Computerworld logo

newsresourcescareersCW, Inc.

(Computerworld 08/10/98)

Users drum fingers for NT security
Sharon Gaudin and Laura DiDio

Though microsoft corp. promises its Windows NT users greatly improved security in Version 5.0, corporate information systems managers and developers are frustrated at the wait ahead of them.

Not to mention the potential security breaches they face in the meantime.

Microsoft's security gurus have started to show off their new Kerberos security technology, which was designed to make it easier to give authorized users access to information and to lock down critical information for safekeeping. But though the technology sounds good, users know they won't get their hands on it until NT 5.0 arrives. Microsoft won't put a date on that, though users and analysts expect it anytime from mid-1999 to sometime in 2000.

Neil MacDonald, an analyst at Gartner Group, Inc. in Stamford, Conn., recently wrote a report called "NT Security: When Good Enough Is Not Enough." In it, he wrote that NT security will be insufficient until the domain architecture and the NT LAN Manager (NTLM) have been replaced in Version 5.0. Users should hold off adoption until the new version has proved stable -- and that might not be until mid-2000.

MacDonald added that users will have to rely on supplemental security tools and utilities, which further increase the time and expense involved in constructing a secure NT network.


At the recent Black Hat '98 security conference in Las Vegas, many security administrators came face-to-face with current and former hackers who described the latest methods of attacking NT. It didn't help that Microsoft security officials Karan Khanna and Paul Leach, who presented a session on forthcoming enhancements to the NTLM protocol, couldn't say just when users would actually see those enhancements.

Users and security experts at Black Hat noted that they can't secure their networks with promises -- especially with the growing popularity of Windows NT making it a favorite target of hackers, according to Mark Fabro, director of risk assessment at Secure Computing, Inc. in San Jose, Calif., which sponsored the Black Hat briefings.

Steven Morrison, network administrator at Jones & Associates, an institutional investment firm in Los Angeles, was left unsettled by all of the new ways to hack NT.

"I was surprised at the level of expertise I saw here and all the new hacks," Morrison said while at Black Hat. "It makes me question just how secure our networks are. I'm not too worried about amateurs, but someone with the knowledge and resources could hack into just about anything, including NT, no matter how secure I make it."

But Khanna said help is on the way. He said NT 5.0 will give users delegation authentication, allowing them to retrieve information off a company server even if they can't directly access it to show their identifying token. Now, it is difficult to enable a user to ask one server to retrieve information off a second server or to ask someone else on the system to get it.

NT 5.0 is also touted for Transitive Trust, a security feature that lets users who have been given a certain security clearance offer the same clearance to others.

So if corporate headquarters trusts a branch office and that branch office trusts another branch, security trust is extended to that second office.

"It makes management easier. There's nothing that Transitive Trust enables that you can't do today, but you have all these extra steps to handle without Transitive Trust,'' Khanna said. "It can become quite unwieldy if you do it all on your own."


Contact Us |  Search |  Site Map | Subscribe

Copyright © 1998 Computerworld, Inc. All rights reserved. Legal notices and trademark attributions