Is Win2000 secure?

[mea culpa <jericho () DIMENSIONAL COM>]

From: darek.milewski () us pwcglobal com
From: NWFusion Focus [mailto:news () gaeta itwpub1 com]

NETWORK WORLD FUSION FOCUS: JIM REAVIS on SECURITY

Today's Focus: Windows 2000: It's new, it's big! Is it secure?  10/29/99
By Jim Reavis

As I am just putting the finishing touches on this article, the news
coming across the wire is that Windows 2000, the rechristened NT operating
system, will in fact live up to its name and be released in February of
2000, not late in 1999 as repeatedly promised.  Microsoft President Steve
Ballmer said at the Gartner Group's Symposium/ITxpo that Microsoft would
not ship Win 2000 until it was "absolutely, positively right."

This will likely be acceptable to most of you in IT land, as there is an
increasing recognition that this is a significant upgrade worthy of the
name change.  Many of the new features in Windows 2000 are security
related and take advantage of emerging standards.  Will Windows 2000
improve your organization's security posture?

The new security features in Windows 2000 cover a variety of new areas.
One of the most notable and pleasant features is the integration of IP
Security.  IPSec is an IETF standard for encryption of TCP/IP traffic
across the wire.  It is the standard that is integrated into IPv6 and is
considered to be a more secure method for TCP/IP encryption than its
predecessors, including Microsoft's own Point-to-Point Tunneling Protocol.
IPSec is fast becoming the lingua franca of virtual private networks, and
Microsoft's native adoption of IPSec is significant in giving
organizations the capability to roll out secure, heterogeneous VPNs
globally.

A significant security standard implemented in Windows 2000 is Kerberos,
the network authentication protocol developed at MIT. Like IPSec, Kerberos
is on the IETF standards track and provides capabilities for Windows 2000
to exchange credentials with, as well as authenticate with, other
enterprise systems.

Unlike the current Microsoft authentication protocol NTLM, Kerberos makes
no assumption of trust and is a superior option for mitigating the risk of
internal security breaches. Kerberos can be used in place of the NTLM
authentication protocol for homogeneous Windows 2000 communications.
Windows 2000 will need to use NTLM for interoperable authentication with
NT 4.0 and Windows 9x systems.  For those of you that had large networks
of P's using Netbeui, which were migrated to TCP/IP, it will be a
similarly long period of coexistence to migrate off of NTLM.  Having
Kerberos-aware networks will become increasingly important in the future;
it is not only more secure, but is also more efficient - users and
resources can bypass domain controllers after initial authentication.  It
also provides a solid foundation for open Single Signon solutions.

Other new security features incorporated into Windows 2000 include:

* Encrypted File System. One component is transparent file encryption on
NTFS file systems, configurable on a per folder/file basis. The underlying
encryption algorithm is standard DES, using 128 bit keys for North America
and 40 bit keys internationally. Microsoft is lobbying the Department of
Commerce for an exemption to export strong crypto, but that will not
happen the first time around, even with the release delay and the Clinton
Administration's pronouncement of loosening crypto regulations.  However,
even weak crypto is an improvement over nothing, and if you are not
already using PGP or something else to encrypt your data, there is no
reason not to use a seamless option like Encrypted File System (EFS).

The Encrypted File System includes recovery capabilities, a feature that
will delight administrators and infuriate privacy advocates.  Any time a
crypto system is recoverable, the possibility exists that an unauthorized
person can decrypt data.  An analysis of EFS key recovery by security
analysts is ongoing; so far all parties agree that it is critical to store
the recovery key securely and maintain physical security to ensure that
the recovery capability is not compromised and data is not exposed.

* Public-key infrastructure. PKI will be an integral part of Windows 2000.
Several standards are incorporated into the operating system to enable
Windows 2000 to function as a PKI, including a certificate authority, the
LDAP-enabled Active Directory, a key management system, and other related
components.  It remains to be seen what the impact will be on the
third-party PKI industry; it is likely that Microsoft's own PKI solution
will be sufficient on the low end and midrange.

* Extensive Testing.  Windows 2000 has had an extensive development and
test period.  The first beta appeared in September of 1997, and Beta 2,
which had most of the final features in place, shipped in August of 1998.
Beta 3 shipped in May and Release Candidate 2 shipped in September to over
650,000 subscribers.  Microsoft also took a new step in its development
process by opening Windows 2000 to a hacker challenge.  Launched in August
of this year, the Microsoft Windows 2000 Beta Internet Test Site has
apparently withstood most attacks.

Microsoft has stated that the challenge has pointed out some denial of
service problems related to TCP SYN and fragmentation attacks, but if
someone has found a major hole in this test, they have not come forward.
Now as any security expert can tell you, a test like this cannot prove
security, only insecurity.  It is also no indication that the
configuration used is the default for Windows 2000, or something that can
be easily duplicated by systems administrators.  Still, it is a positive
that Microsoft has had enough confidence to hold a hacker challenge and at
least found a few issues worthy of fixing.  If nothing else, you cannot
accuse Microsoft of rushing to get this product out - it has been a long
time coming.

The major security questions we have with Windows 2000 do not concern
whether or not Microsoft is trying to do the right thing - they clearly
are, and the security feature enhancements we have mentioned are welcome.
The question is: Can any single company's testing and quality assurance
process deliver 30 million lines of code without significant security
vulnerabilities?

A lot of new concepts are introduced in this release, chief among them the
Active Directory.  Although based upon the standard Lightweight Directory
Access Protocol, the LDAP standard does not specify a security model,
which has been left up to Microsoft to invent.  Microsoft clearly has
placed more emphasis upon security in this operating system than any of
its predecessors.  If the Windows 2000 release is followed by a relative
minor spate of security bugs, it will prove that the heightened emphasis
on security can translate into a successful and secure operating system.
If Windows 2000 proves to have an unreasonable number of security
vulnerabilities, it could prove to be the end of major milestone releases
of operating systems in favor of more conservative, iterative operating
system upgrades.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FOR RELATED LINKS -- Click here for Network World's home page:
http://www.nwfusion.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Windows 2000: Holy grail or fool's crusade?, Windows TechEdge, 06/04/99
http://www.windowstechedge.com/wte/wte-1999-06/wte-06-beta3.html

Hacker test/challenge:
http://www.windows2000test.com/

Windows 2000 Web site:
http://microsoft.com/windows/server/

Archive of Network World Fusion Focus on Security newsletters:
http://www.nwfusion.com/newsletters/sec/

Other security-related articles from Network World:

Bid to allow 'Net wiretaps draws fire, Network World, 10/25/99
http://www.nwfusion.com/news/1999/1025wiretap.html

ClickNet develops hacker detection product, Network World, 10/25/99
http://www.nwfusion.com/archive/1999/78821_10-25-1999.html

About the author
----------------
Tim Greene is a senior editor at Network World, covering virtual private
networking gear, remote access, core switching and local phone
companies. You can reach him at tgreene () nww com.

~~~~~~~~~~~~~~~~~~~This newsletter sponsored by IPivot~~~~~~~~~~~~~~~~~

How fast is your site in secure mode?
If you answered, 'not very', you need one of our Commerce Accelerators.
IPivot, an Intel Company, will help your site run up to 50 times
faster throughout your customer's entire secure transaction.
http://www3.nwfusion.com/click;678689;0;0;2;0;?http://nww1.com/go/678689.ht
m
l

VPN Solutions
-------------
You are trying to figure out the best VPN solution for your
organization.  And you need to make the right choice because the wrong
one could lead to unexpected network costs, time-consuming deployment
issues and performance degradation.  Participate in a free, one-hour
virtual seminar, "Not Sure Which Way to Go? Choosing the Right VPN
Solution". Sit back, relax and learn practical recommendations on VPN
implementation.  Produced by Network World and Altiga Networks. Find
complete content and registration information at
http://www3.nwfusion.com/click;667971;0;0;2;0;?http://nww1.com/go/667971.ht
m
l

Questions or comments?
----------------------
* For editorial comments, write Charley Spektor,
Managing Editor at: cspektor () nww com
* For advertising information, write Jamie Kalbach,
Account Executive at: jkalbach () nww com
* For all other inquiries, write Christine Rhoder,
Circulation Marketing Manager at: crhoder () nww com

Subscription Services
---------------------
You can subscribe or unsubscribe to any of your e-mail newsletters by
updating your form at: http://www.nwfusion.com/focus/subscription.html

For subscription changes that cannot be handled via the web, please send
an email to our customer service dept: listnews () gaeta itwpub1 com

Network World Fusion is part of IDG.net, the IDG Online Network.
IT All Starts Here: http://www.idg.net

Copyright Network World, Inc., 1999



----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.

ISN is sponsored by Security-Focus.COM