Security Watch

The Genesis of Multi-Role Windows NT Servers

The evolution of Windows NT threatens its survival.

Several weeks ago, I wrote about a vulnerability in the Computer Associates' Brightstor (formerly ArcServe) buffer overflow. That led to questions from readers about why Windows server roles aren't always separated. For example, why isn't a backup server only a backup server, instead of also being commonly used as an extra Backup Domain Controller, file/print server and so on?

The answer requires a knowledge of Windows server history. In 1992, when Windows NT 3.1 was first released, there was no cost difference between servers and desktops. Licensing was simply per seat, and based solely on the fact that you were running a licensed Windows box, so it didn't matter whether you implemented a server or workstation. You could economically separate the various roles a server might have onto multiple machines, including desktops. (Netware users might remember the days when it was possible to have a Novell server also running a desktop console; Microsoft was simply following suit.) You could have a desktop serve as a file/print server, BDC or whatever server role you might want.

When Windows NT 3.5 was introduced, the cost of servers increased, and Microsoft also unveiled Client Access Licenses (CALs) in addition to the operating system license the client already had. Given Microsoft's huge marketing push about NT's multi-tasking capabilities, economics made it imperative that NT servers take on multiple roles. At the same time, hardware requirements increased, adding considerably to server cost.

Contributing to the push of getting servers off of non-server hardware was the Bob Denny debacle. Denny had developed the first Web server for NT. It didn't discriminate, working on both workstations and servers. Microsoft, however, hadn't planned on NT Workstation being used as a server. It had hard-coded performance metrics in Workstation to limit its functionality as a server; one example was limiting the number of simultaneous connections. Denny had implemented numerous workarounds so that his Web server, whether run on a workstation or server, worked equally well.

As a result of the Denny Web server, Microsoft decided to end server-on-desktop usage. With the release of NT 3.5 came license agreement changes which stated that workstations couldn't be used as servers, and new technology that broke many of Denny's workarounds. Windows NT 3.51 also increased the server license costs even more.

By the time of NT 4.0, the use of servers for as many roles as possible had become part of the NT culture. Cost concerns aside, people implementing NT servers simply thought of them as multi-role, as if that had been the plan all along.

At about the same time, the Internet started coming to prominence. Although earlier versions of NT had been used frequently on the Internet, few had been used in fully-exposed roles subject to hack attacks from the Internet.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

But Internet-exposed NT 4.0 servers became commonplace and the security pitfalls of multi-role servers became obvious. Combining so many uses on a single server makes it extremely difficult to properly secure, and compromise of one component can lead to the compromise of other components. As networks full of multi-role NT servers were connected to the Internet, the importance of role separation grew.

Role separation has always been important. Connecting to the Internet doesn't make role separation any more important, but Windows networks had been seen as proprietary until that point, and the thinking was they were less susceptible to attack. After all, who was going to be sending non-routable NetBEUI packets across the Internet?

Today, role separation is far better understood in Windows environments. But cost considerations still dominate management, leading to the present-day situation in which far too many Windows servers are still multi-role.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular