Security in Microsoft's new enterprise OS

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

eSentinel Column

Microsoft Corp.’s latest operating system, Windows 2000, goes far beyond incremental improvements over Windows NT. Aimed toward high-end computing emphasizing reliability, scalability, and cost benefits compared to other OSes, this business platform offers a variety of security features under “one roof.”

Windows 2000 leverages those security features available in Windows NT by adding several features enhanced by its new Active Directory (AD) service. Founded on public-key cryptography, this OS includes the Kerberos version 5 authentication protocol for network authentication, public-key certificates for authentication, secure sockets layer (SSL) 3.0 secure channels, and data integrity and privacy standard protocols through CryptoAPI for public networks. Also included is a smart card log-on interface; IP security protocol (IPSec) authentication, data integrity, and encryption; and a certificate services module for creating a certification authority to manage the public-key infrastructure.

The catch? Plan to spend time on corporate security planning, to invest in Windows 2000 training to deal with components such as Active Directory, and to dedicate resources to create detailed parameter settings validating many security-related features.

To Microsoft’s credit, it postponed launching Windows 2000 for over 18 months to avoid delivering bugs–a common abnormality bewailed by most IT managers. (Rumor had it that over 63,000 bugs were found in the beta versions.) This time around, the company took the heat and invested more resources and time to avoid many of the installation and operational problems apparent in most new software. The same investments were made in the OS’s security components.

The flavors of Windows 2000

Three versions of Windows 2000 are currently available: Windows 2000 Professional for desktops and notebooks; Windows 2000 Server; and Windows 2000 Advanced Server for core line-of-business and e-commerce applications requiring high-demand operations (supporting up to eight processors).

DataCenter, the next version, currently scheduled for June 2000 release, targets large Internet service providers with demanding online transaction processing, as well as organizations servicing large data warehouses that call for servers with up to 32 processors.

These investments have paid off. Survey.com, a custom e-research and polling company located in Mountain View, Calif., conducted a Windows 2000 adoption study in June 1999. Data gathered from the 1,400 respondents (88% were IT/IS professionals, 26% were business managers, and 20% were software developers) indicated that by 2001 over 90% of organizational desktops will be running Windows 2000 Professional. Also by 2001, 81% of organizational servers will run either Windows NT 4.0 or Windows 2000 Server.

Security nuts and bolts

Though the features package available in Windows 2000 is extensive, security is not defined by software features alone; it’s defined by how the software reacts to conditions and interactions not anticipated by the designers. Software security options must be available to forestall other than expected activity and sideline the multitude of possibilities to circumvent authentication.

As risk complexity increases, so do security flaws. Security weaknesses can take two directions. First and more deadly are “black box” default settings, where the vendor understands the default activated security protections more often than systems administrators do. Second, detailed security option settings can be misconfigured by administrators who do not have a security plan or a detailed understanding of how to implement the plan technically, or by those who fail to select the appropriate security levels for their organizations.

In this increasingly challenging arena, remaining up-to-date on security technology and online threats, and establishing preventative barriers is mandatory. Systems administrators should keep in mind several security rules of thumb:

Expect new security holes continually. Hey, it’s a dark world out there filled with folks looking for a thrill (i.e., if they don’t have a life, online action looks GOOD). In other words, don’t expect to install security controls and then forget updates until the next version.
It’s not just software that creates superior e-security; administrators and staff make the difference.
Expect additional security flexibility and complexity in future versions and plan for resources to keep current on threat protections.
Don’t expect Microsoft to solve security threats before they arise; unfortunately it’s a reactive world. While Microsoft is known for dragging its feet with known problems, Internet-related software security threats have convinced the company to increase security center staff (http://www.microsoft.com/security/default.asp) to handle the burgeoning flow of online break-ins.
Prepare a realistic and detailed computer, networking, and communications security plan that can AND WILL be implemented.
Expect loss risk to increase dramatically with e-commerce.

Enter Windows 2000

Microsoft just released
its new version 1.0 Windows 2000 Internet Server Security Configuration Tool for Internet Information Server 5.0 environments. This new tool interactively assesses needed server security features, generates settings, and installs an integrated security configuration on the server.

Microsoft has obviously recognized the strong feedback regarding Windows 2000 security feature complexity and is responding accordingly. As with most software, the first version should be cautiously evaluated and configurations created with it should be validated. This tool is obviously not a panacea for effective security planning. Downloading is available at
http://www.microsoft.com/
technet/security/tools.asp.

Windows 2000 provides a public-key encryption infrastructure so certificate services can perform issuance, management, and revocation services as well as file and system ID encryption. The OS can also use the IPSec online encryption protocol, SSL, and transport layer security (TLS) specs for transport layer encryption.

Virtual private network (VPN) encryption is based on public keys. A file encrypting system (EFS) enables users to encrypt disk files using their unique password, again a security problem when theft is an “inside job.” Some data security is facilitated with this capability for mobile computing platforms when pilfered at airports, for example.

Windows 2000 Server’s Active Directory component creates a “domain administrator,” who assigns system rights to other administrators and users, thus restricting or enabling network access to various resources. AD facilitates management of network components, including network and system devices, applications, and users.

As a network object database, AD is a focal point for centralized administation, but it’s also a key component for software programmers to consider in the development cycle. Systems administrators can perform such tasks as remotely installing Windows 2000 Professional on clients, and the IntelliMirror feature allows users to access their data, settings, and applications on different machines.

A word of caution: Systems administrators tasked with security MUST be trained on AD for effective implementation. Detailed security planning is mandatory to develop effective security, even with AD training. While AD does not create security mechanisms per se, it is the central authority to establish, maintain, and modify security parameters. In other words, AD enables a far more efficient and integrated security system.

While user authentication has been overhauled in Windows 2000 through AD, both server versions continue to support Windows NT LAN Manager authentication protocol for legacy clients. With Kerberos 5 authentication protocol support, which is designed to enable two parties to exchange private information across an open network by assigning a unique key/ticket to each user that logs into the network, tickets embedded in messages identify the sender of the message.

An unfortunate weakness in this approach is use of a time stamp encrypted with a hash of the user’s password, normally a poor selection considering the short and easily remembered passwords normally chosen by users. Thankfully, Windows 2000 can enforce more challenging passwords. Its protocol offers single sign-on across systems, including non-Windows 2000 servers (assuming Kerberos 5 installations or trusted certificate authorities). The system can mitigate this weakness by either assigning random passwords or denying simple, user-based entry codes.

Microsoft Windows 2000 offers a wide range of security features. The learning curve and knowledge maintenance requirements, however, are substantial. Still, it offers organizations the ability to greatly improve online security. //

Dr. Martin Goslar Ph.D. is principal analyst and managing partner of E-PHD.COM, an e-security analysis and intelligence firm. He is on the editorial board of the International Journal of Electronic Commerce and can be reached at Comments@E-PHD.COM.