File Systems
All file systems on Windows 2000 systems should be converted to NTFS. Since FAT file systems do not allow for file permissions, NTFS is better from a security point of view. If any of your file systems are FAT, you can use the program CONVERT to change it to NTFS. This program requires a reboot but it can be done with information already on the drive.
It should also be noted that Windows 2000 ships with a new version of NTFS, NTFS-5. NTFS-5 comes with a new set of individual permissions:
- Traverse Folder/Execute File
- List Folder/Read Data
- Read Attributes
- Read Extended Attributes
- Create Files/Write Data
- Create Folders/Append Data
- Write Attributes
- Write Extended Attributes
- Delete Subfolders and Files
- Delete
- Read Permissions
- Change Permissions
- Take Ownership
Before putting Windows 2000 into production, administrators and security staff should understand the new permissions and review the permissions structure on files and directories.
Encrypting File System One weakness in the NTFS file system is that it only protects files when used with Windows NT or Windows 2000. If an intruder can boot a system using another operating system (such as DOS), he or she could then use a program (such as NTFSDOS) to read the files and thus go around the NTFS access controls. Windows 2000 adds the Encrypting File System (EFS) to protect sensitive files from this type of attack.
EFS is designed to be transparent to the user. Therefore, the user does not have to initiate the decryption or encryption of the file (once EFS is invoked for the file or directory). To invoke EFS, select the file or directory you wish to protect, right-click, and select Properties. Select the Advanced button on the General screen and select Encrypt Contents to Secure Data.
When a file is designated to be encrypted, the system chooses a key to be used by a symmetric key algorithm and encrypts the file. The key is then encrypted with the public key of one or more users who will have access to the file. It should be noted here that the EFS has a built-in mechanism to allow for the recovery of encrypted information. By default, the local Administrator account will always be able to decrypt any EFS files.
Because of the way EFS interfaces with the user and the operating systems, some commands will cause a file to be decrypted and other will not. For example, the Ntbackup command will copy an encrypted file as is. However, if the user executes a Copy command, the file will be decrypted and rewritten to disk. If the destination location for the file is a non-NTFS 5.0 partition or a floppy disk, the file will not be encrypted when written. Also, if the file is copied to another computer, it will be re-encrypted with a different symmetric algorithm key. Thus, the two files will appear different on the two different computer systems even though the unencrypted contents of the file will be the same.
Shares As with Windows NT, Windows 2000 creates administrative shares when it boots. These are the C$, D$, IPC$, ADMIN$, and NETLOGON (only found on domain controllers) shares. The complete list of current shares can be examined by the Computer Management tool by selecting Control Panel | Administrative Tools. While these shares can be used to attempt to brute-force the administrator password, it is not recommended that you turn any of these off.
In this tutorial:
- Windows 2000 Security Issues
- Setting up the System
- Local Security Policy Settings
- Logon Message
- LAN Manager Authentication Level
- System Configuration
- File Systems
- Network
- Account Settings
- USER MANAGEMENT
- Setting File Permissions
- System Management
- Analysis
- Configuration
- Validation
- Export
- Auditing a System
- Log Files
- Looking for Suspicious Signs
- Missing Log Files or Gaps in the Log Files
- Unknown Processes