Library Technology Guides

Document Repository

Windows NT Security Information on the Web. Part II: NTSecurity.net (http://www.ntsecurity.net)

Telecommunications Electronic Reviews [June 1999]

.

Copyright (c) 1999 Library Information and Technology Association


In an earlier column (TER, volume 5, issue 5. http:/www.lita.org/ter/ter-5-5.html#winnt) I reviewed Microsoft Corporation's Web site as it relates to security resources for Windows NT. I noted that Microsoft's site abounds with information and resources related to this topic, but suffers from the tendency of Microsoft to put a good face on the security gaps in NT. I found it somewhat troublesome that Microsoft does not acknowledge security problems on their site until a Hotfix or Service Pack is available. A thorough network administrator cannot rely only on Microsoft's Web site, but should be familiar with other resources that specialize in NT Security. In an effort to balance the limitations of Microsoft's own Web site for NT security issues, I surfed about for other sites dedicated to this topic.

In this column, I'll review a Web site called NTSecurity.Net (http://www.ntsecurity.net/), also known as the NT Shop (http://www.ntshop.net/). Both URLs point to the same server. This site often comes up at the top of the heap when using one of the major search engines for "NT Security." Although there are not explicit statements of authorship or ownership of this site, much of the content has been created or gathered by Mark Joseph Edwards. The footers of each page note Copyright ownership by "M.E." The site shows considerable corporate sponsorship, with a large variety of banner advertisements. In addition to the adds of products related to NT security products, there are also banner adds for "The Government of Tibet in Exile," linking to a lengthy article on human rights issues in China. This political issue gains even more attention under a section titled "Hack Attacks" through an article "Chinese Society Hacked." The article focuses much more attention on an anti-China rhetoric than on the actual security attack mentioned in the title.

One of the primary resources on NTSecurity is a directory of Security Tools. This directory contains brief descriptions for a number of important applications and utilities, though it is not at all comprehensive. Several of the categories defined have no entries. For example, there is a heading for "Backup and Archival Systems" with no products listed. This is a particularly egregious omission considering the importance of having a sound backup system in place for any network and the availability of several major commercial products in this genre. In general, the products for the site's advertisers are well represented, while coverage for others is spotty.

The site includes a resource listing known security risks in the NT environment. In this section, extensive information is given on particular applications, viruses, Trojans, and the methods and techniques that can used to attack a server or network. A typical page in this section would describe the problem, give some background on the issue, include a program that demonstrates the exploit, and describe what needs to be done to secure a system from this type of attack. Such an approach emphasizes the need to stay ahead in the cat-and-mouse security game. These demonstration programs, in the wrong hands, can be used to assail an unprotected system.

The top-level menu bar includes a category called "Risks", where one can view the documented security issues either by category or in reverse chronological order. At first take, it appears that this section is unforgivably out of date. The latest entry when listed by reverse chronological order when I reviewed the site in May 1999 was from September 1998--showing a lapse of almost nine months. It takes a more thorough investigation of the site to see that a "Recent Discoveries" section is available but not incorporated into these listings. This omission certainly detracts from the usefulness of this section. When one chooses to view the Risks sorted by category, the resulting page first lists some entries sorted in chronological order waiting to be categorized before the category lists themselves display. This section indicated it had been last updated eight months before this review. The non-categorized entries are from the older list of chronological entries, and do not include the items in the "Recent Discoveries." Not only are the last nine months of security problems not included in the security risks by category, neither are the more recent part of the archive. Most of the items that have been placed into the category lists date from 1997. Again, this section suffers from lack of recent attention.

The NTSecurity site includes a Books section, that identifies books that can be purchased from Amazon.com and Fatbrain.com, an online bookstore specializing in technical books. Of the twenty books listed, none carried 1999 imprints, 8 were from 1998, and the remainder were published in 1997 - 1994. A quick search of Amazon.com directly revealed at least three books on this topic published in 1999.

The more that I deal with Windows NT, the more I realize that there is very little free software available for this operating system--particularly related to security. Especially annoying is the lack of any free virus protection software. Don't expect to find any freeware on this site. The software available on this site only includes links to evaluation and demonstration programs of commercial products.

One article on NTSecurity describes the threat of the CIH or Chernobyl virus. Upon careful reading, this article is little more than a press release from Sophos Plc, a company that sells anti-virus software. This article has multiple links to the Sophos Web site where on can download a limited evaluation of their product.

The table of contents bar linked to a document called "IE Security FAQ" that yielded a "404 Not Found" error, an embarrassing mistake.

Other examples of dated information included announcements for conferences that have come and gone, for example the 1999 RSA Data Security Conference, January 17-21, 1999 and The Internet Security Conference, April 19-22, 1999. Both of these conferences had taken place by the time of the review, yet the information in NTSecurity described them as upcoming events. It would have been better, of course, to have seen some summary or wrap-up of information that was given at the conferences.

This site does include a number of useful articles related to NT security. Almost all the content of any real value is linked from the top-level home page, not from the deeper levels of the site. Some of the better pieces are links to articles on Microsoft's Web site, including "Kerberos authentication in Win2K domains" and "Single sign-on in Win2K domains." In a section titled Hands-on Help, the article "What Hotfixes are Most Important to Load" by Mark Edwards was particularly helpful. Also worthwhile are links to product reviews that the site's maintainers have contributed to Windows NT Magazine and InfoWorld.

I began this review with a fairly positive opinion about this site. In the past I had come across this site and found a couple of tidbits that helped me with a particular issue. But as I returned to this site to do a more comprehensive evaluative review, I was generally disappointed. My earlier visits must have been during a period when the site was more active. Now the site seems to be quite out of date with little recent material. Security issues, more than any other topic demand up-to-date information. While there are some recent articles in the "Recent Discoveries" section on the site's front page, little recent information has been incorporated into the rest of the site. I am also concerned with the slant toward the site's advertisers and the lack of information about tools and products from other vendors. NTSecurity's organization and structure seemed cumbersome. It was difficult to discern the relation of the table of contents along the left side of the page to the menu of sections along the top. The two were more contradictory than complementary. A search facility would have made the information in this site much more accessible, but this too was unfortunately lacking.

All-in-all, I found this site not to be nearly as helpful as I expected.

Permalink:  
View Citation
Publication Year:1999
Type of Material:Article
Language English
Published in: Telecommunications Electronic Reviews
Publication Info:Volume 6 Number 4
Issue:June 1999
Publisher:Library Information and Technology Association
Place of Publication:Chicago, IL
Subject: Network security
Microsoft Windows NT
Online access:http://www.lita.org/ter/ter-6-4.html#breeding
ISSN:1075-9972
Record Number:6554
Last Update:2012-12-29 14:06:47
Date Created:0000-00-00 00:00:00