Archive for the ‘Windows’ Category

Develop High Security Plan to Protect Windows Database Server

February 26, 2019 Comments off

Prevent Windows registry slashing from intruders to protect your Windows database server.

The Windows registry is a hierarchical database containing data concerning a Windows system’s hardware, software, and application environment. This database also serves as a mid-level interface between each machine’s kernel, device drivers, hardware recognizer, User manager of domains, server manager, and other components and programs. To allow system processes to read and sometimes to update registry values, Windows by default permits everyone to have widespread access to the registry. Attackers can therefore run executables, such as red button, that read critical registry values such as the build number of the windows release, the service pack that has been installed, the share names which in and of themselves also reveal whether a Windows NT system is a server of a workstation because workstations do not have the built-in netlogon share, and other critical data such as the name of default administration account. Additionally, Windows server has a flaw in its interface to the client that allows Windows clients remote access to critical server resource including the Registry.

Many methods exist for obtaining names of account and groups from remote Windows systems. A perpetrator with Administrator-level privileges in one domain can use the User Manager for Domain on any domain controller within that domain to initiate the process of setting up a trust relationship within that domain to initiate the process of setting up a trust relationship with another domain. After initiating trust, the perpetrator can use the Windows Explorer on any server within the domain to view the account name and groups in the other domains. The perpetrator needs to just highlight any file or folder, then go to file, properties, security, and then click the Permission button. The account names and the groups in the other domain will appear when the perpetrator selects list accounts from. Note that trust does not have to be in place; it must merely be unilaterally initiated.

Still another way to gather critical information about systems and domains is to create a program that utilizes certain application programming interface API calls.

A netuserenum call can be made by the anonymous user. Data returned as the result of making this call includes the names of accounts, full usernames, descriptions for each account which often contain working such as a built-in account for administrating the system, thereby revealing the privilege level associated with the account and other values.

A netgroupenum call can be used in a parallel manner to reveal the names of the groups as well as the names of users within each group.

LookupAccountSid call enables the anonymous user to obtain the names of accounts including the name of the default Administrator account, even if it has been renamed.

NetUserModelsGet call enables the anonymous user to retrieve account policy settings as well as the domain role.

There are lots of another trick available to crack Windows Registry and data stolen. You need to develop a strong security policy using high expertise in Windows security as well as firewall deployment, especially when you are using Window server as the Database server. The database contains highly sensitive and important company’s data. Protection of database is an important requirement.


Port Binding Attacks on Windows Security

January 29, 2019 Comments off

Detail explanation about port binding attacks on Windows machines with open port

remote dba expertsAllow any Windows user, who is logged, regardless of privilege level of commitment to any port. Ports from which users can bind to ports, such as remote procedure call RPC and NetBIOS. Port-binding programs are user-initiated services, a native Win2k priority to listen to any particular port, this function is a critical vulnerability that leaves Windows guests sensitive to attacks, port binding. An only user with administrator privileges is to be able to stop the actions and other services in a safe environment. Windows will attempt to determine the environmental performance of default, such as limiting access to utilities such as Server Manager, and commands such as net start. Malware can be continually endeavoring to door through which the services, such as sharing services on the system, can interfere with these services. At the moment there is no mechanism for proper monitoring of this problem, except perhaps in solutions of packet filtering.

In “Snork” attacks, binds to a local or remote malicious one of many high-numbered ports. The service listening at the entrance to register the connection and allocates a disproportionate share of the CPU on its name, which causes the system to become so bogged down that slows to a crawl. There are currently no adequate solutions to this problem, with the possible exception of packet filtering solutions.

Any user can also use the telnet command to connect to ports and write an entry unexpected. If the service that receives this input is not sufficient to deal with an out-of-bounds input, the service may arrest without grace, causing a system shutdown or crash.

The author can also use the telnet command to the input domain service pipe character generator system, which the system unit to fill with trash entry until the system crashes.

The Telnet client can be misused to cause a DOS by binding to a specific port and sends unexpected inputs, for example. If the telnet service is installed on the host Windows, Telnet can also allow someone to gain unauthorized access through methods of attack such as guessing the password by brute force. By default, all traffic is also telnet to the network in clear text. Generally, it is best to avoid installing the Telnet service when security needs are high. Secure Shell provides a safer alternative as it is at least encrypting network traffic.

Inadequate distributions of users are too privileged groups, lead to privilege escalation that could pose a significant threat to security in Windows. The inclusion in the local Administrators group and the world, in particular, allows the user a tremendous amount of control on Windows machines. Remember that users with administrative privileges can create new accounts with the same privilege.

Multitasking in Windows

December 16, 2013 Comments off

Working with more than one program at a time is called multitasking. Each program item execution is called a task. Microsoft Windows is capable of executing many tasks each in its own window. For example, we can execute WordPad and MS Paint at the same time.

To try multi-tasking, execute WordPad, maximize it. Then execute MS Paint from start menu and maximize it also. The name of applications which are currently working will be displayed on the taskbar. That means, at present the taskbar displays the names WordPad and MS Paint. The application or program in which we are currently working with, is called as active application.

Switching between Applications:

To switch or move from one application to another, in above example to go to WordPad from MS Paint, click on the name of the application in the taskbar. The application which is selected will be in the front and the application window which was displayed earlier will be in the background.

You can switch or more one by one application using ALT+TAB keys from keyboard too. To switch between the applications using keyboard hold ALT key and press TAB key. It will display the name of applications which are currently open, in the middle of screen. To switch between applications, hold ALT and press TAB until the desired application is selected and the release ALT.

Dbametrix is team of remote dba experts to provides Oracle database administration services.