/os/ - Online Security

News, techniques and methods for computer network security.


New Reply on thread #1147
X
Max 20 files0 B total
[New Reply]

[Index] [Catalog] [Banners] [Logs]
Posting mode: Reply [Return]


WINDOWS NT Security Thread

It turns out that MS Windows NT has an 80% market share in the Desktop Operating Systems Market (whatever that is...)  So in all likelihood, if you work a job anywhere, you will be forced to sit down and work on one of these machines running this well known gem of an operating system. You probably won't have administrator rights, but that's OK, we'll make do.

In reality there is no Windows security but in this thread we will try to make life a little bit better even if it is just for a placebo effect.  Also Windows hackers come and show us how you hack us up real good, and help our poor unprivileged users gain administrator rights without a password, so that they can install Mahjong.  Windows Advanced Firewall, Registry Editing, Browsers, etc.  Post all the tips and tricks to make Windows NT better than ever.
> gem

huh?

> help our poor unprivileged users gain administrator rights without a password

Quick and dirty hack with backing up and replacing utilman.exe with cmd.exe from anything able to access NTFS without breaking it too much would work well (will give you SYSTEM-privileged command line prompt). But at this point you probably should just use GNU/Linux.

 >>/1150/

I uploaded a Blue Screen of Death as the the photo for the thread but it didn't upload with the thread...I'm not sure why that is happening.  I put a unique files filter on the board but that might be comparing it to a global (board wide) database. I might disable that setting. 

The original text read "Turd" but then I read it back and said "That's harsh" and changed it to gem (satire to go with the Blue Screen picture that didn't upload). As for the operating system itself, it works...its semi stable... many people use it.  

It's proprietary and Closed source, and the company are known NSA collaborators.  So it's probably not a good Idea to run this OS anywhere at all.  That said I'm going to make a board for MacOS security later as well, when I setup a Mac OS 10.7 Computer to play around with, I also don't trust MacOS but I'm approaching it from the same philosophy.

I had a very negative experience with using Windows 7 from 2009-2011, when I quit windows due to heavy invasive spying and related harassment.  Which is why I full time switched to Linux.   I don't recommend Windows at all.  But it's everywhere and if you've got lemons make lemonade... I still have to do some things on windows for school... it's sad but true.  

So my thinking is, we might as well try to increase the number of people using Tor and firewalling their computers, locking down processes, you can do some of that on Windows, so that at least if people start thinking about security, it it will be easier to transition in the future.  Also GnuWin32 and Cygwin are worth mentioning and describing their use and setup.

I certainly don't recommend using windows for anything security sensitive, at all.  This thread is more for people to bring them up to power user level, and to help me to learn how  how to become a "power user" on Windows and to see what we can do to "lock down" Windows.  This thread might be better suited for >>>/h4x0r/.  We'll see where it goes.

 >>/1151/

Also this thread can include information for securing and running ReactOS, which might suit some people's needs as well. I'll set up threads for other operating systems and how to set them up (IllumOS, DOS, etc) , as I bring them online to test a play around with.  This will happen over summer, I'm jam packed with school stuff until spring. 

Again such boards might go better in >>>/h4x0r/.  I'll think about the best way to present the info.  Again the focus will be on tip sharing for poweruser stuff (scripting, settings etc) and security (Crypto, filesystems, firewalls, etc) and network communications on each of the operating systems.

Preventing Windows 10 and untrusted software from having full access to the internet using OpenBSD

https://www.ibm.com/developerworks/community/blogs/karsten/entry/Preventing_Windows_10_and_untrusted_software_from_having_full_access_to_the_internet?lang=en

Whilst setting up one of my development laptops to port some software to Windows I noticed Windows 10 doing crazy things like installing or updating apps and games by default after initial setup. The one I noticed in particular was Candy Crush Soda Saga which for those who don’t know of it is some cheesy little puzzle game originally for consumer devices. I honestly did not want software like this near to a development machine. It has also been reported that Windows 10 now also updates core system software without notifying the user. Surely this destroys any vaguely deterministic behaviour, in my opinion making Windows 10 by default almost useless for development testbeds. Deciding instead to start from scratch but this time to set the inbuilt Windows Firewall to be very restrictive and only allow a few select programs to communicate. In this case all I really needed to be online was Firefox, Subversion and Putty. To my amusement (and astonishment) I found out that the Windows firewall could be modified to give access very easily by programs during installation (usually because this task needs to be done with admin privileges). It also seems that Windows store Apps can change the windows firewall settings at any point. One way to get around this issue could be to install a 3rd party firewall that most software will not have knowledge about and thus not attempt to break through. However the only decent firewall I have used was Sygate Pro which unfortunately is no longer supported by recent operating systems....

thumbnail of BitLocker.png
thumbnail of BitLocker.png
BitLocker png
(8.42 KB, 355x255)
Drive Encryption
BitLocker
I'm currently encrypting my 2TB files drive on D:\ and my 500GB C:\ Drive on windows 10 using Bitlocker.  This is for if you have to work from home with "Sensitive Documents" or files from work, or if you travel with a laptop that must have windows 10 due to applications needs or other factors.  If you encrypt your device, the damage from theft or loss is much smaller than if left unencrypted.  I will post some links to show how to enable Bitlocker without a "Trusted Platform Module" hardware unit.  You will use a password.  Select a strong password using passgen with around 20-40 characters and write it down and store it in a safe until you can memorize the sequence.   Bear in mind that nothing that you do on windows 7,8,10 etc is private.  Use this only for work files and documents that you need to protect from physical interdiction, theft or accidental loss that you must use with or in conjunction with Windows or Windows applications. 

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview

https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption

thumbnail of outbound_rules_with_bullshit_disabled.png
thumbnail of outbound_rules_with_bullshit_disabled.png
outbound_rules_with_b... png
(67.98 KB, 1047x784)
thumbnail of windows_defender_firewall_default_policy.png
thumbnail of windows_defender_firewall_default_policy.png
windows_defender_fire... png
(63.95 KB, 1047x784)
thumbnail of outbound_rules_bullshit_deleted.png
thumbnail of outbound_rules_bullshit_deleted.png
outbound_rules_bullsh... png
(44.75 KB, 1047x784)
Windows Defender Firewall

Go to the search tab and type firewall. Select windows defender firewall.  Click on advanced settings.  Block all incoming and outgoing traffic by default. Then wipe out all of the policies or click disable, better to click delete and remove them.  Then add the policies that you need.  Lock them down by application if need be. Play around with the detailed rules and use filters for programs, ports and ip addresses to get the desired effects for your network applications to work. Adding new programs magically changes your firewall settings, but go back and fix them after each new application install. Wipe out and delete all inbound rules.  If you need to let inbound come in, then you should know enough about the application to configure it. 
Block everything and only let out/in what you need to go out/in, specific programs, ports and ip addresses.

Windows Subsystem for Linux

Installation guide:

https://docs.microsoft.com/en-us/windows/wsl/install-win10

I installed Debian, seems to work well for some applications.  I'll import endware and test some fo the tools out.  If you install debian you can install a windowing server Xming or CygwinX 

http://www.straightrunning.com/XmingNotes/

https://sourceforge.net/projects/xming/

Then you can install programs that work in Xorg server and call them from the command line and they'll pop up in windows on the desktop.  

Bear in mind all of this is for convenience while you work on Windows, you can also access Linux tools in the shell and some GUI programs as well. Alternatively try Cygwin and CygwinX:

https://www.cygwin.com/

https://x.cygwin.com/


thumbnail of Local_Security_Policy.png
thumbnail of Local_Security_Policy.png
Local_Security_Policy png
(97.25 KB, 1506x936)
Local Security Policy

There are firewall settings that don't change when new programs modify windows advanced firewall.  These rules sit beneath and supersede the main windows advanced firewall rules.  

Type here to search-> "Local Security Policy" -> Click Local Security Policy.

There is a folder Windows Defender Firewall, with the same layout.  Put your rules in here and they won't change, and they override the other rules.

I have also found out that these rules can be scripted by the command netsh, so I might make something later on.



Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


10 replies | 7 file
New Reply on thread #1147
Max 20 files0 B total