When Windows NT was developed the designers ensured that security features were built in unlike when for example when MS Dos was developed. By default NT has a minimum-security standard as developers assumed that the average user would not want a highly secured operating system. As a result, administrators must configure or harden the security levels to meet the users requirements. There are three levels :
1)Minimum no/few security features are used, however the spreading of viruses should still be taken into consideration
2)Standard most machines store some sort of sensitive information, which is where the use of log-ons, passwords etc apply
3)High-level – used when highly sensitive data is involved, where there is a risk of theft etc
Authentication an important area of security in relation to access controls, both to the system itself and to particular applications. NT allows the creation of accounts, which can be assembled into separate sections of e.g. users and administration. Both are set with separate privileges depending on the User ID and the password the user enters. The permission controls are based on security Ids found in a security access token which determines the users privileges. However in highly secured systems fingerprints can be used for authentication. Also, the built in Guest account can restrict entry for casual users.
As well as tracking the users access controls, NT also manages the applications access controls by using a subject. These can be divided into two classes, a simple subject and a server subject. With regards to the simple subject, depending on the users access token, it will be allocated a security context. While the server subject is implemented as a protected server which uses the security context of the client when acting on behalf of the client.
There are two file systems available for NT, these include the FAT (File Allocation Table) system and the NTFS. However, the FAT system provides very little security as it was developed primarily with DOS in mind. In contrast NTFS was created specifically for Windows NT. It is fast, allows longer file names and is backward compatible with DOS programs. In order to facilitate the integrity of data at the hardware level, NT has a built-in fault tolerance. NTFS creates fault-tolerant disk subsystems in different ways. One of which is called disk mirroring, whereby two partitions are required on two different disks, both using a single hard disk controller. Every directory/file is copied from one disk to the next, mirroring the data. The benefit of this is when one disk fails the next can take over and successfully act as a replacement for the failed disk.
A recent addition to the NT security aspect in relation to the Internet is the introduction of WebEnforcer. It works in conjunction with HP, and is supposed to enforce security issues and correct recognised security holes found in NT Web servers. HP claims that WebEnforcer “resets configuration settings if they have been changed (either maliciously or by installing other software).”1
NT is suitable for all areas of business and personal use as its security can be configured to the users needs. Security issues are especially important to businesses, which is why new security software such as WebEnforcer already mentioned, is constantly being developed to keep up with demand. NT provides a large number of security features to prevent unauthorised access etc., yet as well as a secure operating system, the external environment also needs to be taken into consideration.
1 www.ntnews.com .
Operating System Security Notes