(Authentication / Authorization) Presentation made by: Sergio Azañón Cantero (Authentication / Authorization)

What is Security and Identity in Windows? Windows provides APIs and services to develop more secure in desktop apps, these APIs are: Authentication Authorization Cryptography Directory, identity, and access services Parental controls Rights management

Table of contents What is Authentication? About Authentication Using Authentication: Creating Custom Security Using Network Provider API Customizing Winlogon Using SSPI Protecting the Automatic Logon Password What is Authorization? About Authorization References

What is Authentication?  is the process by which the system validates a user's logon information. A user's name and password are compared to an authorized list, and if the system detects a match, access is granted to the extent specified in the permission list for that user For developers, although not required, an understanding of authorization or security-related subjects is advised.

About Authentication Credentials Management How to obtain and manage credential information such as user names and passwords. LSA Authentication  How to authenticate and log users on to the local system and how to create and call authentication packages and security packages. Network Provider API  How to interact with other types of networks. Smart Card Authentication Describes the smart card authentication architecture. SSPI  How an application can use various security models available on a computer or network without changing the interface to the security system. Winlogon and Credential Providers  How customize to Winlogon behavior by implementing and registering a Credential Provider.

Creating Custom Security Packages SSP Security Packages If a custom security support provider (SSP) security package will be used exclusively for client/server security support it can implement the Microsoft Security Support Provider Interface. SSP/AP Security Packages Custom security support provider/authentication packages (SSP/APs) contain security packages that function as authentication packages (APs) and security support providers (SSPs). These packages implement separate APIs to support each role. Because it functions as an AP, a custom SSP/AP security package must provide implementations for all of the Functions Implemented by Authentication Packages.

Using Network Provider API Implementing a Network Provider  A network provider is a DLL that enables the Windows operating system to support a specific network protocol Implementing a Credential Manager  To create a credential manager, you must create a DLL that exports the following functions: NPLogonNotify and NPPasswordChangeNotify Registering Network Providers and Credential Managers After you have created your network provider or credential manager, you must register it with the system Returning Values to the MPR  The Windows Networking functions return WN_SUCCESS on success, or they return a unique nonzero value if the function encounters an error Handling Buffered Data  Several of the network provider functions take the address and size of a buffer into which the function places a variable-sized data structure Receiving Connection Notifications  Some applications need to receive notification of connection events, either before the event, just after it occurs, or both Registering to Receive Connection Notifications  After you have created a DLL to receive connection notifications, you must register it with the system.  Overriding the Default MPR Time-out Interval  If one of the network providers does not know when it will start, MPR uses a default time-out of 60 seconds for that provider.

Customizing Winlogon Winlogon  A part of the Windows operating system that provides interactive logon support. Winlogon is designed around an interactive logon model that consists of three parts: the Winlogon executable, a Graphical Identification and Authentication dynamic-link library (DLL) referred to as the GINA, and any number of network providers. Customize Winlogon behavior by implementing a Credential Provider. Winlogon has the following responsibilities: - Window station and desktop protection - Standard SAS recognition - SAS routine dispatching - User profile loading - Assignment of security to user shell - Screen saver control - Multiple network provider support

Using SSPI Security Support Provider Interface (SSPI) is a Win32 API used by Microsoft Windows systems to perform a variety of security-related operations such as authentication. SSPI functions as a common interface to several Security Support Providers (SSPs): A Security Support Provider is a dynamic-link library (DLL) that makes one or more security packages available to applications. Procedures Used with Most Security Packages and Protocols: The Security Support Provider Interface (SSPI) model provides a single interface for a client/server transport application using the various security packages available on a computer or network.

Protecting the Automatic Logon Password The automatic logon password should be protected by using the LsaStorePrivateData function. The sintax of this function is: NTSTATUS LsaStorePrivateData( LSA_HANDLE PolicyHandle, PLSA_UNICODE_STRING KeyName, PLSA_UNICODE_STRING PrivateData ); PolicyHandle  A handle to a Policy object. The handle must have the POLICY_CREATE_SECRET access right if this is the first time data is being stored under the key specified by the KeyName parameter KeyName  Pointer to an LSA_UNICODE_STRING structure containing the name of the key under which the private data is stored. PrivateData Pointer to an LSA_UNICODE_STRING structure containing the private data to store. The function encrypts this data before storing it.

What is Authorization? is the right granted an individual to use the system and the data stored on it. Authorization is typically set up by a system administrator and verified by the computer based on some form of user identification, such as a code number or password Developers should be familiar with Windows-based programming. Although not required, an understanding of authorization or security-related subjects is advised. That is how looks the authorization administrator In Windows 10

About Authorization Access control  Access control refers to security features that control who can access resources in the operating system. Applications call access control functions to set who can access specific resources or control access to resources provided by the application. Client/Server Access Control  server applications that provide services to clients. Access Control for Application Resources  Role-based and ACL-based access control for application resources. Mandatory Integrity Control  System-level access control for securable objects. User Account Control  Security feature that enables users to perform common tasks as nonadministrators, called standard users, and as administrators without having to switch users, log off, or use Run As.

References https://docs.microsoft.com/en-us/windows/desktop/secauthn/authentication-portal https://docs.microsoft.com/en-us/windows/desktop/secauthz/authorization-portal https://es.wikipedia.org/wiki/Wikipedia Thank you for your attention!