From stevep@pcsec.demon.co.uk Thu May 23 03:26:58 1996 Received: from relay-4.mail.demon.net (relay-4.mail.demon.net [158.152.1.108]) by suburbia.net (8.7.4/Proff-950810) with SMTP id DAA31535 for ; Thu, 23 May 1996 03:24:40 +1000 Received: from post.demon.co.uk ([158.152.1.72]) by relay-4.mail.demon.net id bw06490; 22 May 96 16:55 GMT Received: from pcsec.demon.co.uk ([158.152.126.225]) by relay-3.mail.demon.net id aa13929; 22 May 96 17:05 +0100 Date: Wed, 22 May 1996 16:50:37 GMT From: Steve Phillippo Reply-To: stevep@pcsec.demon.co.uk Message-Id: <788@pcsec.demon.co.uk> To: best-of-security@suburbia.net Subject: Windows 95 Security X-Mailer: FIMail V0.9d X-User: PC Security Ltd X-User: WEB Site http://www.usa.net/pcsl/ X-User: Tel. +44 1628 890390 Lines: 157 In your message dated Tuesday 16, April 1996 you wrote : > Does anyone know of a checklist for Windows 95 security vulnerabilities? If so, > where might I find it? > > Thanks, > > Todd A. Hudspeth Todd, I have a PowerPoint presentation on Win95 weaknesses. I think it will loose alot by putting it here without the graphics. I will fax you a full copy if you like. Windows 95 Security Features by Steve Phillippo Framework for Security Product Analysis Identification and Authentication Access Controls Auditing Integrity Security Management Tools Assurance Level Security Feature in Windows 3.1 Screen Blanker No Logon Screen Blanker did not function in full screen DOS sessions Reboot to gain access to the PC! Security Features in WFWG Logon Screen for Networking and Password Cache FAX Security using RSA if compatible FAX machine used. Password Caching i.e. SSO to Microsoft Applications Users can share resources via a share password New Security Features in Win95 Single Point of Authentication? Single Point of Password Change? PassThru Security. Users can share resources via Netware or NT group membership Personal User Desktops Require Validation by Network Option Restrict a PC to only run authorised applications. Looks good? Lets take a more detailed look Single Point of Authentication? Logon Screen now supports non-MS Networks Support for Novell (Bindery and NDS?) Support for other major networks You can access the system without a password, or add yourself as a user to the PC Single Point of Password Change? Lets try and change our Netware password! Users can share resources via Netware or NT group membership No administration, USERs decide what to share. Full access is gained if you logon at the PC, access only restricted Peer-to-Peer Access control mechanism not robust Personal User Desktops More of a usability feature than a security feature, as users CAN access programs not on their desktop. Basic controls exist to try and stop users running applications not on the desktop. Require Validation by Network Option This feature forces a network logon prior to allowing access to Windows. However you can get round this just by removing the network cable, or the usual boot from floppy! Restrict a PC to only run authorised applications An un-manageable feature, which protects programs not data. If allow access to DOS prompt, all DOS programs run. Can rename programs to bypass protection using the standard desktop. Windows 95 Identification and Authentication Weak Access Controls Remote Only Auditing None Integrity Poor Security Management Tools Poor - DIY Assurance Level None Leading Brand X Identification and Authentication Medium/Strong Access Controls Good Auditing Yes Integrity Good Security Management Tools SCenSOS & FM Assurance Level ITSEC E3 What's Missing from Win95 No Robust User Authentication Can cancel out of logon, or add yourself What's Missing from Win95 No Robust User Authentication No support for tokens etc. No Workstation Controls No Boot Protection Can access all data by booting from floppy No File Encryption No Auditing. Connectivity Features of Win95 Increase Risk The Microsoft Network Direct Cable Connection Internet Dial Up Networking If Resources are Shared in Win95 they could be Shared to the Whole World! How Can I Plug The Security Holes? Using a specialist PC Security product such as Stoplock V CAUTION: Old DOS/Windows security products will require updating for Windows 95!! Information at Your Fingertips It Certainly is in Windows 95! Where do you want to go Today? Go where you like, as Windows 95 is unlikely to stop you. Inside Windows 95 Quote - MS-Press The design of the FAT filesystem alone means that a Windows 95 machine is probably insecure--at least not up to the level of security required by the stringent government specifications that Windows NT complies with. Infact presentations of the Windows 95 network security feature usually include some form of this statement: if you want something thats small, fast and easy to use, we have it; if you want something thats bulletproof, use Windows NT. But I would say that was debateable too! -- Steve Phillippo PC Security Ltd Tel: +44 1628 890390 US WEB Site: http://www.usa.net/pcsl/