select * from sys.backup_devices

Contains a row for each backup-device registered by using sp_addumpdevice  or created in SQL Server Management Studio.

select * from sys.backup_devices;


Column names

name:  Name of the backup device. Is unique in the set.
type: Type of backup device:
type_desc: Description of backup device type:
physical_name: Physical file name or path of the backup device.

Protect your privacy on the Internet

Your privacy on the Internet depends on your ability to control both the amount of personal information that you provide and who has access to that information. To read about how your information gets on the Internet and how it is used,

Follow the practical advice below to help increase your privacy online.

Think before you share personal information

First, read the website's privacy policy
Privacy policies should clearly explain what data the website gathers about you, how it is used, shared, and secured, and how you can edit or delete it. (For example, look at the bottom of this and every page on Microsoft.com.) No privacy statement? Take your business elsewhere.
Do not share more than you need to

• Do not post anything online that you would not want made public.
• Minimize details that identify you or your whereabouts.
• Keep your account numbers, user names, and passwords secret.
• Only share your primary email address or Instant Message (IM) name with people who you know or with reputable organizations. Avoid listing your address or name on Internet directories and job-posting sites.
• Enter only required information—often marked with an asterisk (*)—on registration and other forms.

Choose how private you want your profile or blog to be
Modify Windows Internet Explorer or website settings or options to manage who can see your online profile or photos, how people can search for you, who can make comments on what you post, and how to block unwanted access by others.

Monitor what others post

• Search for your name on the Internet using at least two search engines. Search for text and images. If you find sensitive information on a website about yourself, look for contact information on the website and send a request to have your information removed.
• Regularly review what others write about you on blogs and social networking websites. Ask friends not to post photos of you or your family without your permission. If you feel uncomfortable with material such as information or photos that are posted on others' websites, ask for it to be removed.

Guard your information

Protect your computer
You can greatly reduce your risk of online identity theft by taking these three steps to protect your computer:

1. Use an Internet firewall.
   Note Windows 7, Windows Vista, and Windows XP with Service Pack 2 and Service Pack 3 have a firewall already built in and automatically turned on.
2. Visit Microsoft Update to verify your settings and check for security updates.
   Note Microsoft Update will also update your Microsoft Office programs.
3. Subscribe to antivirus software and keep it current. Microsoft Security Essentials is a free download for Windows 7, Windows Vista, and Windows XP. For more information, see Help protect your PC with Microsoft Security Essentials. For more information, see How to boost your malware defense and protect your PC.

Create strong passwords
Strong passwords are at least 14 characters long and include a combination of letters (both upper and lower case), numbers, and symbols. They are easy for you to remember but difficult for others to guess.

1. Don't share your passwords with friends.
2. Avoid using the same password everywhere. If someone steals it, all the information that password protects is at risk.

Tip Learn how to create strong passwords.
Save sensitive business for your home computer
Avoid paying bills, banking, and shopping on a public computer, or on any device (such as a laptop or mobile phone) over a public wireless network.
Tip Internet Explorer can help erase your tracks on a public computer, leaving no trace of specific activity. For more information, see InPrivate: Frequently asked questions.

Protect yourself from fraud

Spot the signs of a scam
Watch for deals that sound too good to be true, phony job ads, notices that you have won a lottery, or requests to help a distant stranger transfer funds. Other clues include urgent messages ("Your account will be closed!"), misspellings, and grammatical errors.

1. Think before you click to visit a website or call a number in a suspicious email or phone message—both could be phony.
2. Be cautious with links to video clips and games, or open photos, songs, or other files—even if you know the sender. Check with the sender first.

Look for signs that a web page is safe
Before you enter sensitive data, check for evidence that:

1. The site uses encryption, a security measure that scrambles data as it crosses the Internet. Good indicators that a site is encrypted include a web address with https ("s" stands for secure) and a closed padlock beside it. (The lock might also be in the lower-right corner of the window.)
   
2. You are at the correct site—for example, at your bank's website, not a phony website. If you are using Internet Explorer, one sign of trustworthiness is a green address bar like the one above.

Use a phishing filter
Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filter included in Internet Explorer.
Help detect potential fraud
In the United States, you are entitled to one free credit report every year from each of the three major U.S. credit bureaus: Experian, Equifax, and TransUnion. Get them by visiting AnnualCreditReport.com.

Security in Internet Explorer 9

Online threats usually fall into one of three categories:

• Attacks on you (socially engineered attacks)
• Attacks on your computer, web browser, or add-ons to your web browser.
• Attacks on websites (for example, cross-site scripting)

Windows Internet Explorer 9, the newest version of the Microsoft web browser software, helps better protect you from these threats. Internet Explorer 9:

1. Provides a better warning system for potentially dangerous downloads. A new feature, Application Reputation, helps you to make safer decisions when you download content from the Internet.
   It uses available reputation data to prevent unnecessary warnings for programs with established reputations. It also shows a warning only when a download carries a higher risk of being malicious.
   
2. Filters content that might be dangerous. The ActiveX Filtering feature allows you to choose which websites can run ActiveX controls. By allowing ActiveX controls only on the sites you trust, you can reduce the number of ways cybercriminals can harm you.
   
3. Helps you avoid phishing scams and malware. SmartScreen Filter in Internet Explorer 9 helps protect you from websites that are suspected of hosting malicious content. When the SmartScreen Filter detects that a site may be unsafe, you will see an alert that will give you recommended actions. For more information, see SmartScreen Filter: Frequently asked questions.
4. Protects your privacy from online tracking. Many websites use technology that tracks your activities as you browse the Internet. Internet Explorer 9 introduces Tracking Protection, a feature that helps to protect your privacy from third-party online trackers.
   You can install a Tracking Protection List from a provider you trust or enable your personalized list. Internet Explorer 9 uses the Tracking Protection Lists as a guide to block or allow third-party tracking.
   
5. Helps protect against cross-site scripting attacks. Cybercriminals look for vulnerabilities in website code so that they can insert malicious scripts which gather private information about site visitors.
   Cross-site scripting vulnerabilities are an example of what these criminals try to find. Once they exploit the vulnerability, they can hijack your web account, monitor your keystrokes, and perform unwanted actions on your behalf. Internet Explorer 9 can identify certain types of such attacks and neutralize them by blocking their malicious code.

Email and web scams Protection

Email and web scams: How to help protect yourself

When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information.
On This Page

• How to recognize scams
• How to report scams
• What to do if you think you have been a victim of a scam
• Tools to help you avoid scams

How to recognize scams

New scams seem to appear every day. We try to keep up with them in our Security Tips & Talk blog. To see the latest scams, browse through our fraud section. In addition, you can learn to recognize a scam by familiarizing yourself with some of the telltale signs.
Scams can contain the following:

• Alarmist messages and threats of account closures.
• Promises of money for little or no effort.
• Deals that sound too good to be true.
• Requests to donate to a charitable organization after a disaster that has been in the news.
• Bad grammar and misspellings.

For more information, see How to recognize phishing emails and links.

Popular scams

Here are some popular scams that you should be aware of:
Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently.
Lottery scams. You might receive messages that claim that you have won the Microsoft lottery or sweepstakes. These messages might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the message. For more information, see What is the Microsoft Lottery Scam?
Rogue security software scams. Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.

How to report a scam

You can use Microsoft tools to report a suspected scam.

• Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
• Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

What to do if you think you have been a victim of a scam

If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.

• Change the passwords or PINs on all your online accounts that you think might be compromised.
• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
• Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
• If you know of any accounts that were accessed or opened fraudulently, close those accounts.
• Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.

Identity theft protection tools to help you avoid scams

Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.

• Windows Internet Explorer. In Internet Explorer, the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website's true identity.
  
  The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse. For more information, see SmartScreen Filter: frequently asked questions.
• Windows Live Hotmail. Microsoft's free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email. For more information, see SmartScreen helps keep spam out.
• Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams. For more information, see How Outlook helps protect you from viruses, spam, and phishing.

<

Avoid phishing scams

Phishing scams that target activities, interests, or news events

Phishing scams that target activities, interests, or news events

New phishing scams are generated whenever there is a newsworthy event, such as a natural disaster, a national election, or a significant change in the world financial system.

• Fake e-cards
• Fake job opportunities
• Donation scams

Fake e-cards

E-cards are created the same way websites are: They're built on the Internet, just like this page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.
This means an e-card you receive could actually be a phishing scam, spam or a spyware installer, or a computer virus.

How to avoid fake e-cards

• Recognize the sender of the e-card. If you don't know the sender, do not trust the card. Legitimate companies have standard, obvious ways for you to recognize that the email is not a fraud.
  For example, with MSN Greetings, the "from" always shows "Ecard from MSN Greetings" as the display name and "ecards@msn.americangreetings.com" as the email address.
  Make sure you check both the display name and email address of the sender.
• When in doubt, use alternative viewing methods. Do not click any links when you are not sure of the sender or intent of the email.
  For example, if you use MSN Greetings, you can view your greeting on the MSN Greetings website. Type "msn.americangreetings.com" into your web browser and click the "ecard pickup" link in the upper right-hand corner.
• Never download or click anything from an unknown source.
• Be wary of an email message or file attachment from someone you don't know or that seems suspicious.
• Preview a link's web address before you click it. If the link doesn't show an address, move your mouse pointer over a link without clicking it to see where the link goes. (The address should appear on the bottom bar of your web browser.)
• Don't accept an end-user agreement without reading the fine print first; you might inadvertently agree to install spyware or something else you don't want.
• Use established greeting card sites such as MSN Greetings or American Greetings when sending e-cards.

Online job-hunting scams

Phishing scams might also appear as phony job ads, used to convince job hunters to send them personal information. Cyber criminals post their ads on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.
These sites might also charge fees for services they will never render. Typically, after a few days the thieves close down the scam and disappear.

Best practices for online job hunters

• Never provide any non-work related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through email, over the phone, in a fax, or on your resume.
• List your resume on a job site that allows only verified recruiters to scan them and uses a privacy policy.
• Verify a prospective employer, recruiter, or recruiting agency through another source such as the Better Business Bureau or a phone book, and then contact them directly—or better yet, visit them in person at the company location during regular work hours.
• If a prospective recruiter or employer requests a background check, agree to do so only after you have met with them at their company location during regular work hours.
• Beware of anyone who asks you for money up front in exchange for finding work for you. You should never have to pay for "exclusive" job leads or for a job itself.
• If you are paying for job placement services, don't provide credit card or bank information or engage in any monetary transactions unless done in person, onsite, with a prospective recruiter or job agency.
• Carefully evaluate contact information in job ads or related email messages, watching out for spelling errors, an email address that does not feature the company's name, and inconsistencies with area or zip codes.
• Create an exclusive web-based email address and account for all non-personal communication.

Donation scams

Natural disasters, political campaigns, and global health issues are often the focus of donation phishing scams. For example, in recent years, cyber criminals have taken advantage of earthquakes and tsunamis to create illegitimate "charity" businesses to help the survivors of these events.
Most of these scams begin with an email message or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a link, you are taken to a phony website designed to trick you into providing your personal financial information.

How to avoid donation scams

• Be on guard if you receive an unsolicited email message from a charitable organization asking for money. Don't open any attachments or click any links. Manually type the charity's web address into your browser's address bar and make sure the request is legitimate before you donate.
• Double-check the spelling of the organization's website in the address bar before looking through the site. Spoofed websites often use deliberate, easily overlooked misspellings to deceive users.
• On the web page where you enter your credit card or other personal information, look for an "s" after http in the web address of that page. It should read: https://. (Encryption is a security measure that scrambles data as it traverses the Internet.)
• Make sure that there is a tiny closed padlock in the address bar, or on the lower-right corner of the window.
• If you are using Internet Explorer, one sign of trustworthiness is that the address bar turns green and displays both https and the closed padlock.
• Improve your computer's defenses by always using firewall, antivirus, and antispyware software, and making sure to download and install updates for all of your software. Use automatic updates so you don't have to manually install the updates.
• Use a browser filter that warns you of suspicious websites, such as the SmartScreen Filter in Internet Explorer.

Create strong passwords

Create strong passwords

Strong passwords are important protections to help you have safer online transactions.

Keys to password strength: length and complexity

An ideal password is long and has letters, punctuation, symbols, and numbers.

• Whenever possible, use eight characters or more.
• Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
• Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
• The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
• Use the entire keyboard, not just the letters and characters you use or see most often.

Create a strong password you can remember

There are many ways to create a long, complex password. Here are some suggestions that might help you remember it easily:

What to do	Example
Start with a sentence or two.	Complex passwords are safer.
Remove the spaces between the words in the sentence.	Complexpasswordsaresafer.
Turn words into shorthand or intentionally misspell a word.	ComplekspasswordsRsafer.
Add length with numbers. Put numbers that are meaningful to you after the sentence.	ComplekspasswordsRsafer2011.

Test your password with a password checker

A password checker evaluates your password's strength automatically. Try our secure password checker.

Protect your passwords from prying eyes

The easiest way to "remember" passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.

Common password pitfalls to avoid

Cyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords that use:

• Dictionary words in any language.
• Words spelled backwards, common misspellings, and abbreviations.
• Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
• Personal information. Your name, birthday, driver's license, passport number, or similar information.

Create strong passwords

Create strong passwords

Strong passwords are important protections to help you have safer online transactions.

Keys to password strength: length and complexity

An ideal password is long and has letters, punctuation, symbols, and numbers.

• Whenever possible, use eight characters or more.
• Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
• Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
• The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
• Use the entire keyboard, not just the letters and characters you use or see most often.

Create a strong password you can remember

There are many ways to create a long, complex password. Here are some suggestions that might help you remember it easily:

What to do	Example
Start with a sentence or two.	Complex passwords are safer.
Remove the spaces between the words in the sentence.	Complexpasswordsaresafer.
Turn words into shorthand or intentionally misspell a word.	ComplekspasswordsRsafer.
Add length with numbers. Put numbers that are meaningful to you after the sentence.	ComplekspasswordsRsafer2011.

Test your password with a password checker

A password checker evaluates your password's strength automatically. Try our secure password checker.

Protect your passwords from prying eyes

The easiest way to "remember" passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.

Common password pitfalls to avoid

Cyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords that use:

• Dictionary words in any language.
• Words spelled backwards, common misspellings, and abbreviations.
• Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
• Personal information. Your name, birthday, driver's license, passport number, or similar information.

NT Security

The Logon Process


WinLogon


Users must log on to a Windows NT machine in order to use that NT based machine or network. The logon process itself cannot be bypassed, it is mandatory. Once the user has logged on, an access token is created (this token will be discussed in more detail later). This token contains user specific security information, such as: security identifier, group identifiers, user rights and permissions. The user, as well as all processes spawned by the user are identified to the system with this token.


The first step in the WinLogon process is something we are all familiar with, CTRL+ALT+DEL. This is NT's default Security Attention Sequence (SAS - The SAS key combo can be changed. We will also discuss that later.). This SAS is a signal to the operating system that someone is trying to logon. After the SAS is triggered, all user mode applications pause until the security operation completes or is cancelled. (Note: The SAS is not just a logon operation, this same key combination can be used for logging on, logging off, changing a password or locking the workstation.) The pausing, or closing, of all user mode applications during SAS is a security feature that most people take for granted and dont understand. Due to this pausing of applications, logon related trojan viruses are stopped, keyloggers (programs that run in memory, keeping track of keystrokes, therefor recording someones password) are stopped as well.

The user name is not case sensitive but the password is.

After typing in your information and clicking OK (or pressing enter), the WinLogon process supplies the information to the security subsystem, which in turn compares the information to the Security Accounts Manager (SAM). If the information is compliant with the information in the SAM, an access token is created for the user. The WinLogon takes the access token and passes it onto the Win32 subsytem, which in turn starts the operating systems shell. The shell, as well as all other spawned processes will receive a token. This token is not only used for security, but also allows NTs auditing and logging features to track user usage and access of network resources.


Note: All of the logon components are located in a file known as the Graphical Indetification and Authentication (GINA) module, specifically MSGINA.DLL. Under certain conditions, this file can be replaced, which is how you would change the SAS key combination.


For fine tuning of the WinLogon process, you can refer to the registry. All of the options for the WinLogon process are contained in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon area. You can also fine tune the process by using the Policy Editor.


Logging on to a Domain


If an NT machine is a participant on a Domain, you would not only need to login to the local machine, but the Domain as well. If a computer is a member of a Domain, the WinLogon process is replaced by the NetLogon process.






Security Architecture Components


Local Security Authority (LSA): Also known as the security subsystem, it is the central portion of NT security. It handles local security policies and user authentication. The LSA also handles generating and logging audit messages.


Security Accounts Manager (SAM): The SAM handles user and group accounts, and provides user authentication for the LSA.


Security Reference Monitor (SRM): The SRM is in charge of enforcing and assuring access validation and auditing for the LSA. It references user account information as the user attempts to access resources.




Introduction to Securing an NT Box


Abstract


Microsoft Windows NT operating system provides several security features. However, the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop.


A particular installation's requirements can differ significantly from another. Therefore, it is necessary for individual customers to evaluate their particular environment and requirements before implementing a security configuration. This is also because implementing security settings can impact system configuration. Certain applications installed on Windows NT may require more relaxed settings to function properly than others because of the nature of the product. Customers are therefore advised to careful evaluate recommendations in the context of their system configurations and usage.


If you install a Windows NT machine as a web server or a firewall, you should tighten up the security on that box. Ordinary machines on your internal network are less accessible than a machine the Internet. A machine accessible from the Internet is more vulnerable and likely to be attacked. Securing the machine gives you a bastion host. Some of the things you should do include:


* Remove all protocol stacks except TCP/IP, since IP is the only protocol that runs on the Internet


* Remove unnecessary network bindings


* Disable all unnecessary accounts, like guest


* Remove share permissions and default shares


* Remove network access for everyone (User Manger -> Policies ->User rights, "Access this computer from the network")


* Disable unnecessary services


* Enable audit logging


* Track the audit information






Physical Security Considerations


Take the precautions you would with any piece of valuable equipment to protect against casual theft. This step can include locking the room the computer is in when no one is there to keep an eye on it, or using a locked cable to attach the unit to a wall. You might also want to establish procedures for moving or repairing the computer so that the computer or its components cannot be taken under false pretenses.


Use a surge protector or power conditioner to protect the computer and its peripherals from power spikes. Also, perform regular disk scans and defragmentation to isolate bad sectors and to maintain the highest possible disk performance.


As with minimal security, the computer should be protected as any valuable equipment would be. Generally, this involves keeping the computer in a building that is locked to unauthorized users, as most homes and offices are. In some instances you might want to use a cable and lock to secure the computer to its location. If the computer has a physical lock, you can lock it and keep the key in a safe place for additional security. However, if the key is lost or inaccessible, an authorized user might be unable to work on the computer.


You might choose to keep unauthorized users away from the power or reset switches on the computer, particularly if your computer's rights policy denies them the right to shut down the computer. The most secure computers (other than those in locked and guarded rooms) expose only the computer's keyboard, monitor, mouse, and (when appropriate) printer to users. The CPU and removable media drives can be locked away where only specifically authorized personnel can access them.






Backups


Regular backups protect your data from hardware failures and honest mistakes, as well as from viruses and other malicious mischief. The Windows NT Backup utility is described in Chapter 6, "Backing Up and Restoring Network Files" in Microsoft Windows NT Server Concepts and Planning. For procedural information, see Help.


Obviously, files must be read to be backed up, and they must be written to be restored. Backup privileges should be limited to administrators and backup operators-people to whom you are comfortable giving read and write access on all files.






Networks and Security


If the network is entirely contained in a secure building, the risk of unauthorized taps is minimized or eliminated. If the cabling must pass through unsecured areas, use optical fiber links rather than twisted pair to foil attempts to tap the wire and collect transmitted data.






Restricting the Boot Process


Most personal computers today can start a number of different operating systems. For example, even if you normally start Windows NT from the C: drive, someone could select another version of Windows on another drive, including a floppy drive or CD-ROM drive. If this happens, security precautions you have taken within your normal version of Windows NT might be circumvented.


In general, you should install only those operating systems that you want to be used on the computer you are setting up. For a highly secure system, this will probably mean installing one version of Windows NT. However, you must still protect the CPU physically to ensure that no other operating system is loaded. Depending on your circumstances, you might choose to remove the floppy drive or drives. In some computers you can disable booting from the floppy drive by setting switches or jumpers inside the CPU. If you use hardware settings to disable booting from the floppy drive, you might want to lock the computer case (if possible) or lock the machine in a cabinet with a hole in the front to provide access to the floppy drive. If the CPU is in a locked area away from the keyboard and monitor, drives cannot be added or hardware settings changed for the purpose of starting from another operating system. Another simple setting is to edit the boot.ini file such that the boot timeout is 0 seconds; this will make hard for the user to boot to another system if one exists.


On many hardware platforms, the system can be protected using a power-on password. A power-on password prevents unauthorized personnel from starting an operating system other than Windows NT, which would compromise system security. Power-on passwords are a function of the computer hardware, not the operating system software. Therefore the procedure for setting up the power-on password depends on the type of computer and is available in the vendor's documentation supplied with the system.

NT Security

The Logon Process


WinLogon


Users must log on to a Windows NT machine in order to use that NT based machine or network. The logon process itself cannot be bypassed, it is mandatory. Once the user has logged on, an access token is created (this token will be discussed in more detail later). This token contains user specific security information, such as: security identifier, group identifiers, user rights and permissions. The user, as well as all processes spawned by the user are identified to the system with this token.


The first step in the WinLogon process is something we are all familiar with, CTRL+ALT+DEL. This is NT's default Security Attention Sequence (SAS - The SAS key combo can be changed. We will also discuss that later.). This SAS is a signal to the operating system that someone is trying to logon. After the SAS is triggered, all user mode applications pause until the security operation completes or is cancelled. (Note: The SAS is not just a logon operation, this same key combination can be used for logging on, logging off, changing a password or locking the workstation.) The pausing, or closing, of all user mode applications during SAS is a security feature that most people take for granted and dont understand. Due to this pausing of applications, logon related trojan viruses are stopped, keyloggers (programs that run in memory, keeping track of keystrokes, therefor recording someones password) are stopped as well.

The user name is not case sensitive but the password is.

After typing in your information and clicking OK (or pressing enter), the WinLogon process supplies the information to the security subsystem, which in turn compares the information to the Security Accounts Manager (SAM). If the information is compliant with the information in the SAM, an access token is created for the user. The WinLogon takes the access token and passes it onto the Win32 subsytem, which in turn starts the operating systems shell. The shell, as well as all other spawned processes will receive a token. This token is not only used for security, but also allows NTs auditing and logging features to track user usage and access of network resources.


Note: All of the logon components are located in a file known as the Graphical Indetification and Authentication (GINA) module, specifically MSGINA.DLL. Under certain conditions, this file can be replaced, which is how you would change the SAS key combination.


For fine tuning of the WinLogon process, you can refer to the registry. All of the options for the WinLogon process are contained in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon area. You can also fine tune the process by using the Policy Editor.


Logging on to a Domain


If an NT machine is a participant on a Domain, you would not only need to login to the local machine, but the Domain as well. If a computer is a member of a Domain, the WinLogon process is replaced by the NetLogon process.






Security Architecture Components


Local Security Authority (LSA): Also known as the security subsystem, it is the central portion of NT security. It handles local security policies and user authentication. The LSA also handles generating and logging audit messages.


Security Accounts Manager (SAM): The SAM handles user and group accounts, and provides user authentication for the LSA.


Security Reference Monitor (SRM): The SRM is in charge of enforcing and assuring access validation and auditing for the LSA. It references user account information as the user attempts to access resources.




Introduction to Securing an NT Box


Abstract


Microsoft Windows NT operating system provides several security features. However, the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop.


A particular installation's requirements can differ significantly from another. Therefore, it is necessary for individual customers to evaluate their particular environment and requirements before implementing a security configuration. This is also because implementing security settings can impact system configuration. Certain applications installed on Windows NT may require more relaxed settings to function properly than others because of the nature of the product. Customers are therefore advised to careful evaluate recommendations in the context of their system configurations and usage.


If you install a Windows NT machine as a web server or a firewall, you should tighten up the security on that box. Ordinary machines on your internal network are less accessible than a machine the Internet. A machine accessible from the Internet is more vulnerable and likely to be attacked. Securing the machine gives you a bastion host. Some of the things you should do include:


* Remove all protocol stacks except TCP/IP, since IP is the only protocol that runs on the Internet


* Remove unnecessary network bindings


* Disable all unnecessary accounts, like guest


* Remove share permissions and default shares


* Remove network access for everyone (User Manger -> Policies ->User rights, "Access this computer from the network")


* Disable unnecessary services


* Enable audit logging


* Track the audit information






Physical Security Considerations


Take the precautions you would with any piece of valuable equipment to protect against casual theft. This step can include locking the room the computer is in when no one is there to keep an eye on it, or using a locked cable to attach the unit to a wall. You might also want to establish procedures for moving or repairing the computer so that the computer or its components cannot be taken under false pretenses.


Use a surge protector or power conditioner to protect the computer and its peripherals from power spikes. Also, perform regular disk scans and defragmentation to isolate bad sectors and to maintain the highest possible disk performance.


As with minimal security, the computer should be protected as any valuable equipment would be. Generally, this involves keeping the computer in a building that is locked to unauthorized users, as most homes and offices are. In some instances you might want to use a cable and lock to secure the computer to its location. If the computer has a physical lock, you can lock it and keep the key in a safe place for additional security. However, if the key is lost or inaccessible, an authorized user might be unable to work on the computer.


You might choose to keep unauthorized users away from the power or reset switches on the computer, particularly if your computer's rights policy denies them the right to shut down the computer. The most secure computers (other than those in locked and guarded rooms) expose only the computer's keyboard, monitor, mouse, and (when appropriate) printer to users. The CPU and removable media drives can be locked away where only specifically authorized personnel can access them.






Backups


Regular backups protect your data from hardware failures and honest mistakes, as well as from viruses and other malicious mischief. The Windows NT Backup utility is described in Chapter 6, "Backing Up and Restoring Network Files" in Microsoft Windows NT Server Concepts and Planning. For procedural information, see Help.


Obviously, files must be read to be backed up, and they must be written to be restored. Backup privileges should be limited to administrators and backup operators-people to whom you are comfortable giving read and write access on all files.






Networks and Security


If the network is entirely contained in a secure building, the risk of unauthorized taps is minimized or eliminated. If the cabling must pass through unsecured areas, use optical fiber links rather than twisted pair to foil attempts to tap the wire and collect transmitted data.






Restricting the Boot Process


Most personal computers today can start a number of different operating systems. For example, even if you normally start Windows NT from the C: drive, someone could select another version of Windows on another drive, including a floppy drive or CD-ROM drive. If this happens, security precautions you have taken within your normal version of Windows NT might be circumvented.


In general, you should install only those operating systems that you want to be used on the computer you are setting up. For a highly secure system, this will probably mean installing one version of Windows NT. However, you must still protect the CPU physically to ensure that no other operating system is loaded. Depending on your circumstances, you might choose to remove the floppy drive or drives. In some computers you can disable booting from the floppy drive by setting switches or jumpers inside the CPU. If you use hardware settings to disable booting from the floppy drive, you might want to lock the computer case (if possible) or lock the machine in a cabinet with a hole in the front to provide access to the floppy drive. If the CPU is in a locked area away from the keyboard and monitor, drives cannot be added or hardware settings changed for the purpose of starting from another operating system. Another simple setting is to edit the boot.ini file such that the boot timeout is 0 seconds; this will make hard for the user to boot to another system if one exists.


On many hardware platforms, the system can be protected using a power-on password. A power-on password prevents unauthorized personnel from starting an operating system other than Windows NT, which would compromise system security. Power-on passwords are a function of the computer hardware, not the operating system software. Therefore the procedure for setting up the power-on password depends on the type of computer and is available in the vendor's documentation supplied with the system.

Top 25 Most Dangerous Programming Mistakes

1. Improper Input Validation

   Ensure that your input is valid. If you're expecting a number, it shouldn't contain letters. Nor should the price of a new car be allowed to be a dollar. Incorrect input validation can lead to vulnerabilities when attackers can modify their inputs in unexpected ways. Many of today's most common vulnerabilities can be eliminated, or at least reduced, with strict input validation.

2. Improper Encoding or Escaping of Output

   Insufficient output encoding is at the root of most injection-based attacks. An attacker can modify the commands that you intend to send to other components, possibly leading to a complete compromise of your application - not to mention exposing the other components to exploits that the attacker would not be able to launch directly. When your program generates outputs to other components in the form of structured messages such as queries or requests, be sure to separate control information and metadata from the actual data.

3. Failure to Preserve SQL Query Structure (aka 'SQL Injection')

   If attackers can influence the SQL that you send to your database, they can modify the queries to steal, corrupt, or otherwise change your underlying data. If you use SQL queries in security controls such as authentication, attackers could alter the logic of those queries to bypass security.

4. Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')

   Cross-site scripting (XSS) is a result of combining the stateless nature of HTTP, the mixture of data and script in HTML, lots of data passing between web sites, diverse encoding schemes, and feature-rich web browsers. If you're not careful, attackers can inject Javascript or other browser-executable content into a web page that your application generates. Your web page is then accessed by other users, whose browsers execute that malicious script as if it came from you -- because, after all, it did come from you! Suddenly, your web site is serving code that you didn't write. The attacker can use a variety of techniques to get the input directly into your server, or use an unwitting victim as the middle man.

5. Failure to Preserve OS Command Structure (aka 'OS Command Injection')

   Your software acts as a bridge between an outsider on the network and the internals of your operating system. When you invoke another program on the operating system, and you allow untrusted inputs to be fed into the command string, you are inviting attackers into your operating system.

6. Cleartext Transmission of Sensitive Information

   Information sent across a network crosses many different nodes in transit to its final destination. If your software sends sensitive, private data or authentication credentials, beware: attackers could sniff them right off the wire. All they need to do is control one node along the path to the final destination, any node within the same networks of those transit nodes, or plug into an available interface. Obfuscating traffic using schemes like Base64 and URL encoding offers no protection.

7. Cross-Site Request Forgery (CSRF)

   Cross-site request forgery is like accepting a package from a stranger -- except the attacker tricks a user into activating a HTTP request "package" that goes to your site. The user might not even be aware that the request is being sent, but once the request gets to your server, it looks as if it came from the user -- not the attacker. The attacker has masqueraded as a legitimate user and gained all the potential access that the user has. This is especially handy when the user has administrator privileges, resulting in a complete compromise of your application's functionality.

8. Race Condition

   A race condition involves multiple processes in which the attacker has full control over one process; the attacker exploits the process to create chaos, collisions, or errors. Data corruption and denial of service are the norm. The impact can be local or global, depending on what the race condition affects - such as state variables or security logic - and whether it occurs within multiple threads, processes, or systems.

9. Error Message Information Leak

   Chatty error messages can disclose secrets to any attacker who misuses your software. The secrets could cover a wide range of valuable data, including personally identifiable information (PII), authentication credentials, and server configuration. They might seem like harmless secrets useful to your users and admins, such as the full installation path of your software -- but even these little secrets can greatly simplify a more concerted attack.

10. Failure to Constrain Operations within the Bounds of a Memory Buffer

    The scourge of C applications for decades, buffer overflows have been remarkably resistant to elimination. Attack and detection techniques continue to improve, and today's buffer overflow variants aren't always obvious at first or even second glance. You may think that you're completely immune to buffer overflows because you write your code in higher-level languages instead of C. But what is your favorite "safe" language's interpreter written in? What about the native code you call? What languages are the operating system API's written in? How about the software that runs Internet infrastructure?

11. External Control of Critical State Data

    If you store user state data in a place where an attacker can modify it, this reduces the overhead for a successful compromise. Data could be stored in configuration files, profiles, cookies, hidden form fields, environment variables, registry keys, or other locations, all of which can be modified by an attacker. In stateless protocols such as HTTP, some form of user state information must be captured in each request, so it is exposed to an attacker out of necessity. If you perform any security-critical operations based on this data (such as stating that the user is an administrator), then you can bet that somebody will modify the data in order to trick your application.

12. External Control of File Name or Path

    When you use an outsider's input while constructing a filename, the resulting path could point outside of the intended directory. An attacker could combine multiple ".." or similar sequences to cause the operating system to navigate out of the restricted directory. Other file-related attacks are simplified by external control of a filename, such as symbolic link following, which causes your application to read or modify files that the attacker can't access directly. The same applies if your program is running with raised privileges and it accepts filenames as input. Similar rules apply to URLs and allowing an outsider to specify arbitrary URLs.

13. Untrusted Search Path

    Your software depends on you, or its environment, to provide a search path (or working path) to find critical resources like code libraries or configuration files. If the search path is under attacker control, then the attacker can modify it to point to resources of the attacker's choosing.

14. Failure to Control Generation of Code (aka 'Code Injection')

    While it's tough to deny the sexiness of dynamically-generated code, attackers find it equally appealing. It becomes a serious vulnerability when your code is directly callable by unauthorized parties, if external inputs can affect which code gets executed, or if those inputs are fed directly into the code itself.

15. Download of Code Without Integrity Check

    If you download code and execute it, you're trusting that the source of that code isn't malicious. But attackers can modify that code before it reaches you. They can hack the download site, impersonate it with DNS spoofing or cache poisoning, convince the system to redirect to a different site, or even modify the code in transit as it crosses the network. This scenario even applies to cases in which your own product downloads and installs updates.

16. Improper Resource Shutdown or Release

    When your system resources have reached their end-of-life, you dispose of them: memory, files, cookies, data structures, sessions, communication pipes, and so on. Attackers can exploit improper shutdown to maintain control over those resources well after you thought you got rid of them. Attackers may sift through the disposted items, looking for sensitive data. They could also potentially reuse those resources.

17. Improper Initialization

    If you don't properly initialize your data and variables, an attacker might be able to do the initialization for you, or extract sensitive information that remains from previous sessions. If those variables are used in security-critical operations, such as making an authentication decision, they could be modified to bypass your security. This is most prevalent in obscure errors or conditions that cause your code to inadvertently skip initialization.

18. Incorrect Calculation

    When attackers have control over inputs to numeric calculations, math errors can have security consequences. It might cause you to allocate far more resources than you intended - or far fewer. It could violate business logic (a calculation that produces a negative price), or cause denial of service (a divide-by-zero that triggers a program crash).

19. Improper Access Control (Authorization)

    If you don't ensure that your software's users are only doing what they're allowed to, then attackers will try to exploit your improper authorization and exercise that unauthorized functionality.

20. Use of a Broken or Risky Cryptographic Algorithm

    Grow-your-own cryptography is a welcome sight to attackers. Cryptography is hard. If brilliant mathematicians and computer scientists worldwide can't get it right -- and they're regularly obsoleting their own techniques -- then neither can you.

21. Hard-Coded Password

    Hard-coding a secret account and password into your software is extremely convenient -- for skilled reverse engineers. If the password is the same across all your software, then every customer becomes vulnerable when that password inevitably becomes known. And because it's hard-coded, it's a huge pain to fix.

22. Insecure Permission Assignment for Critical Resource

    Beware critical programs, data stores, or configuration files with default world-readable permissions. While this issue might not be considered during implementation or design, it should be. Don't require your customers to secure your software for you! Try to be secure by default, out of the box.

23. Use of Insufficiently Random Values

    You may depend on randomness without even knowing it, such as when generating session IDs or temporary filenames. Pseudo-Random Number Generators (PRNG) are commonly used, but a variety of things can go wrong. Once an attacker can determine which algorithm is being used, he can guess the next random number often enough to launch a successful attack after a relatively small number of tries.

24. Execution with Unnecessary Privileges

    Your software may need special privileges to perform certain operations; wielding those privileges longer than necessary is risky. When running with extra privileges, your application has access to resources that the application's user can't directly reach. Whenever you launch a separate program with elevated privileges, attackers can potentially exploit those privileges.

25. Client-Side Enforcement of Server-Side Security

    Don't trust the client to perform security checks on behalf of your server. Attackers can reverse engineer your client and write their own custom clients. The consequences will vary depending on what your security checks are protecting, but some of the more common targets are authentication, authorization, and input validation.