Unhackable: Windows Challenge Network not Penetrated

Windows Security Challenge network 1, hackers 0.

(Seattle, Wash.) After 31 hours and 40,000 attacks, the Windows 2000 network set up and hardened during the MCP TechMentor Summit on Security remained uncompromised. The purpose of the Challenge was to see how secure a Windows network could be made using standard security checklists and best practices, without any special software or steps being taken. Judging by the results, it can be done -- and done well.

Mark Burnett, who monitored the network with the intrusion detection tool Snort, said that on the second day of the Challenge the attacks got more creative. "Everyone eliminated the more basic stuff and did more interesting stuff," Burnett said. "The big lesson is not what we saw but what we didn't see. The fact for most companies is that most attacks are basic. If you follow basic principles," then your network should be able to turn back the majority of attacks, according to Burnett.

In reality, there was one successful attack, but not through the network. Burnett decided to try gaining physical access to the network, in violation of the stated rules. He said he did it to prove a point. "The fact is you can't set rules for hackers. So I thought I'd try a physical attack although we were told not to. The fact is that if you can get physical access to a server, you can get in. I cheated, I broke the trust," Burnett said.

Burnett filled the security guard full of soda, waited until he had to go to the bathroom, and changed the username and password for the administrator account on a server.

Steve Riley, a Microsoft security expert who configured security for the Exchange server on the Windows Challenge network, said the attack should serve as a warning to companies. "The people with the broadest and most thorough access to your company are the lowest-level employees, the security guards and janitors. It's something you're going to have to think about."

Conference chairperson and Microsoft Certified Professional Magazine Contributing Editor Roberta Bragg echoed those sentiments. "Anyone you trust, you should monitor them, audit them. We have to have that in place."

The Windows Challenge had a Web site open to the Internet, and attacks came from all over the world, from as far away as Asia. In the end, though, no electronic attacks were able to penetrate the network. Several speakers commented that the result points to the human factor as the most important one in proper network security. If the administrator is thorough and diligent, most attacks can be stopped. "It's your admin that gets attacked, not the system, not the application," Burnett said.

SQL expert Ted Malone, who hardened the SQL server for the Challenge, agreed. "You're only as strong as your weakest link," he said.

The MCP TechMentor Summit on Security was a three-day conference focused on Windows security topics.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.


comments powered by Disqus

Subscribe on YouTube