Monday, December 10, 2007

Client Security

We always think to secure our servers but security on the client machines is always overlooked simply because there are so many of teaming it is difficult to completely secure them. Whereas client machines are the one which are more prone to security risk. There is no physical security for the client machines. Client machines are used to connect to internet from a Cafe, on Airports, using public wireless etc which makes it more easier for aan attacker to break into it. Some of the following loop holes which are overlooked are: 1. Removable Storage on the client machines. Organizations have always planned to lock down removable media, a key means of introducingunwanted software into the environment and for removing confidential information from theenvironment.Because most removable media support only the FAT, FAT32, or CDFS file systems, none of which support security permissions. Thus,removable media not only represents an opportunity to introduce unwanted software and to removeconfidential data but also ensures that any data removed from the environment will be completelyunsecured. Although some removable media offers security options such as encryption, there is nocentralized means of enforcing the use of such features, making it less likely that users will do so. 2. Maintaining the Local Administrator accountClient machines often contain sensitive data, but their adenine accounts are so rarely maintained that the computer becomes a more likely target for an attacker Local Administrator password on the client machines should be changed more frequently. You can use a VBScript to change the password on multiple machines. Set objFSO = CreateObject("Scripting.FileSystemObject")Set objComp = objFSO.OpenTextFile("C:\ClientMachines.txt")Do Until objComp.AtEndOfStreamsComputer = objComp.ReadLineSet objUser = GetObject("WinNT://" & sComputer & "/Administrator, user") objUser.SetPassword "password"objUser.SetInfoLoopobjComp.Close3. NTFS permissions on the client machines.Consistent file permissions are crucial to enterprise security.Windows security templates can be used to create a consistent NTFS permissions structure on client machines.4. Services running on client machines. By disabling services that you are not utilizing, you will help prevent these services from becoming an attack vector in the future. The services which are not used in your organization should be disabled. 5. Local System PermissionsLocal system permissions is another area which nobody bothers about. Consider Cmd.exe, a file thatis usually located in C:\Windows\System32. The Figure shows the file permissions on Cmd.exe on a Windows XP Professional computer that has been upgraded to SP2. Notice that the SYSTEM account has Full Control. Why would the system itself need to open anew command-line window? I typically remove the SYSTEM account from this and many otherfiles in the file system.Also notice that the Internet Guest Account has permissions to run Cmd.exe. Anonymous usershave the ability to open a command-line window and execute commands. Spend some timeinvestigating the default permissions on the many files and folders lurking around in Windowsand to apply more sensible defaults. Some other files you might want to investigate include:Command.com Tftp.exe Telnet.exe WScript.exe CScript.exe Net.exe ftp://ftp.exe/ All these powerful utilities can create significant havoc if an attackergains access to them. Reduce the likelihood of that happening by removing access from any account that doesn't absolutely need to have it.

No comments: