- Shopping Bag ( 0 items )
In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities?including e-commerce?to Windows.Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:
In recent years, Windows NT and Windows 2000 systems have emerged as viable platforms for Internet servers. More and more organizations are now entrusting the full spectrum of business activities—including e-commerce—to Windows.Unfortunately, the typical Windows NT/2000 installation makes a Windows server an easy target for attacks, and configuring Windows for secure Internet use is a complex task. Securing Windows NT/2000 Servers for the Internet suggests a two-part strategy to accomplish the task:
In recent years, Windows NT and 2000 systems have emerged as viable platforms for Internet servers, but securing Windows for Internet use is a complex task. This concise guide simplifies the task by paring down installation and configuration instructions into a series of security checklists for security administration, including hardening servers for use as "bastion hosts," performing secure remote administration with OpenSSH, TCP Wrappers, VNC, and the new Windows 2000 Terminal Services.
Microsoft's success in the network operating system market is largely because its products are so easy to use. The Windows server version has the familiar user interface that almost all office workers use every day. It's easy to get started, and you don't need in-depth knowledge of the operating system to install a Windows NT/2000 server. Most components are configured and started automatically, just as they are in the consumer Windows 95/Windows 98 operating system. These characteristics are attractive for an internal file and print server that isn't exposed to direct attack. However, you want something quite different for an external web server that serves the organization's customers and partners over the Internet. A system exposed in this way should provide a minimum of services and needs to be properly configured to ensure a higher level of security. As I mentioned earlier in this chapter, a system configured in this manner is referred to as a bastion host.
Basically, a bastion host is a computer system that is a critical component in a network security system, and one that is exposed to attack. Examples of bastion hosts are firewall gateways, web servers, FTP servers, and Domain Name Service (DNS) servers. Because bastion hosts are so important--and so vulnerable--such systems must be highly fortified. You must pay special attention to fortifying (i.e., establishing the maximum possible security for) the bastion host during both initial construction and ongoing operation.
Why are such systems called bastion hosts? The American Heritage Dictionary defines a bastion as:
Marcus J. Ranum is generally credited with applying the term bastion to hosts that are exposed to attack, and with the popularization of the term in the firewall community. In "Thinking About Firewalls V2.0: Beyond Perimeter Security" he wrote:
Bastions are the highly fortified parts of a medieval castle; points that overlook critical areas of defense, usually having stronger walls, room for extra troops, and the occasional useful tub of boiling hot oil for discouraging attackers. A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.
Bastion hosts are not general-purpose computing resources. They differ in both their intent and their specific configuration. The process of configuring or constructing a bastion host is often referred to as hardening.
The effectiveness of a specific bastion host configuration can usually be judged by answering two questions:
Chapter 2, Building a Windows NT Bastion Host, and Chapter 3, Building a Windows 2000 Bastion Host, provide detailed instructions for building a bastion host, using Windows NT and Windows 2000 respectively.
Exercise extreme caution when installing software on bastion hosts. Very few software products have been designed and tested to run safely on these exposed systems. For a thorough treatment of bastion hosts, and on firewalls in general, I recommend reading Building Internet Firewalls, Second Edition.
No matter how carefully you configure your bastion host to withstand direct attacks, you can't be entirely confident about its security. Most software code has bugs in it, and therefore all systems potentially have undiscovered security vulnerabilities. For this reason, it's important to provide extra layers of security for systems that are as exposed and as vulnerable as bastion hosts.
A common way to protect exposed servers on the Internet is to implement some kind of network-based access control mechanism that serves as extra protection for the bastion hosts. One such very effective mechanism is provided by a perimeter network. A perimeter network is a network that connects your private internal network to the public Internet or another untrusted network. This makes the perimeter network very important from a security standpoint. The purpose of this network is to serve as a single point of access control. All components in a perimeter must act in concert to implement a site's firewall policy. In other words, the perimeter network is a firewall system.
The perimeter network is a key part of the architecture of many current Internet sites. The reasons are partly historical. When the Internet took off commercially, many companies wanted to get on the Net to do business. The first step was often simply to publish product information on a web server. These web servers typically contained only static information, and thus didn't need to be connected to the internal network. With the advent of e-commerce, such web servers had to be connected in some way both to the clients on the Internet and to the legacy systems on the internal network -- for example, to process orders and check the availability of products.
Many companies now faced the requirement to connect their internal networks to the Internet--and to the accompanying security risks. Since the Internet could not be trusted for obvious reasons, there was an increasing need for company-controlled networks that could act as secured perimeters...
Chapter 1: Windows NT/2000 Security
Chapter 2: Building a Windows NT Bastion Host
Chapter 3: Building a Windows 2000 Bastion Host
Chapter 4: Setting Up Secure Remote Administration
Chapter 5: Backing Up and Restoring Your Bastion Host
Chapter 6: Auditing and Monitoring Your Perimeter Network
Chapter 7: Maintaining Your Perimeter Network
Well-Known Ports Used by Windows NT/2000
Security-Related Knowledge Base Articles
Build Instructions for OpenSSH on Cygwin