For many of us, the holidays will be spent with sugar plum fairies and the Grinch. For those of us less fortunate, the coming weeks will be spent grappling with Microsoft Corp.’s unique endowment to the enterprise computing world–Windows 2000. Large migrations are getting under way. So for those of us working in large shops, if the question of migration hasn’t yet come up, it will.
Microsoft is determined to maintain its command of the corporate server market through a combination of impressive features and coercion tactics (see Joe Mullich’s related story, No Rush To Open Windows 2000). These persuasive methods are already familiar to most of us: The folks in Redmond have a history of jettisoning prior versions while promoting the new ones. Because of the support implications of this philosophy, most corporate shops will be well on their way to Win2K by this time next year.
Once you’ve got the kvetching out of your system, you may find some value in the new and improved Windows OS. Aside from the performance and manageability perks that Microsoft has bundled into this package, the company has addressed many of the significant security weaknesses that plagued Windows NT 4.0. The result of this overhaul is a new set of security features, including a public key infrastructure platform, a transparent file encryption service, and Kerberos authentication.
How Secure Is Secure, Really?
If the new security features of Windows 2000 were a leading motivation for migration, then a good understanding of a significant W2K security limitation would be helpful. Take Windows 2000 and Kerberos authentication.
The cornerstone of Win2K’s security architecture is Microsoft’s implementation of Kerberos as an authentication protocol. To fully utilize all the features of Kerberos authentication, however, all existing installations of previous versions of Windows need to be upgraded. That means every server and every workstation throughout the enterprise. The source of the problem is a lingering vestige of Microsoft’s past–the Windows NT Lanman protocol.
The Lanman NT (LMNT) protocol in Win2K allows backward compatibility with Windows NT, 98, 95, and 3.11 clients. It also manages the authentication of a Windows 2000 workstation to an NT 4 server. Thus, a network running multiple versions of Windows would be open to attack via password compromises, the often-exploited method of authentication in the earlier OSs.
From a hacker’s perspective, this allows the weakest link type of vulnerability, where access to a well-protected Windows 2000 server is made trivial if a Windows 98 or NT 4 machine is connected to the server using the LMNT protocol. One fix for this weak link would be for Microsoft to release Kerberos client software for previous versions of Windows. But this solution would be a disincentive for those considering enterprisewide upgrades.
Novell NetWare environments will likewise be relegated to LMNT authentication. In fact, when it comes to Windows 2000’s Kerberos interoperability with non-Windows operating systems, the message from Microsoft officials remains confusing. Earlier in 2000, the open-source community reprimanded Microsoft over-proposed enhancements to Kerberos that threatened to reduce interoperability.
|It Helps To Be Prepared|
Launching a migration to Windows 2000 will require careful planning and significant resources. The following guidelines, which reflect the complexity of the operation, may help you prepare for migration:
The noise has died down, as Microsoft has clarified its interoperability with the various implementations of Kerberos on UNIX. This is accomplished chiefly through Active Directory Service Accounts, which allow subsets of Kerberos functionality. True Active Directory clients for non-Microsoft platforms may be on the drawing board, but don’t expect an early release.
Don’t Let Your Guard Down
Microsoft’s track record for securing the previous versions of Windows is less than brilliant. Critics charge that the company allows hackers to do much of its R&D work. Of course, Microsoft sees the constant attempts by hackers to penetrate its products as an unfortunate price of having the largest server market share.
Ultimately, a secure migration to Win2K will depend on adequate staffing and sufficient funding. Management must provide sufficient staffing and training resources to simultaneously maintain the existing system while launching the new one. An IT staff wrestling with newly introduced technologies cannot be expected to maintain the same level of security during migration without preparation.
Time will be the judge of Microsoft’s success with Windows 2000. If W2K migration is in your company’s immediate future, you’d be wise to remember that Microsoft is first and foremost a marketing company. R&D for security should follow the new product line since officials in Redmond have little interest in nurturing yesterday’s revenue streams.
Furthermore, hackers will continue to be pleased with the company’s business imperatives because easy exploits like password compromises will remain accessible for years to come. Given this unstable climate, and as widespread adoption of Windows 2000 commences, secure your migration to Windows 2000 by preparing your IT staff and not losing sight of ever-present and ever-changing security concerns. //
Brett Regan Young works for the Netigy Corporation in Houston. Netigy provides comprehensive eCommerce solutions, including secure migration to Win2K. Send your migration horror stories to: [email protected].