NT Server Security Seminar

Date: 17 & 18 Jun 99

Venue: 20 Kallang Ave, Pico Creative centre Level 5 Auditorium
(150m from Lavender MRT)

Although Windows NT offers comprehensive security features, it does not provide a suitable level of security immediately after it is installed.

This seminar will give you an insight into both the documented and undocumented features of NT Server which affect security, and provides guidelines for designing and implementing appropriate security control measures.

It covers the basic NT server security model and the security mechanisms that support it. It also includes a wide range of topics on NT security issues such as: NT security exposures, accounts and groups, file system security, registry settings, considerations for domain services, trust relationships, password security issues, virus threats on NT, auditing mechanisms, and complex security related issues resulting from connecting NT to WANs and the Internet. A comparison between the security features offered by NT and NetWare will be done.

References to NT Server 3.51 will be made occasionally so that participants will understand the changes and improvements in NT 4. Presentations will be supported by numerous life demonstrations on systems penetrations, hacking and protection. All demonstrations will be done under NT Server 4 platform.

An action-packed seminar you must not miss!

Objectives And Benefits

After the seminar, participants will be able to:

• Know the NT security model and architecture
• Understand how secure Windows NT really is
• Select suitable security software and encryption as added protection against hackers
• Learn the types of security exposures
• Configure NT server security features to protect against hackers or intruders
• Understand the importance of accounts and groups to security
• Know the most vulnerable parts of the LAN and OS and take appropriate measures to protect them
• Tackle virus problems in NT environment

Who Should Attend

This course is designed for security administrators, auditors, computer professionals, software developers and management who are concerned with the threat of hacking and unauthorised access into an NT Server. Participants with technical background or who have managed an NT environment will benefit significantly from the course. Those who are planning to use NT to connect to WANs and Internet will find this course an eye opener.

Seminar Highlights

Windows NT Security Rating

• Trusted Computing Base (TCB)
• C2 rating (Orange and Red Book)
• NT Server Security Overview

• Physical and Peripheral Security
• Software and Hardware access controls
• Crashing NT with a few mouse clicks

• FAT vs NTFS and their vulnerabilities
• Shares Permission vs Security Permission
• Security problems with Shares
• Concept of file and directory permissions, and the potential loopholes which exist

• Serious problems in the Registry
• Planting Trojan programs in Registry

• Wire tapping on a LAN
• Denying a specific PC from logging in
• TCP/IP weakness

• Telephone line tapping
• Security concerns of remote node and remote control
• Defeating dial-back security

• Possibility of hackers leaving an audit reflecting such attempts as coming from someone else's PC

• Capturing of NT login passwords
• Security of login scripts
• General logon cautions and policies

• Administrator Account break-in techniques
• The missing Auditor Account
• Threat of Backup Operator Group
• Security considerations in Users and Groups Naming
• Setting up a good Account Policy
• Beware of intrinsic privileges not explicitly granted by Administrator

• Threat of printouts being redirected across the network to attacker's printer

• Vulnerabilities of NT against boot and parasitic viruses

• How to log and audit a break-in?
• Can Administrator be reliably audited?
• Can an Auditor not be given Administrator privilege?

• Complexity of setting trust relationship

• Domain Name Services vs Directory Services
• Single Domain, Master Domain, Multiple Master Domain and Complete Trust Models

Register for Seminar! Fees Details.