| Vulnerability Categories |
Number of Vulnerabilities Detected |
| Denial of Service
NVSS™ measures over 80
Denial of Service
vulnerabilities
|
A denial of service (DoS) attack is an attack in which one
user takes up so much of a shared resource that none of the resource is
left for other users. There are many programs that can cause a denial
of service on Windows NT™ and Windows 2000™. NVSS detects programs
such as rollback, cpuhog, winnuke, bonk, land, and teardrop that could
disrupt productivity and operations of anyone on a host or network. NVSS
also looks for service packs and hotfixes which may prevent 100 percent
CPU utilization through telnet attacks to certain ports. NVSS does not
use any DOS program like some competitors that might bring down a system.
NVSS does not cause any denial of service, nor leave any agent on a machine. |
| Patches
NVSS measures over 60
Patches for installation
|
Windows NT™ and Windows 2000™ require many patches,
service packs, and hotfixes that contain security fixes. Without the latest
patches, there could be denial of service attacks or granting of administrative
privileges. NVSS can detect Windows NT and Windows 2000 patches, service
packs, and hotfixes and determine if they are the latest releases. NVSS
can also detect older hotfixes and the order of hotfixes installed. An
older hotfix or hotfix out of order may not fix more recent vulnerabilities
and give a false sense of security. Unlike other competitor products,
NVSS not only tells you that you need a patch or hotfix, but what order
they must be applied. |
| Registry
NVSS measures over 70
Registry vulnerabilities
|
The Windows NT/Windows 2000 Registry is a unified database that stores
configuration data for the operating system. The operating system stores
critical operating information in the Registry. The Registry must be
protected from network users who could change its contents in malicious
ways, such as adding Trojan Horses. Many Registry settings have incorrect
permissions that would allow users to gain unauthorized Administrator
access. NVSS checks over 100 Registry keys for correct permissions and
can fix these keys for the proper permissions. Registry keys such as
Winlogon, Winreg, Services, Schedule, Run, RunOnce, Perflib, and others
are checked by NVSS. Other competitors may indicate a poorly configured
Registry. NVSS actually tells you what Registry key is affected, the
exact path to that registry key, and provides an automatic fix or undo
capability to the NVSS fix. A manual solution is also available with
no errors in navigating to the right registry key.
|
| Passwords
NVSS measures 20
Password vulnerabilities
And has its own password
cracker
|
Good password security is the first line of defense against
system abuse. Password policies protect the network from hacker attacks
and define the responsibility of users who have been given access to the
host or network. NVSS looks at the password values of the account policy
and recommends maximum password age, minimum password age, minimum password
length, and password uniqueness. The Windows NT/Windows 2000 account password
information is stored in the Security Accounts Manager (SAM) and NVSS
can determine if this file and registry is strongly protected or not. |
| Trojan Horses
NVSS measures over 10 possible
Trojan Horses
|
A Trojan Horse may appear to be another program, but when
executed, may cause damage or be used for information gathering or a back
door into the system. For example, Trojanized Dynamic Link Libraries (DLLs)
could capture passwords and allow Administrative access to all hosts and
networks. NVSS looks for trojanized DLLs and reports them as vulnerabilities.
NVSS also looks for known backdoor Trojan Horse programs such as BackOrifice
2000 and helps delete infected files. NVSS stays current on known Trojan
Horses and viruses that may affect Windows NT. |
| User Rights
NVSS measures 23
User Rights vulnerabilities
|
User rights define what users can do on the servers and
workstations of a Windows NT, or Windows 2000 network. NVSS checks all
user rights and determines if these rights are normally granted to users
or not. Misconfigured rights could lead to unauthorized access. Rights
such as managing auditing and the security log, creating a token object,
creating permanent shared objects, pagefile rights, changing the system
time, generating security audits, increasing scheduling priority, increasing
quotas, profiling a single process, locking pages in memory, creating
a pagefile, and adding a workstation to a domain, are all examined by
NVSS for proper users. |
| Services
NVSS measures 12
Services vulnerabilities
|
Services are installed either during the Windows NT™
or Windows 2000™ setup process or when you install components. Managing
services is critical in secure environments. Some services shipped with
Windows NT and Windows 2000 are very difficult to secure properly. For
example, allowing an unsecured FTP service could mean that unauthorized
users can copy files from or to the machine. Some services, such as RAS,
could bypass a firewall and breach security. Other services, such as the
Alerter service, are unnecessary risks which may be used by unauthorized
users to gain information such as passwords. NVSS checks many services
for vulnerabilities and can disable these services. |
| Logon
NVSS measures 5
Logon vulnerabilities
|
Automatic logon could undermine Windows NT and Windows 2000
security. An attacker could access the host as a default user with a default
password. NVSS checks to see if AutoAdminLogon exists and can disable
this feature. NVSS also looks for ways to logon remotely and reports this
as a vulnerability. |
| Access
NVSS measures 5
Access vulnerabilities
|
A computer is more secure if you can prevent unauthorized
access. For example, if certain files are not deleted after installation,
this could lead to unauthorized access. Unnecessary accounts could lead
to unauthorized users having access to a host or computer. NVSS looks
for files and accounts that could lead to unauthorized access. |
| Boot
NVSS measures 5
Boot vulnerabilities
|
Allowing a dual bootable system leaves Windows NT and Windows
2000 very unsecured. If Windows NT, or Windows 2000 is partitioned with
a FAT file system, anyone with access to the computer can change file
permissions and attributes. If the floppy drive is bootable, a Linux boot
disk can be used to bypass the file system security. NVSS can detect a
FAT partition, indicating a serious vulnerability. It can also detect
if a floppy drive or CD drive is allocated for remote use. |
| Administrator
NVSS measures 2
Administrator vulnerabilities
|
The default Administrator account is a well known target
name. It cannot be locked out by repeated login attempts and is vulnerable
to a brute force password attack. NVSS looks for the account called “Administrator”
and provides an option to rename this account. Accounts may also have
Administrator privileges. Intruders have been known to create such an
account as a backdoor into the system. NVSS looks for unnecessary accounts
that have Administrative status. |
| Auditing
NVSS measures 10
Auditing vulnerabilities
|
Auditing systems are designed to track the activities of
users. When an auditing system is enabled, processes and activities are
logged to files for later review. This leaves a trail that administrators
can follow to determine if the user is engaged in unauthorized activity.
NVSS determines if auditing is turned on. Events such as logon and logoff,
file and object access, use of user rights, user and group management,
security policy changes, restart, and shutdown, should be audited. NVSS
checks to see if the audit logs such as the Applications events log, Security
events log, and System events log are protected. |
| Applications
NVSS measures over 10
Applications vulnerabilities
|
Adding applications to a system with Windows NT, or Windows
2000 may cause other vulnerabilities. Applications could lead to a buffer
overflow exploit which could potentially be used to gain unauthorized
access. Certain 16-bit applications could crash other applications. NVSS
checks for the latest service packs and hotfixes which prevent many application
vulnerabilities. Unlike other competitor products, NVSS tests Windows
NT for Service Pack 4 and 5 and their hotfixes, and knows what applications
may not work properly with these latest additions |
| Account Lockout
NVSS measures 2
Account Lockout vulnerabilities
|
Not locking out failed login attempts makes Windows NT and
Windows 2000 vulnerable to password guessing. The Windows NT/Windows 2000
Account lockout feature prevents brute-force password cracking on your
system. NVSS tests all user accounts to determine if account lockout is
enabled. NVSS also tests for patches that provide account lockout logs
to the Administrator. |
| Guest
NVSS measures 2
Guest vulnerabilities
|
The Guest account allows people to access a Windows NT,
or Windows 2000 computer without logging in to a specific user account.
A Guest account is installed by default and it cannot be removed. This
account typically has too much access as it is a member of the Everyone
group. Guests may gain system access. NVSS can determine if the Guest
account is enabled and disable it. |
| Backup
NVSS measures 3
Backup vulnerabilities
|
Backup data is necessary to protect from corruption or loss.
No backups means no protection from failures, viruses, and maliciousness.
Backup logs with wrong timestamps may lead to inaccurate restoration of
files and critical information. NVSS looks for early versions of Windows
NT and Windows 2000 that did not provide correct backup timestamps. It
also looks for early versions where Windows NT and Windows 2000 fail to
back up when running certain applications. |
| Information Gathering
NVSS measures over a dozen
Information Gathering
Vulnerabilities and tools
|
There are many programs and tools and methods used for information
gathering. Unauthorized users could obtain complete user listings and
gather sensitive information about a host or network. NVSS checks for
programs and tools used in information gathering. NVSS is more sensitive
than other competitor products on what hacker/cracker tools are available
for information gathering. |
| C2 Compliance
NVSS measures 6
C2 Compliance Vulnerabilities
|
C2 compliance relates to stand-alone system security, but
it can be used to evaluate the strength of a system. NVSS checks for C2
compliance such as no dual boot, OS/2 or POSIX subsystems, NTFS rather
than FAT, security logs, and disabled Guest account. NVSS knows about
the stringent security requirements of government computers, and measures
those vulnerabilities. |
| Banner Information
NVSS measures 2
Banner Information warnings
|
Windows NT and Windows 2000 provide a way to display a legal
notice banner upon logon, which is blank by default. Without a legal notice
banner, users may feel that they can freely browse the network and access
files without restriction. NVSS provides a warning if there is no legal
notice banner information. |
| Web Browsers
NVSS measures over 30
Web Browser vulnerabilities
|
Web browsers such as Internet Explorer™ and Netscape
Navigator™ have many vulnerabilities. An intruder can use a web browser
connected to the Internet to cause denial of service or gain administrative
privileges. NVSS examines the installed web browser and can determine
the vulnerabilities based on the browser version and if any patches have
been installed. With NVSS, you can be sure your browser has been tested
for the latest vulnerabilities and recommended solutions are available
to you. |
| IIS
NVSS measures over
15 IIS vulnerabilities
|
Windows NT and Windows 2000 server include the Microsoft
Internet Information Server (IIS) web server. There are many vulnerabilities
associated with this server. Scripts running under the wrong security
context may result in incorrect file access which may lead to Administrator
access. NVSS checks for vulnerabilities in all versions of IIS. |
