password cracks on Linux

and UNIX systems:

  •  Use shadowed MD5 passwords.
  •  Help prevent weak passwords from being created. You can use either built-in operating-system password filtering (such as cracklib in Linux) or a password auditing program (such as npasswd or passwd+).
  •  Check your /etc/passwd file for duplicate root UID entries. Hackers can exploit such entries as root backdoors.

Tags: , , , , , , , , , , , ,
Posted in Password Hacking | No Comments »

Previous Topic
Next Topic

Leave a Reply

Creative Commons License
This work by Ashutosh Jha is licensed under a Creative Commons Attribution-Share Alike 2.5 India License.
Custom Search
SponsoredTweets referral badge

Enter your email address:

Delivered by FeedBurner

Chat Box


Loading

WP Shoutbox
Name
Website
Message
Smile
:mrgreen::neutral::twisted::arrow::shock::smile::???::cool::evil::grin::idea::oops::razz::roll::wink::cry::eek::lol::mad::sad:8-)8-O:-(:-):-?:-D:-P:-o:-x:-|;-)8)8O:(:):?:D:P:o:x:|;):!::?:

Recent Posts

Archives

Improve the web with Nofollow Reciprocity.