Security software that tests NT

Securing a Windows NT system can be tedious, especially when you manage multiple users and resources. You need a management tool that supplements NT's built-in security utilities. Palo Verde Software's Nt Spectre 1.4 is a tool you can use. Nt Spectre views and tests aspects of NT security and provides answers to security-related problems, such as which users have access to particular files, which files guest users can access, and whether any users have nonsecure passwords. Nt Spectre's functionality is an asset to your security toolkit.

Using Nt Spectre
After I chose a directory on my Intel Pentium 166MHz processor, I installed Nt Spectre in about 30 seconds. The system had 48MB of RAM and ran NT 4.0's Small Business Server (SBS). I navigated Nt Spectre's interface easily and commenced testing my NT system's security. Using Nt Spectre's treeview layout, I located existing user accounts and examined their assigned rights and group memberships. Screen 1 shows the treeview layout that is common to most NT systems.

I opened NT Explorer, selected several sensitive directories, and dragged and dropped them into Nt Spectre. The software presented security information about these directories, and I determined who had access to them. Nt Spectre revealed two directories to which unauthorized users had access, and I subsequently removed those users.

Feature-Rich Software
NT's major resources include users, files, directories, pipes, mail slots, processes, threads, Registry keys, and shares. To maintain system security, an administrator must manage access to these resources. Using Nt Spectre's well-organized user interface, administrators can easily view and test security settings on resources.

Nt Spectre tests aspects of NT, such as the system's access capabilities, program loading, secure pipes, mail slot access, differentials, and password strength. An access test determines the files and directories a user can access. The program load test helps you determine why a user can't run a specific program. The secure pipe test helps you troubleshoot problems with applications that use secure pipes to communicate. The mail slot access test checks applications that use a secure mail slot. The differentials test compares items (e.g., directories, Registry keys) with access control lists (ACLs) to a specific directory or Registry key to determine whether the two items have the same permissions. The user-definable, dictionary-based password test lets you check for weak passwords.

If you're using NT 4.0 with Service Pack 3 (SP3), which has new SYSKEY features, the password test doesn't work. When you enable the SP3 SYSKEY function, you modify the way NT stores passwords in the Security Accounts Manager (SAM) database, and Nt Spectre doesn't understand this method. Future versions of Nt Spectre might support NT systems with SYSKEY enabled.

Nt Spectre's drag-and-drop function lets you examine file and directory ACLs. The software gathers the security descriptors for the files and directories you specify. You can then view or test the ACLs.

For testing purposes, Nt Spectre can impersonate a user. NT uses impersonation to execute commands in a security context that is different from the one the process starts with. For example, Internet Information Server (IIS) runs under the security context of the IUSR_MACHINENAME account. However, if IIS must impersonate the built-in SYSTEM account to accomplish a task that requires a higher level of security access than IIS requires, Nt Spectre can impersonate an existing user and reveal the consequences when that user attempts to access an object or load an executable program.

Value_Packed Software
Nt Spectre is a security tool packed with functionality. Although other tools exist that assist in ACL examination (such as Somarsoft's DumpACL), I haven't found one that has Nt Spectre's capabilities. You might want to put Nt Spectre on your list if you're shopping for new security management and assessment tools. At its current price, the software is a great value.

Nt Spectre 1.4
Contact: Palo Verde Software * 520-670-1628 or 800-759-9927
Web: http://www.ntspectre.com
Price: $199 for one license
System Requirements: Windows NT 3.51 or 4.0