Windows Security -- Archana Galipalli. Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security.

Slides:

Advertisements

Similar presentations

Managing User, Computer and Group Accounts

Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Lesson 17: Configuring Security Policies

Module 4: Implementing User, Group, and Computer Accounts

Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

Understanding Active Directory

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Module 8: Implementing Administrative Templates and Audit Policy.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Understanding Workgroups and Active Directory Lesson 3.

Working with Workgroups and Domains

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Managing Active Directory Domain Services Objects

User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

IOS110 Introduction to Operating Systems using Windows Session 7 1.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter Six Windows XP Security and Access Controls.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.

Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.

Designing Group Security Designing security groups Designing user rights.

Module 14: Configuring Server Security Compliance

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland Sysgem Products Sysgem Enterprise Manager (SEM)  Identity & Access Management  System Management.

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.

SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.

Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.

1 Part-1 Chap 5 Configuring Accounts Definitions.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

Security Windows 2000 Richard Goldman © December 4, 2001.

CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.

Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.

Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.

Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.

Guide to MCSE , Enhanced1 Activity 1-1: Determining the Windows Server 2003 Edition Installed on a Server Objective is to determine the edition of.

GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

NetTech Solutions Security and Security Permissions Lesson Nine.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

19 Copyright © 2008, Oracle. All rights reserved. Security.

Unit OS7: Security 7.4. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze.

ACTIVE DIRECTORY ADMINISTRATION

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

Cisco Real Exam Dumps IT-Dumps

Bethesda Cybersecurity Club

PLANNING A SECURE BASELINE INSTALLATION

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Windows Security -- Archana Galipalli

Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security settings  DEMO- By pass traverse checking  Token, Principal and Identity objects  DEMO- Accessing Token  DEMO- User Roles  Runtime security through windows

Why windows security?  To make application more secure  Configuring the system level settings along with application level settings

Vulnerability Trends Physical Network OS Application VerticalVerticalVerticalVertical Horizontal Decreasing – Leveling out Increasing

Windows security and CLR.NET CLR Administrator Windows User Protected resources MMC Snap-ins Database of accounts Security Policy Security Monitor Logon authentication.NET Configuration Authorization Authentication.NET Application

Implementing Windows Security  Minimize services  Define the user account for anonymous access  Secure the file system  Apply specific registry settings

Securing file system wwwRoot Executables Scripts Include Static Images

Specific registry settings SynAttackProtect register value to HKLM\System\Currentcontrolset\Services\ Tcpip\Parameters\SynAttackProtect  TCPMaxPortsExhausted  TCPMaxHalfOpen  TCPMaxHalfOpenedRetired

Configuring Security settings  Configuring account policies Password policy Password policy Account lock out policy Account lock out policy  Configuring Local Policies Audit policy Audit policy User Rights Assignment User Rights Assignment Security Options Security Options

Walkthrough to configure the Account policies and Local policies….

By pass traverse checking Will it work? By pass traverse checking Will it work? DirA DirB DirC File.txt User A User A has no rights to access folder A User A has full access to file file.txt

Here goes the answer!

By pass traverse checking  Is user checked for permissions???

Token  Token unifies data about identity:  User’s SID  Group SID  Privileges  Every process has own token representing principal  First process are running on behalf of the SYSTEM account when computer is started  When user logs on then shell is running in user mode under specific principal  WinLogon.exe (SYSTEM) starts user’s shell with CreateProcessAsUser method => then user’s token is propagated to other processes

What are Principal and Identity objects?  WindowsIdentity: This object encapsulates the Windows login user name and the type of protocol adopted for authentication by Windows  GenericIdentity: also stores information about a user, but is used when an application needs to implement custom logon.  GenericPrincipal: This object encapsulates the identity object and the role  WindowsPrincipal: also stores identity and the Windows group membership of the user.

User Roles  Acquiring User’s name.  Displaying all the roles in which user is a member.

Accessing token  Is token in WindowsIdentity?  Acquiring token from running process  User’s name and SID from GetTokenInformation

Runtime security through windows  Increase Assembly Trust  Adjust Zone Security  Evaluate Assembly  Create Deployment Package  Reset All Policy Levels

Walkthrough to configure the runtime security policies….

References  Windows Security 2 nd Edition by Ben Smith and Brain Komar.  h.GuideBook/HowToGetATokenForAUser. html h.GuideBook/HowToGetATokenForAUser. html h.GuideBook/HowToGetATokenForAUser. html  ngOut.zip ngOut.zip ngOut.zip

Questions? Questions?