ch16.htm

Maximum Security (First Edition) 网络安全 英文版

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 16 -- Microsoft</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security:</FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch15/ch15.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch17/ch17.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">16</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Microsoft</FONT></H1>
</CENTER>
<P>Many people dislike Bill Gates (though, oddly enough, not Paul Allen) because
of his tremendous success. This is an invalid reason. People who do not know his
story do not realize that Gates was a talented hacker in his youth. Since then, Gates
has contributed much to the computing community; he just happens to have done so
from behind a cash register. This is no crime.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>On the other hand, Gates's assertion
	in <I>The Road Ahead</I> that we should all document our lives strikes me as a bit
	Orwellian. In that book, Gates suggests that all good computing citizens should store
	a complete record of their lives on computer (we should record all movements, purchases,
	appointments, and so forth). This recorded material, he writes, could serve as an
	alibi in the event such a citizen is accused of a crime. But if this documented life
	becomes an accepted alibi, what happens to those who do not maintain such records?
	In short, Gates is profoundly influencing the social construct of this nation. His
	work may well result in a two-class society. Gates is a brilliant man who has contributed
	much. Nonetheless, whether he is a true friend to humankind remains to be seen. 
<HR>


</BLOCKQUOTE>

<P>When people in security speak of Gates's products, they sneer. It's a fact: Microsoft
has never been a particularly secure platform, but then, these products have historically
not needed to be secure. Nonetheless, times have changed; now there is a need. But
if programmers at Microsoft take the next five years to hammer out some decent security
schemes, they would be on par with the amount of time it took the UNIX community
to do the same.</P>
<P>Microsoft products should not be subjected to the same scrutiny as UNIX products
because they are in a different class. Despite this fact, many security specialists
ridicule Microsoft products. They subject such products to rigorous tests, knowing
that the products cannot pass. Then they parade the negative results across the Net,
&quot;proving&quot; that Microsoft's security is weak and lackluster. This is irresponsible
and creates a good deal of public unrest.</P>
<P>Security specialists should lament, not rejoice, when they find a hole in a Microsoft
product. After all, such a hole simply represents one more hole in the Internet.
Microsoft products should receive as much attention and respect as any other product.
Moreover, security folks should educate, not ridicule, the cult following of Microsoft
because that is the right thing to do.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Microsoft's Windows NT uses a very
	good security model and is considered at least minimally safe. Nevertheless, although
	NT's security model is good, it does not mean that NT is secure in the same way that
	many versions of UNIX are secure.</P>
	<P>Many Microsoft advocates point out that the NSA has granted Windows NT a C2 security
	rating on the Evaluated Products List. This, they contend, is evidence that NT is
	secure. Not true. First, C2 is the very lowest security rating on the EPL. Moreover,
	NT's C2 rating is valid only on certain hardware (Compaq Proliant 2000 and 4000 Pentium
	and the DECpc AXP/150 Alpha). Furthermore, NT's C2 certification assumes that a non-networked,
	standalone workstation is being used. Thus, the NSA has effectively suggested that
	NT is minimally secure, as long as it runs on certain hardware, has no network connectivity,
	and is installed only as proscribed by the evaluation process. True, it was a great
	step forward for Microsoft's marketing department to obtain any rating on the EPL
	at all. Because most users have no idea what the EPL is, the rating sounds very impressive
	(&quot;The National Security Agency says it's secure!&quot;). In reality, however,
	the rating is not spectacular and is no guarantee of the security of NT. 
<HR>


</BLOCKQUOTE>

<H2><FONT COLOR="#000077"><B>A Friendly Platform That's a Bit Too Friendly</B></FONT></H2>
<P>Microsoft's security problems can be summed up in two words: user friendliness.
No other platform (not even MacOS) has been designed so expressly for this purpose.
Over the years, the Microsoft team has invested enormous amounts of time and research
to deliver ease and enjoyment of use. For example, Microsoft even conducted research
to determine from which direction light should fall on an icon. That is, it studied
whether users would respond more favorably to a shadow on the right or the left of
a button or other object. All developers are expected to adhere to this design convention
(the shadow is always on the right, the light source is on the left.</P>
<P>This ease of use comes with a cost. For example, consider the swapping scheme
in Microsoft Windows 3.11. Swap files and disk caches are devices that greatly enhance
overall performance (they can compensate for sparse RAM resources). When a large
swap is present, certain elements of a program need not be loaded into memory again.
This results in increased speed and functionality. Unfortunately, it also results
in poor security.</P>
<P>Any type of swapped memory system is insecure because traces of data are left
within that swap file or swap area. (A good example is the use of encryption like
PGP. When done through the Windows environment, the passphrase is written into the
swap file and is therefore retrievable.)</P>
<P>Throughout this chapter, you will see how user friendliness has inhibited the
development of a truly secure Microsoft operating system. (NT is excluded from this
analysis and will be discussed at the end of the chapter. NT has advanced security
features; these were responsible for Microsoft getting its first product onto the
Evaluated Products List.)</P>
<P>Indeed, this is the greatest challenge facing Microsoft today. It must find a
way to reconcile user friendliness with strong security. Until it does, Microsoft
has no hope of seizing control of the Internet.
<H2><FONT COLOR="#000077"><B>DOS</B></FONT></H2>
<P>Microsoft's Disk Operating System is indisputably the most popular personal computer
operating system in history. It is lightweight, requires little memory to operate,
and is limited in commands. In fact, DOS 6.22 has approximately one eighth the number
of commands offered by full-fledged UNIX.</P>
<P>You may wonder why I would even bother to treat DOS security issues here. After
all, the number of DOS-based machines connected to the Internet is limited. On closer
examination, however, the relevance of DOS becomes more apparent. For example, it
has become common for legacy Novell networks to be strung to the Internet. Many of
these older networks (running 3.<I>x</I> or earlier) also run DOS-based applications.
Here are just a few old favorites that you would be likely to find out there:

<UL>
	<LI>WordPerfect 5.<I>x</I>
	<LI>WordStar
	<LI>MTEZ
	<LI>Telix
	<LI>Qmodem
	<LI>Carbon Copy
</UL>

<P>Because such networks are sometimes connected to the Internet, DOS still remains
in the running. Indeed, Novell is not the only host example, either. Many networks
retain at least one workstation that runs Windows for Workgroups on top of DOS.</P>
<P>I will not exhaustively cover DOS, but there are a few issues I need to mention.
As you might expect, many of these issues relate to physical or local security of
DOS machines. If your network is devoid of any DOS machines, feel free to skip this
portion of the chapter.
<H3><FONT COLOR="#000077"><B>Beginning at the Beginning: Hardware</B></FONT></H3>
<P>Early IBM-compatible architecture was not designed for security. Indeed, there
are relatively few examples of such an architecture implementing reliable security
even today. Thus, from the moment an individual stands before a machine running DOS,
a security problem exists; that problem is not attributable to Microsoft.</P>
<P>The next series of points are well known to users who are required to use IBM-compatible
computers in their occupation. Much of this is therefore old hat, but I will run
through it nevertheless. The rush to the Internet has prompted many people who never
before had computers to get them. This section may therefore be helpful to some.
<H4><FONT COLOR="#000077"><B>CMOS Password</B></FONT></H4>
<P>The CMOS password option, which can be enabled on most machines (even ranging
back to some 286 models), is completely insecure.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>The CMOS password function on an
	IBM compatible is used to protect the workstation from unauthorized users gaining
	control at the console. The CMOS password option (if set) results in a password prompt
	issued immediately at boot time. Indeed, when the CMOS password function is enabled,
	the boot is arrested until the user supplies the correct password. 
<HR>


</BLOCKQUOTE>

<P>For a user who needs access to the machine (and who has never been granted such
access), the solution is to remove, short out, or otherwise disable the CMOS battery
on the main board (see Figure 16.1).</P>
<P><A NAME="01"></A><A HREF="01.htm"><B>FIGURE 16.1.</B> </A><I><BR>
Physically disabling the CMOS password on an AT IBM compatible.</I></P>
<P>Your network workstations can easily be compromised in this manner. However, this
is more likely done by someone who is attempting to steal the machine, as opposed
to trying to breach security. Internal employees would use a different method. Because
your own employees have some level of access on the system, they can pose a serious
security threat. Even if they do not disassemble the machine, there are ways for
internal, trusted folks to bypass that CMOS password. And although this is a commonly
known fact among hackers and crackers, the average LAN supervisor may not be so aware.</P>
<P>I have seen offices, for example, where only the Novell administrator knew the
CMOS passwords. The procedure was almost comical. The administrator came in early
each morning and enabled all the workstations. At the end of the day, those workstations
were shut down and the CMOS password would be active. The administrator assumed (wrongly)
that in this manner, the network was safe from internal theft or tampering. This
assumption was based largely on the premise that no one in the office knew the CMOS
passwords but the administrator.</P>
<P>In fact, there are a number of CMOS password catchers on the market. These utilities
capture a CMOS password either while the user is already logged in or during boot.
Up to this point, we have not yet booted the machine; we are simply looking to get
inside. These utilities and techniques will allow us to do so:

<UL>
	<LI>Amiecod--This small utility is very reliable. It will retrieve the password last
	used on a motherboard sporting an American Megatrends BIOS. See the following:
</UL>


<DL>
	<DD><A HREF="http://www.iaehv.nl/users/rvdpeet/unrelate/amidecod.zip"><TT>http://www.iaehv.nl/users/rvdpeet/unrelate/amidecod.zip</TT></A>
</DL>


<UL>
	<LI>Ami.com--Identical in functionality to the Amiecod, this tool will retrieve an
	AMI CMOS password. See the following:
</UL>


<DL>
	<DD><A HREF="http://www.iaehv.nl/users/rvdpeet/unrelate/ami.zip"><TT>http://www.iaehv.nl/users/rvdpeet/unrelate/ami.zip</TT></A>
</DL>


<UL>
	<LI>Aw.com--This utility will retrieve (or recover) the password used on any board
	sporting an Award BIOS. See the following:
</UL>


<DL>
	<DD><A HREF="http://www.iaehv.nl/users/rvdpeet/unrelate/aw.zip"><TT>http://www.iaehv.nl/users/rvdpeet/unrelate/aw.zip</TT></A>
</DL>

<P>Once inside, the cracker will typically want to gain further, or <I>leveraged</I>,
access. To gain leveraged access, the cracker must obtain some information about
the system. Specifically, on DOS machines that also run Novell and Lantastic, the
cracker will need login IDs and passwords. To do that with some measure of stealth,
the cracker must employ several tools, including a key-capture utility.
<H3><FONT COLOR="#000077"><B>Key-Capture Utilities</B></FONT></H3>
<P>Key-capture utilities are programs (usually very small) that capture any keystrokes
that occur after a specified event. These keystrokes are recorded most commonly into
a hidden file and a hidden directory.</P>
<P>The technique discussed in Figure 16.2 is quite effective. The Alt+255 character
is an extended ASCII character and therefore is invisible at a prompt. In Windows,
it appears as a small, accented squiggle and is usually missed unless you are looking
for it. Kids use this technique to hide games and racy photographs on their home
and school machines.</P>
<P><A NAME="02"></A><A HREF="02.htm"><B>FIGURE 16.2.</B></A> <BR>