If you follow developments in the security underground, you recently heard about a kernel patch for Windows NT that, in a nutshell, can compromise not only the security of the OS, but an entire NT-based network. The patch replaces some bytes of code to get around NT’s native security.
There has been a lot of discussion on the Internet recently regarding this kernel patch, and the bottom line is that yes, a patch of this type is incredibly dangerous. And although installing that patch requires elevated privileges to the OS, gaining that type of access is not as hard as one might think. Innumerable possibilities exist where a person might have administrator access to a system for a period of time. A person can use this time to patch the kernel, install a backdoor, copy data, load hidden services, or anything else you can imagine.
In most cases, this problem boils down to trust. Either you trust someone with administrator access or you don't. And with Windows NT 4.0, only a few ways exist to avoid most potential shenanigans—and none of these prevention methods are 100 percent foolproof. That's the nature of computing at this point in its evolution.
NT has taken us a long way in its current renditions, but it still needs improvement. Many of those improvements will debut in Windows 2000 (Win2K). Win2K will significantly increase the potential for a more secure network through technologies such as Kerberos, public key infrastructure (PKI), and System File Protection (SFP), to name a few.
The recent kernel patch is a good example of how Win2K might be able to heighten security in events such as system file modification. With the new SFP in place, Win2K will detect changes to system files and automatically replace altered files with copies of the originals. But I think it's prudent to point out that SFP probably isn't bulletproof. If you can compromise SFP, you can compromise any system file you want. Accept the fact that no security system is 100 percent foolproof; security is always a trade-off of risk against functionality.
To sway the trade off in your favor, adopt a layered approach to overall system security, and don't be afraid to introduce redundancy—it's worth every penny. For example, although Win2K will support SFP, nothing prevents you from installing a Tripwire-like product as an added check and balance toward system integrity. The same premise applies to other aspects of security, from user accounts all the way to your firewall.
Win2K promises to deliver a level of security we've been wanting for a long time. If you haven't yet obtained a copy of Win2K through Microsoft's Corporate Preview Program, I highly recommend it. The added security features alone offer enough justification to make the transition from NT 4.0. Until next time, have a great week.