NT model

When Windows NT was developed the designers ensured that security features
were built in unlike when for example when MS Dos was developed. By default NT
has a minimum-security standard as developers assumed that the average user
would not want a highly secured operating system. As a result, administrators
must configure or ‘harden’ the security levels to meet the users
requirements. There are three levels :

1) Minimum – no/few security features are used, however the spreading of
viruses should still be taken into consideration

2) Standard – most machines store some sort of sensitive information, which
is where the use of log-ons, passwords etc apply

3) High-level - used when highly sensitive data is involved, where there is a
risk of theft etc

Authentication an important area of security in relation to access controls,
both to the system itself and to particular applications. NT allows the creation
of accounts, which can be assembled into separate sections of e.g. users and
administration. Both are set with separate privileges depending on the User ID
and the password the user enters. The permission controls are based on security
Ids found in a security access token which determines the users privileges.
However in highly secured systems fingerprints can be used for authentication.
Also, the built – in Guest account can restrict entry for casual users.

As well as tracking the users access controls, NT also manages the
applications access controls by using a subject. These can be divided into two
classes, a simple subject and a server subject. With regards to the simple
subject, depending on the users access token, it will be allocated a security
context. While the server subject is implemented as a protected server which
uses the security context of the client when acting on behalf of the client.

There are two file systems available for NT, these include the FAT (File
Allocation Table) system and the NTFS. However, the FAT system provides very
little security as it was developed primarily with DOS in mind. In contrast NTFS
was created specifically for Windows NT. It is fast, allows longer file names
and is backward compatible with DOS programs. In order to facilitate the
integrity of data at the hardware level, NT has a ‘built-in fault tolerance’.
NTFS creates fault-tolerant disk subsystems in different ways. One of which is
called disk mirroring, whereby two partitions are required on two different
disks, both using a single hard disk controller. Every directory/file is copied
from one disk to the next, ‘mirroring’ the data. The benefit of this is when
one disk fails the next can take over and successfully act as a replacement for
the failed disk.

A recent addition to the NT security aspect in relation to the Internet is
the introduction of WebEnforcer. It works in conjunction with HP, and is
supposed to enforce security issues and correct recognised security holes found
in NT Web servers. HP claims that WebEnforcer "resets configuration
settings if they have been changed (either maliciously or by installing other

NT is suitable for all areas of business and personal use as its security can
be configured to the users needs. Security issues are especially important to
businesses, which is why new security software such as WebEnforcer already
mentioned, is constantly being developed to keep up with demand. NT provides a
large number of security features to prevent unauthorised access etc., yet as
well as a secure operating system, the external environment also needs to be
taken into consideration.


[1] www.ntnews.com .


www.ntsecurity.net .

www.ntnews.com .

www.microsoft.com .

Operating System Security Notes

Category: Technology