Windows NT Security Under Fire

  • Chris Oakes
  • Wired
  • June 1, 1998

Listen to security expert and consultant Bruce Schneier and he'll tell you that Windows NT's security mechanism for running virtual private networks is so weak as to be unusable. Microsoft counters that the issues Schneier points out have mostly been addressed by software updates or are too theoretical to be of major concern.

Schneier, who runs a security consulting firm in Minneapolis, says his in-depth "cryptanalysis" of Microsoft's implementation of the Point-to-Point Tunneling Protocol (PPTP) reveals fundamentally flawed security techniques that dramatically compromise the security of company information.

"PPTP is a generic protocol that will support any encryption. We broke the Microsoft-defined [encryption] algorithms, and also the Microsoft control channel." However, he said he was unaware of some of Microsoft's NT 4.0 updates when he ran his tests.

With relative ease, intruders can exploit the flaws, Schneier said, which he summarizes as weak authentication and poor encryption implementation. The result is that passwords can be easily compromised, private information can be disclosed, and servers used to host a virtual private network, or VPN, can be disabled through denial-of-service attacks, Schneier said.

"It's kindergarten cryptography. These are dumb mistakes," Schneier said.

In letting companies use the public Internet as a means for establishing "private" company networks, VPN products use the protocol to establish the "virtual" connections between remote computers.

PPTP secures the packets sent via the Internet by encapsulating them in other packets. Encryption is used to further secure the data contained in the packets. It is the scheme Microsoft uses for this encryption that Schneier says is flawed.

Specifically, Schneier's analysis found flaws that would let an attacker "sniff" passwords as they travel across a network, break open an encryption scheme, and mount denial-of-service attacks on network servers, which render them inoperable. Confidential data is therefore compromised, he said.

The nature of the flaws varied, but Schneier identified five primary ones. For example, Schneier found a method of scrambling passwords into a code—a rough description of "hashing"—to be simple enough that the code is easily broken. Though 128-bit "keys" can be used to access the encryption feature of the software, Schneier said the simple password-based keys that it allows can be so short that information could be decrypted by figuring out what may be very simple passwords, such as a person's middle name.

"This is really surprising. Microsoft has good cryptographers in their employ." The problem, he said, is that they're not adequately involved in product development.

Schneier emphasized that no flaws were found in the PPTP protocol itself, but in the Windows NT version of it. Alternate versions are used on other systems such as Linux-based servers.

Microsoft's implementation is "only buzzword-compliant," Schneier said. "It doesn't use [important security features like 128-bit encryption] well."

Windows NT has in the past been the object of several security complaints, including denial-of-service vulnerabilities.

Microsoft says the five primary weaknesses Schneier has called attention to are either theoretical in nature, previously discovered, and/or have been addressed by recent updates to the operating system software.

"There's really not much in the way of news here," said Kevin Kean, an NT product manager at Microsoft. "People point out security issues with the product all the time.

"We're on our way to enhancing our product to take care of some of these situations already," Kean said.

He acknowledged that the password hashing had been fairly simple, but that updates have used a more secure hashing algorithm. He also contends that even a weak hashing can be relatively secure.

The issue of using simple passwords as encryption keys is relevant to individual company policy more than Microsoft's product. A company that has a policy requiring employees to use long, more complex passwords can ensure that their network encryption is more secure. An update to the product, Kean said, lets administrators require a long password from company employees.

On another issue, where a "rogue" server could fool a virtual private network into thinking it was a legitimate node on the network, Karan Khanna, a Windows NT product manager, said while that was possible, the server would only intercept of a "stream of gobbledygook" unless the attacker had also cracked the encryption scheme. That and other issues require a fairly difficult set of conditions, including the ability to collect the diverging paths of VPN packets onto a server, to come into place.

For that reason, Microsoft insists its product offers a reasonable level of security for virtual private networks, and that upcoming versions of the software will make it stronger.

Windows NT security expert Russ Cooper, who runs a mailing list that monitors problems with Windows NT, agrees with Microsoft that most of Schneier's findings have been previously turned up and discussed in forums like his. What Schneier has done is tested some of them, he said, and proven their existence.

But he points out that fixes for the problems have only recently been released, outdating Schneier's tests. The problems may not have been all successfully addressed by the fixes, Cooper said, but represent an unknown that may negate some of Schneier's findings.

On Schneier's side, however, Cooper agrees that it typically takes publicity of such weaknesses to get Microsoft to release fixes. "Folks need to get better response from Microsoft in terms of security," Cooper said.

He also added support to a point that Schneier makes—that Microsoft treats security more casually than other issues because it has no impact on profit.

"Microsoft doesn't care about security because I don't believe they think it affects their profit. And honestly, it probably doesn't." Cooper believes this is part of what keeps them from hiring enough security personnel.

Microsoft vehemently contests the charge. Microsoft's Khanna said in preparing the next release of the operating system, the company has installed a team to attack NT, an effort meant to find security problems before the product is released.

And, Microsoft reminds us, no product is totally secure. "Security is a continuum," Microsoft's Kean said. "You can go from totally insecure to what the CIA might consider secure." The security issue at hand, he said, lies within a reasonable point on that continuum.

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.