This training explains guidelines and practices that counter common, known attacks on Windows NT network installations that expose or modify user data maliciously. The goal is to make Windows NT as secure as it can resonably and practically be configured. We believe that these step by step guidelines reduce security risks to a level on par with the most aggressive current efforts to penetrate Windows NT system. The same threats exists in governmental and commercial environments and the techniques for containing them are the same. Hence, the guidelines are applicable to almost NT environment.

Windows NT has many controls for tightening its security. However, even in the most secure mode that these guidelines address, they do not blindly recommend the tightest settings for all controls. Implicit in the guidelines is the understanding that its recommendations must be both effective against certain threats and also practical. Some controls impede operational capability and their use must be carefully balanced against the security they offer.

These 4 days intensive training course in Windows NT Security and Advanced Administration Guidelines that features effective practices in securing Windows NT installations and administrations is intended for:

• Windows NT System Administrators
• Network Administrators
• Computer Professionals

You don't need to know anything about Windows NT security (That, you will learn in this training, of course *smile*) but, you will need to be familiar with Windows NT environment and commands in general. Basic knowledge in Windows NT administration will be a great help.

Throughout these 4 days training course, our responsibility is to take you for a walk through security aspects of Windows NT. We will explain and guide you step by step to securely install and manage your Windows NT system. We will provide hands-on practices and in-depth discussion on the topics covered.

The training will primarily discuss about Windows NT security issues during installations and administrations. We will not explain and discuss issues on what is Windows NT, how to use Windows NT, and other issues which are not related to security.

Below are the topics that will be discussed in the training:

• Windows NT Installation
  This short but important guideline addresses hardware issues and the basic installation process.
  Keywords: Physical Security, Booting, Storage Protection, Storing Critical User Data, Emergency Repair Disk

• Domain Planning and Basic Access Restriction
  This general guideline addresses how to use the three fundamental features that determine which users can log onto and remotely access other computers on the network. Designing how these features work in combination is fundamental in securing a Windows NT network.
  Keywords: Domain Models, Accounts & Network Authentication, Logon Rights in Multidomain Environment

• Administrative Structure
  This chapter addresses the configuration and use of administrative and operator accounts. It recommends no major reconfiguration of the standard Windows NT accounts, but offers guidelines on the scope and assignment of accounts to administrative personnel.
  Keywords: Full Administrators, Renaming the Administrator Account, Administrative Practices

• General Policies
  This guideline holds a lengthy collection of important Windows NT security controls. While somewhat obscure and detailed, they pose important decisions you should make early in your security implementation. Here we will step by step configure Windows NT to establish and strengthen security based on your site policy.

• File system and Registry ACL Settings
  This guideline presents a strategy for tightening the Access Control Lists (ACLs) on critical system objects, mainly those in the system root directory (usually C:\WINNT) which holds most of the sensitive files in Window NT, and the Windows NT Registry. As a concession to ease-of-use and software compatibility, by default these ACLs are not as tight as they could be.
  Keywords: Setting File System ACL, Setting Re gistry ACL

• User Accounts and Groups
  This guideline addresses the few considerations for the account parameters other than passwords. For example, this guideline advocates aggressive use of the account restrictions as to which computers the account can locally log on. This guideline also covers user groups other than administrative groups and common groups like Users and Domain Users.
  Keywords: User Accounts and Groups Policies

• Passwords
  This guideline prescribes the full and aggressive use of account locking and other password parameters in the Account Policy. It also presents several common password schemes and classifies them according to the probability of successful attack based on various Windows NT password control parameters. Ultimately each site must tailor its password policy to its own risks. This guideline offers recommendations toward this end.
  Keywords: Password Complexity, Lifetime, Locking & Filtering

• Application and Home Directories
  This guideline presents a standard technique for setting up common application (program) directories to make these critical system components resistant to attacks like viruses. It also advocates removing access to such programs from critical administrators unless the programs are thoroughly trustworthy.
  Keywords: Common Application Directories, Home and Application Directories.

• System Policy Files
  System Policy Files are a Windows NT feature that lets administrators centrally control the basic appearance of the user's desktop environment. This includes various aspects of their start menu, the items on their desktop, and whether or not the system presents a "for official use only" window during logon. Administrators can set up central policies that apply to different groups of users and workstations. For some level, the guidelines recommend setting up a simple, basic policy file, even though relatively few system security policies are of significant security strength.
  Keywords: Installing and Setting a System Policy, Recommended Default User Policies, Policies Update Mode

• User Rights
  Each Windows NT computer has an administratively controlled Rights policy that assigns combinations of about 30 "Rights" to various users and groups who access that Computer. For example, the ability to set the system time and date is a Right. As installed, the Windows NT Rights policy is prudent. This guideline recommends a few small changes to enhance security.
  Keywords: Modify Default Rights Policy to Tighten-Up Security

• Policy Auditing and Security Logs
  The Windows NT security log can collect a variety of detailed, security relevant events into managed collection files, and administrators have considerable latitude over which events are saved. This guideline suggests which basic categories to record at each Level and how to manage Windows NT's security log. This is a point-of-departure open to considerable site interpretation.
  Keywords: Audit Policy to Record Essential Info, Auditing Base Object, Managing Audit Trails, Security Logs Location

• System Services
  Windows NT system services are important components. Services are (usually powerful) programs that run largely unseen performing various services for user programs or remote elements on the network. This guideline presents cautions for eliminating unnecessary services as well as suggestions for running services under accounts safer than the customary, all-powerful SYSTEM account.
  Keywords: Minimizing Services and Their Capabilities, Restricting Operator Control Of Services, Unprevileged Service Accounts

• Network Sharing
  This brief guideline contains recommendations for creating network share directories and printers, including comments on "hidden administrative shares."
  Keywords: Sharing Guideline to Improve Security, Printer Access

• Networking
  Many of these guidelines address security issues in Windows NT's domain-base networking environment. This section gives basic advice on minimizing network services, removing hostile elements from a Windows NT network, isolating Windows NT's native sharing services from an Intranet, and general guidelines on where firewalls and encryption may be needed.
  Keywords: Protecting LAN, Unencrypted & LANMAN Passwords, Network Attacks, Eavesdropping & Interception, Applying Cryptography to Network Traffic, TCP/IP Port Limitation

• Remote Access Service
  RAS is a native Windows NT service that lets computers log onto remote networks through a Windows NT RAS server. This access is via a telephone line or, (using the companion PPTP protocols) an Intranet. This guideline addresses setting the relatively few RAS security parameters for sites whose policy allows remote access.
  Keywords: Enforce Encryption Scheme, RAS Sentry, Strong User Passwords

• Spoofing
  Spoofing is where a malicious user attempts to lure an unsuspecting user into running a malicious program that the first user created. If successful, the malicious program runs with the full capabilities of the duped user and can cause widespread damage if that user is an administrator. Spoofing is perhaps the most dangerous threat in operating systems. Unfortunately it is also the most difficult to combat because countermeasures tend to be non-specific. This guideline presents several spoofing threats and counsels on how to minimize them.
  Keywords: Logon Separation, Trusted Path, Protection Standard Extensions, Defining Standard Extensions, DLL Spoofing

• General Security Policies Checklist
  This chapter shortlists all the steps need to be taken to solve certain problems related to Windows NT. Steps are organized into parts, and each step�s includes problem(s) the step is intended to solve, the actions need to be taken, tips on how to take the action if it is not obvious, and caveats where they add value.

• Educating User and their Responsibilities
  This guideline presents basic practices that all regular users should understand and use. It recommends that administrators develop a site policy of such practices and impart the policy to their system users.

• Security Tools and Administration Utilities
  Tools discussed in this chapter are used to check Windows NT security settings. They can also be used as a analysis and management tools to further tighten the security.
  Keywords: LophtCrack, Webtrends Security Analyzer

  Notes: The training contents are subject to change

Tentative Dates: