Windows XP Security - File System Security
(Page 5 of 6 )
Part of hardening your overall XP system is to ensure that your file system is adequately secured. Microsoft provides NT File System (NTFS) support in Windows XP. NTFS allows for more robust security features and user permissions and also adds some basic fault tolerance, with which the older FAT file system just cannot compete. Make sure all of your hard drives are formatted with NTFS unless you have systems that dual-boot to another, older operating system that doesn’t support NTFS on the same disk.
To check your hard drive partitions, do the following:
- Log in as Administrator, and double-click My Computer.
- Right-click each hard drive letter and choose Properties.
- Navigate to the General tab. Here, Windows will identify the file system type.
Follow the previous steps for each drive letter, noting which ones are labeled FAT or FAT32.
To convert a FAT or FAT32 partition to NTFS, do the following:
- Open a command prompt.
- At the command prompt, enter convert x: /FS:NTFS /V. Replace x with one of the drive letters you noted previously.
- Repeat the previous step for each FAT or FAT32 partition.
When you’re finished, reboot the system for the changes to take effect.
You might also choose to use third-party disk conversion utilities, like PartitionMagic or Norton Disk Doctor, to convert your file system to NTFS. It’s a painless procedure, no matter which tool you use to do it. Of course, you should always remember to back up your data before performing any change to a disk’s configuration or function.
Disable Automated Logins Windows XP offers a feature for machines that aren’t participating in a security domain where accounts without passwords can automatically log in at a computer’s startup without requiring any user intervention. Obviously, this is a huge security hole for machines connected to any kind of network. You’ll want to disable this.
To disable automated logins, do the following:
- Inside Control Panel, open Administrative Tools.
- Double-click Local Security Policy.
- Select a username.
- Make sure there is a password set for each user account that’s enabled.
Hardening Default Accounts The main premise is that in order for someone to access an XP system, she must have a username and password. To that effect, Windows creates the administrator account, for use by the machine’s owner, and a Guest account, which has limited privileges and is designed for people who don’t have continuing business on a machine. This isn’t just an XP function.
Of course, crackers have taken advantage of the presence of both accounts. You might consider renaming the two accounts to reduce the surface vulnerability of the machine. This doesn’t work for server machines all the time; sometimes server software and services require the administrator account to be named the same, but for client machines, renaming is usually a good strategy. This is true particularly for XP computers, because they tend to be directly connected to the Internet more than computers that are running older versions of Windows.
You can configure the Administrator account as follows:
- Log in as Administrator.
- Go to the Control Panel, double-click Administrative Tools, and then Computer Management.
- Open Local Users and Groups.
- Click the User folder.
- Right-click the Administrator account, and choose to rename it. Make it a less obvious name.
- Right-click this renamed Administrator account and select Set Password.
You can configure the Guest account as follows:
- Right-click the Guest account, and choose to rename it. Make it a less obvious name.
- Right-click this renamed Guest account, then select Set Password.
For security reasons, the Guest account in XP is disabled by default. Enabling the Guest account allows anonymous users to access the system. Even if no one sits down and logs in as a guest to your system, the account is used. If you share a folder, the default permission is that everyone has full control, and because Guest is included within the built-in Everyone group, a hole is opened. A standard practice is to always remove the share permissions from Everyone and add them to Authenticated Users. This is a much safer configuration.
Using Forensic Analysis Techniques Part of hardening a system is knowing when your efforts haven’t protected against or prevented an attack. Here are some common indicators that your system has been compromised:
- A system alert, alarm, or related indication from an intrusion-detection tool
- Suspicious entries in system or security logs in XP’s Event Viewer
- Unsuccessful logon attempts
- New user accounts of unknown origin
- New files on the physical file system of unknown origin and function
- Unexplained changes or attempt to change file sizes, checksums, timestamps, especially on files within the C:\WINNT hierarchy
- Unexplained addition, deletion, or modification of data
- Denial of service activity or inability of one or more users to log in to an account, including admin or root logins to the console
- System crashes
- Poor system performance
- Unauthorized operation of a program or the addition of a sniffer application to capture network traffic or usernames or passwords
- Port scanning and the use of exploit and vulnerability scanners, remote requests for information about systems and users, or social-engineering attempts
- Unusual usage times; statistically, more security incidents occur during nonworking hours than any other time
- An indicated last time of usage for an account that doesn’t correspond to the actual last time of usage for that account
- Unusual usage patterns; for example, programs are being compiled in the account of a user who doesn’t know how to program
Keep alert for these indicators. If any are tripped, back up any personal data on a machine, verify that data’s integrity, and then reformat the machine and reinstall Windows. It isn’t a safe bet to try to reconstruct a compromised machine for later production use.
Next: Checkpoints >>
More Windows Security Articles
More By Apress Publishing
|
 This article is taken from chapter four of the book Hardening Windows, written by Jonathan Hassell (Apress, 2004; ISBN: 1590592662). Check it out at your favorite bookstore. Buy this book now.
|
|
