COMP1321 Digital Infrastructure Richard Henson February 2016
Week 17: Network Operating Systems and Active Directory n Objectives: »Explain a (network) operating system architecture in terms of a multi-layered model »Explain how platforms provide client-end stability for apps (or otherwise…) »Explain how Active Directory is used to control login and access to network resources »Explain how Active directory can provide trust across multiple domains
Reminder: Software Layers and Operating Systems (OS) os kernel CPU, motherboard os functions & user interface Applications
What if the Operating System has software faults? n The platform becomes “unstable”!! Could be errors in… »hardware control? »user interface? »utilities?
On a client-server network? n Client platform unstable? n What would happen to: applications running on a poorly designed platform? the rest of the local network? businesses depending on such apps?
Software Faults & CWE n Lot of recent interest in why software (even some operating systems…) is so unreliable n Mitre Corporation (US) with govt backing… tested software very thoroughly! classified software fault types into a Common Weakness Enumeration (CWE) »community developed, formal list of software weakness types [TSI/2012/183] © Copyright
What is CWE? n Essentially… a list! n CWE provides: standard measuring stick for software tools targeting software weaknesses common baseline standard for efforts to identify, mitigate, and prevent software weaknesses
More about Mitre and the CWE list n Currently (12/2015) 998 distinct CWE entries identified by Mitre!! (version 2.9) more commonly encountered weaknesses usually “repeat offenders” n New vulnerabilities found on a regular basis
Example of an operating system flaw n Apple: “dangerous flaw revealed in iOS 7 and X” (21/2/14) security-flaw-is-so-scary ?utm_campaign=socialflow_gi zmodo_facebook&utm_source=gizmodo_f acebook&utm_medium=socialflow security-flaw-is-so-scary ?utm_campaign=socialflow_gi zmodo_facebook&utm_source=gizmodo_f acebook&utm_medium=socialflow security-flaw-is-so-scary ?utm_campaign=socialflow_gi zmodo_facebook&utm_source=gizmodo_f acebook&utm_medium=socialflow
CWE Top 25 faults (part 1) Rank IDName 1CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') 2CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') 3CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 4CWE-352Cross-Site Request Forgery (CSRF) 5CWE-285Improper Access Control (Authorization) 6CWE-807Reliance on Untrusted Inputs in a Security Decision 7CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 8CWE-434Unrestricted Upload of File with Dangerous Type 9CWE-78Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') 10CWE-311Missing Encryption of Sensitive Data 11CWE-798Use of Hard-coded Credentials 12CWE-805Buffer Access with Incorrect Length Value 13CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [TSI/2012/183] © Copyright
CWE Top 25 faults (part 2) RankIDName 14CWE-129Improper Validation of Array Index 15CWE-754Improper Check for Unusual or Exceptional Conditions 16CWE-209Information Exposure Through an Error Message 17CWE-190Integer Overflow or Wraparound 18CWE-131Incorrect Calculation of Buffer Size 19CWE-306Missing Authentication for Critical Function 20CWE-494Download of Code Without Integrity Check 21CWE-732Incorrect Permission Assignment for Critical Resource 22CWE-770Allocation of Resources Without Limits or Throttling 23CWE-601URL Redirection to Untrusted Site ('Open Redirect') 24CWE-327Use of a Broken or Risky Cryptographic Algorithm 25CWE-362Race Condition [TSI/2012/183] © Copyright
Susceptibilities n The confirmed presence of one or more vulnerabilities within an implemented system, such as the presence of an operating system with a buffer overflow defect n Susceptibilities in systems stem from: a. initial implementation b. changes to software, such as from adding new facilities or the correction of detected errors (‘patching’) c. use of utility programs, which may be capable of circumventing security measures in the controlling or application software TSI Logo [TSI/2013/306 | Draft 0.B | ]
Vulnerabilities n Vulnerabilities can be: The existence of a generic weakness in a particular platform, such as a buffer overflow occurring in a specific operating system or application Interactions between multiple software elements that bypass intended controls Accidental actions of software developers that result in defects and deviations Deliberate actions of software developers that bypass intended controls, such as trap doors that permit unauthorised access to the system TSI Logo [TSI/2013/306 | Draft 0.B | ]
Vulnerabilities from Major Vendors (2011 figures) [TSI/2012/183] © Copyright
Software Weakness Mitigation n What to do about all these faults….? n Many concepts and practices needed for Trustworthy development of software have existed for many years… “Due Diligence” Pareto 80:20 [TSI/2012/183] © Copyright
Due Diligence Implies software should be reasonably trustworthy…. »what does “reasonably” mean? Implementations vary with Audiences and Assurance Requirements
Pareto 80:20 (favoured by TSI) Practice improved iteratively using existing experience Example: »switching on and acting on Compiler Warning Flags… n would obviates many common “repeat offender” weaknesses n If only this was normal practice!!! It could be….
Apps and Operating Systems n Applications need a platform… better designed platform…? »easier to design trustworthy apps n Mobile phone app vulnerabilities by malware for platform (F-Secure, 2012): Apple iOS: 1.1 Symbian: 29.8 Android: 62.8 Windows mobile: 0.6
Why the differences? n Apps written to use operating system (os) platform appropriately… well designed os restricts/prevents inappropriate use poorly designed os allows sloppy habits »but may have performance advantages… (!) »e.g. Android top 25 vulnerabilities (CWE): n /Google-Android.html /Google-Android.html /Google-Android.html
Logon & protecting the client end n When a networked client is turned on… operating system loaded… user logon screen presented n Rapid local boot is fine… but most organisational computers are on networks… »why? why does network logon take so long?
“Policies”: Controlling User and System Settings n The Windows user’s desktop is controlled with policies user policies system policies n Configuring and using policies - essential part of any network administrator’s job! could be 100s or 1000s of systems, & users
Storage of User/System Settings: Windows Registry n Early Windows extended DOS text files of system & user settings: SYSTEM.INI enhanced CONFIG.SYS WIN.INI enhanced AUTOEXEC.BAT n Windows 95: two dimensional structure… known as The Registry principles later extended in Windows NT v4 to allow system and user settings to be downloaded to local registry across the network
Viewing/Editing the Registry n REGEDT32 from command prompt… look but don’t touch! contents should not be changed manually unless you really know what you are doing!!! n Registry data that is loaded into memory can also be overwritten by data: from local profiles downloaded across the network…
System Settings n For configuration of hardware and software different types of system need different settings system settings for a given computer may need to be changed for particular users e.g. to change screen refresh rate for epileptics
User Settings n More a matter of convenience for the user mandatory profiles »users all get the same desktop settings! »anything added is lost during logoff! roaming profiles - desktop settings preserved between user sessions »saved across the network…
What is The Registry? n A hierarchical store of system and user settings n Five basic subtrees: HKEY_LOCAL_MACHINE : local computer info. Does not change no matter which user is logged on HKEY_USERS : default user settings HKEY_CURRENT_USER : current user settings HKEY_CLASSES_ROOT : software config data HKEY_CURRENT_CONFIG : “active” hardware profile n Each subtree contains one or more subkeys…
Location of the Windows Registry n In XP… c:\windows\system32\config folder n Six files (no extensions): Software System – hardware settings Sam, Security »not viewable through regedt32 Default – default user Sysdiff – HKEY USERS subkeys Also to be considered: ntuser.dat »user settings that override default user
Registry Files in Windows 7 n HKEY_LOCAL_MACHINE \SYSTEM: \system32\config\system n HKEY_LOCAL_MACHINE \SAM: \system32\config\sam n HKEY_LOCAL_MACHINE \SECURITY \system32\config\security n HKEY_LOCAL_MACHINE \SOFTWARE \system32\config\software n HKEY_USERS \UserProfile \winnt\profiles\username n HKEY_USERS.DEFAULT \system32\config\default
Emergency Recovery if Registry lost or badly damaged n Backup registry files created during text-based part of windows installation also stored in: »c:\windows\system32\config »have.sav suffix only updated if “R” option is chosen during a windows recovery/reinstall n NEVER UPDATED backup is saved to C:\windows\repair folder no user and software settings reboots back to “Windows is now setting up”
Backing up the Registry n Much forgotten… an oversight that may later be much regretted!!! can copy to tape, USB stick CD/DVD, or disk rarely more than 100 Mb n Two options; Use third-party backup tool »e.g Use windows “backup” »not recommended by experts! »but already there & does work! »to copy the registry if this tool is chosen, a “system state” backup option should be selected
System Policy File n A collection of registry settings downloaded from the domain controller during logon n Can apply different system settings to a computer, depending on the user or group logging on n Can overwrite: local machine registry settings current user registry settings n Should therefore only be used by those who know what they are doing!!!
System Policy File n Saved as NTCONFIG.POL n Normally held on Domain Controllers read by local machine during logon procedure provides desktop settings, and therefore used to control aspects of appearance of the desktop n Different NTCONFIG.POL settings can be applied according to: User Group Computer n Users with roaming profiles additionally save desktop settings to their profile folders
Active Directory n Microsoft equivalent of Novell’s NDS (Network Directory Structure) An LDAP network-wide directory service for providing paths to files and services n Available from Windows 2000 onwards of limited use on earlier Windows networks
Windows Workgroups and Domains... n Workgroup = peer-peer n Domain = client-server n Client machines can logon Locally (i.e. peer-peer) To domain (client in a client-server network
Servers and Domain Controllers n Client server networks use clients only for users clients need to log on to the domain to access network resources domain access managed by domain controllers n Member servers used to provide and manage services
What is Active Directory? n A object-oriented database (Internet- approved x500 standard) a hierarchy of data objects (& their properties) »domain controllers »computers »users & groups of users »network resources
Domain Controllers and Active Directory n Good practice to have backups domain controller should have a backup…. managed as part of the Active Directory system data on network resources, services & users all stored in a single file »ntds.dit tools available for AD system management »e.g. ntdsutil
Backing up the Database n Goes without saying that the loss of Active Directory will be very bad for the network (!) people won’t even be able to log on/off! n AD should be backed up… regularly! preferably on another computer… In another location…
Microsoft approach to “Scalable” Networks n Domain = Unit of a Microsoft LAN data store needed that will cover all network users and resources replicated across domain controllers n Criticised for not being “scalable” beyond a local LAN… Next week: how Microsoft addressed this