United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

"Going native" improves your Windows network security

As I mentioned in a previous Wire post, I spent my first day at Black Hat 2005 learning many techniques to attack and penetrate a Windows network. I thought I'd pass on a tip that should interest any network administrator saddled with legacy Windows machines.

Many intrusion techniques take advantage of security flaws and mis-configurations in services used to support older Windows NT domains and networks. When Microsoft released Windows 2000 with Active Directory, they corrected many of these security flaws. "Cool," you might be saying to yourself, "I use Active Directory in my network, so I must be safe." Unfortunately, these old Windows networking vulnerabilities may still affect your Active Directory (AD) domain.

The Active Directory installation wizard asks whether you'd like to install AD using Mixed Mode or Native mode. Windows 2000 defaults to Mixed mode. Mixed mode supports both Windows NT domain controllers and AD servers on the same network. Unfortunately, Mixed mode also retains all of NT's old vulnerabilities.

When Windows 2000 first came out, most administsrators had to use Mixed mode in order to support the old machines on their networks. You can't just up and replace the operating system on every computer in your network overnight. However, a lot of time has passed since those days. By now, you might have upgraded all your network's machines to Windows 2000, XP or Server 2003. If so, you should take advantage of Active Directory's Native mode. Simply by switching to Native mode, you can protect yourself from many of the Windows network vulnerabilities the FoundStone instuctors covered in their class.

If your NT machines are gone, and you haven't gone native yet, it's time for you to consider doing so. -- Corey Nachreiner

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.