1 - 1
Windows 98/ME Security - SANS ©2001 1
Windows Security
Day 5
Security Essentials
The SANS Institute
This page intentionally left blank.
1 - 2
Windows Legacy Desktop Security - SANS ©2001 2
Agenda
Windows Legacy Desktops
–Overview
Security Issues
•Windows NT
–Overview
Security Issues
Windows 2000
–Overview
Security Issues
Windows 2000/XP Desktops
This page intentionally left blank.
1 - 3
Windows Legacy Desktop Security - SANS ©2001 3
Agenda (cont.)
Windows Backups
Windows Auditing
IIS
–Overview
–Security
This page intentionally left blank.
1 - 4
Windows 98/ME Security - SANS ©2001 4
Windows Legacy Desktops
Security
In this module we are going to look at legacy Windows Desktops. This includes Windows 98 and
Me, which are similar. The most important thing to know about Windows 98 and ME is there is no
file security and there is no authentication necessary. Even if you configure the system for multiple
users and have a password screen at bootup, anyone can hit “Cancel” and still get in. Access to files
depends on access to the machine. If you use passwords and have two users, each can see all of the
other’s files on the hard drive, and open any of them. There are three security techniques you can
use; two enforce security for Windows 98/Me: physical security and encryption and the other is
reactive.
Let’s look at an example. Joe travels around the world on business. His laptop is protected by
physical security. Since he travels a lot, he tries to keep his laptop bag with him at all times. Still,
there are times when Joe leaves it in the hotel room, or accesses the Internet and just hopes. Security
for most Windows 98/ME users amounts to hope and nothing more.
This section will suggest the addition of a layer of security encryption and introduce tools which can
help you determine what is happening with your Windows 98/ME system.
1 - 5
Windows Legacy Desktop Security - SANS ©2001 5
Windows Tools
System Configuration Editor
•Startup
System File Checker
•File Compare
File Attributes
The first section of this course will be to learn some new tools that give us information about our
system. Since everything we see will be inherited from the system’s startup processes, let’s cover
the elevator version of the status. From the Power On Self Test (POST) by the ROM BIOS, we go to
the disk and the secondary loader (IO.SYS) which loads the logo.sys (the logo screen). At this point,
a database called the registry, is consulted for system information. Virtual Device Drivers (VxDs)
come next, followed by an army of DLLs (Dynamic Link Libraries) which are actually programs. If
your system is configured for multiple users, this is the point at which you log in and your personal
password file is examined, which is located at \Windows\<yourusername>.pwl and if you have a user
profile it is loaded from the user portion of the registry database, which is
\Windows\Profiles\<yourusername>\user.dat If you have never looked at your profile, I highly
recommend a tour. Finally, if your system.ini has this line, shell=Explorer.exe, and you shutdown
cleanly the last time you used Windows, your Windows Explorer will come up after you boot.
Understanding your system and knowing how it operates are critical in order to properly secure that
system.