How to Secure a Microsoft Network?

Today, I am going to talk about securing a Microsoft Network by utilizing Lotus Foundations aka Net Integration’s Nitix platform.

Secure By Default

From the first moment it is powered on, the Nitix OS configures itself with an initial set of more than 250 firewall rules to block all incoming connections from the Internet on any port. As time goes on and it analyzes network traffic, Nitix adds and removes rules automatically to improve security as part of its Net Intelligence and stateful inspection routines. To allow incoming connections, the user needs to explicitly request that connections to that service be allowed, and it will automatically add firewall rules to match the request.

In contrast, most commercial firewall products and operating systems are insecure by default; they require the administrator to block each unwanted service individually, making it very easy to miss one or to make a mistake.

Securing a Microsoft Network

One of the top ten most serious security mistakes listed by SANS (The System Administration, Networking, and Security trade organization) is not failing to install a firewall – it’s implementing firewalls with rules that don’t stop malicious or dangerous traffic. In other words, everyone makes mistakes, and making a mistake in firewall configuration is both common and serious.

When it takes several days and more than a hundred cryptic rules just to build an initial securitypolicy, it’s easy to see how errors can happen. But every user of Nitix automatically gains the benefit of our skilled security analysts, third party review, and years of experience. Nitix’s firewall is more secure precisely because it requires less input from the administrator.

Multi-tiered Security

To penetrate a Nitix firewall and attack a workstation or server on the other side, an attacker would have to defeat several levels of security:
• The firewall rules themselves, including NAT.
• At least one running server process (such as the file server or web server).
• The kernel security barrier, which catches abnormal program memory accesses.
• A security gateway process, in order to obtain administrator privileges.

The entire Nitix operating system, including the firewall, configuration utilities, and all the server software, fits in less than 32 megabytes on a tiny solid-state memory card. Even if an attacker were to somehow find a leak in the firewall, the software environment is so restrictive that it would be nearly impossible to use this security hole to penetrate further.

By contrast, many commercial firewall products are based on full-sized server operating systems like Windows or Solaris, which are between 100 and 200 times larger than the Nitix OS. Among the vast amount of code and data in these operating systems are several insecure tools which can help complete an attack once it bypasses the firewall.

Special thanks to Net Integration’s Richard Hardman for his valuable input in creation of this document.