NT security sucks

Alarmed Windows NT sites are scrambling to assess the implications of a shareware program that cracks NT's file protection mechanism.

Corporate users and security specialists who have downloaded the utility program NTFSDOS from the Internet warn that it compromises NT security.

Its ability to pick the locks on NT's file management system will shock large sites into a more realistic view of NT security, predicts Dr Ian Graham, PC development manager at data security company Eracom.

Dr Graham claims many large sites, including Australia's financial institutions, have put too much trust in NT workstation protection.

The appearance of NTFSDOS may correct that by graphically demonstrating they've enjoyed a false sense of security, he says. The utility is sparking debate on Internet newsgroups and forums dedicated to NT-related issues.

"There's no doubt this is a security hole," says Andrew Grealy, systems consultant and NT specialist at Suncorp, Queensland's largest financial institution.

Suncorp has a major NT investment and Grealy downloaded the NTFSDOS executable for analysis after being alerted to its presence on the Internet.

The security-cracking utility will force IT managers to focus more intensely on the physical security of their NT workstations and servers because the best defence against it is a water-tight security perimeter, he says.

"NTFS was previously considered a secure file system but technically that is no longer true."

The program, readily located by querying Internet search engines such as Alta Vista, is an NTFS network file system redirector for DOS/Windows. Creators Mark Russinovich and Bryce Cogswell describe it as a redirector based on Linux code which is designed to recognise and mount NTFS drives for transparent access.

But inserting a DOS boot disk containing the utility in an NT workstation or server allows NT's mechanism for limiting access to user files to be circumvented.

Files stored under NTFS are protected by a security bit related to the file. Setting the bit causes access requests to be directed to NT's password-enabled user management system.

However, NTFSDOS loaded on to an NT workstation or server via a DOS boot disk permits the security bit to be disregarded and opens all user files in that disk partition to scutiny.

The current version of the utility allows files to be read or copied to another disk which raises obvious concerns about password files.

It does not permit deletions or writing to files nor can the utility see compressed drives. Encrypting files with products such as Eracom's PC Vault will also plug the security hole until NT 4.0 arrives with its promised built-in cryptography.

Microsoft US sources initially labelled suggestions of the security flaw a "malicious rumour" but that description was later discarded -- in the light of user reports about the utility.

Microsoft Australia marketing manager for NT workstations, Peter Moore, says the reports underscore the need to apply basic corporate security precautions to PC networks such as not storing password files in user home directories and preventing unauthorised physical access.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]