Presentation is loading. Please wait.

Presentation is loading. Please wait.

Florida State University

Published byKoenraad Segers Modified over 6 years ago

Similar presentations

Presentation on theme: "Florida State University"— Presentation transcript:

1 Florida State University
Windows servers The NT security model Breno de Medeiros Florida State University Fall 2005

2 Florida State University
NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member Trusted domains Trusting resources Large networks may be segmented in multiple domains for administrative reasons. The existence of trust relationships enables users in one domain to access resources in a different domain. Breno de Medeiros Florida State University Fall 2005

3 Florida State University
Architecture Modular OS interface (system calls) are available at: Integral subsystems Environment subsystems Both run in the “user mode” protection space An important feature is the use of two modes of operation, user mode and kernel mode. Important functions related to the OS behavior and interface are located in the user mode space. The part of the operating system related to the operation of system resources, and the Security Reference Monitor, which makes access control decisions, run in the protected Kernel mode. The Object manager intermediates all access to system resources. All resources are therefore abstracted as Objects. I/O manager: Manages the I/O system calls of applications and services in the user space, intermediating between them and the I/O device drivers. IPC manager: (Interprocess Communication Manager): Manages communication between the environment subsystems and servers running in the Executive. Virtual Memory Manager: Similar to other operating systems, enables the use of disk caches as system memory. Process Manager: Handles process and thread creation and termination. PnP manager: Handles plug and play features---i.e., hardware support, mostly at boot time, or when a new device is added to the system. Power Manager: Controls power-related events and interrupts. Source: Breno de Medeiros Florida State University Fall 2005

4 Florida State University
Security viewpoint Four main components: Executive (kernel mode) Protected Servers (user mode) Network Subsystem (both kernel and user modes) Administrator tools (user mode) Windows NT comes both in a server and workstation configurations. The server has more administrative tools, and more services installed by default. Breno de Medeiros Florida State University Fall 2005

5 Florida State University
Handle tables Each process has a table of “object handles” which enable the process to access those resources Maintained by object manager Each handle describes the type of access the process has to the object (read, write, etc) The object manager ensures that access is only granted if compatible with the handle When a process requests a new resource for the first time, the Object Manager asks the Security Reference Monitor to decide if the process may acquire the handle. Subsequent accesses to the same resource will not involve the Security Reference Monitor, because a handle granting the access type will be already available in the process Handle table. Processes are themselves objects in the system. A process essentially contains a Handle table containing all objects it has access to, a virtual, private address space, an associated space in the physical memory, and a list of threads. Processes, being objects, can be accessed directly (if a handle to them is available). A process can have no threads, in which case it cannot run. Each thread has an execution context, including registers and stack pointers. Breno de Medeiros Florida State University Fall 2005

6 File system protection
Windows NT systems support many file systems, including: File Allocation Table (FAT) FS NTFS CD-ROM FS (CDFS) Named Pipe File System (NPFS) Mailslot File System (MSFS) Only the NTFS is protected by the access control system. Use FAT only in diskettes The reason of so many file system types is that NT uses abstraction layers for device drivers, and the highest view of a storage or network device is a file system. Breno de Medeiros Florida State University Fall 2005

7 Configuration Manager
Keeps the configuration registry Stores system configuration information, including the password database (SAM), hardware and initialization information, and OS configuration information Entries in the registry are called keys Breno de Medeiros Florida State University Fall 2005

8 Security-related servers
Winlogon Session Manager Local Security Authority Security Accounts Manager (SAM) Service Controller Event Logger Breno de Medeiros Florida State University Fall 2005

9 Local Security Authority
Local Security Authority Subsystem Service (LSASS) Invoked at login time, it verifies the user authentication and grants the system access token (SAT), which is used to start the initial shell and is inherited by all programs spawned during this login session Performs audit functions Operates in user mode Is it safe to have a process that performs critical security checks to run in user mode? The answer is, it could be, if there are executive-level requirements to edit it or change its functionality. In other words, the operational integrity of this program needs to be provided by executive-level access control to it. Breno de Medeiros Florida State University Fall 2005

10 Security Account Manager (SAM)
User mode component Maintains the user account database required by the LSA Therefore the login sequence requires the following intermediation by security-related services: Winlogon LSA SAM Breno de Medeiros Florida State University Fall 2005

11 SAM and authentication
It is possible to configure a special computer called a domain controller to consolidate the SAM database in a single server. Secure Attention Sequence: <CTRL> + <ALT> + <DEL> cannot be captured by user-level programs The system invokes Winlogon, which starts a graphical application (GINA), to handle local and remote connection requests (via the LSA and SAM) Breno de Medeiros Florida State University Fall 2005

12 Protection (Access Control)
Windows NT and later provide discretionary access control (DAC). The unit of control is called an ACE (access control entry). The format of ACEs is as follows: ACE Field Description Inheritance Control Flags (Boolean flags) OBJECT_INHERIT ACE CONTAINER_INHERIT_ACE NO_PROPAGATE_INHERIT_ACE INHERIT_ONLY_ACE ACE Type ACCESS_ALLOWED_ACE ACCESS_DENIED_ACE SYSTEM_AUDIT_ACE ACE Type-Specific SUCCESSFUL_ACCESS_ACE_FLAG FAILED_ACCESS_ACE_FLAG Access Mask SID First, note that the Windows operating system assumes that objects are one of two types: 1) Containers, e.g. directories, may contain other objects. 2) Non-containers, such as files, cannot contain other objects. If certain ACE flags for a container are set, the masks are inherited by the contained objects. Since Windows has both ‘grant’ and ‘deny’ access entries, it becomes important to understand also the algorithm that evaluates the final, effective rights. (By contrast, in UNIX there are only ‘grant’ access permissions so the algorithm for evaluation of access privileges is immediate.) Boolean flags used to control inheritance characteristics of the ACE. � OBJECT_INHERIT_ACE – inherited by sub-objects of a container object. � CONTAINER_INHERIT_ACE – inherited by sub-containers of a container object. � NO_PROPAGATE_INHERIT_ACE – inheritance control flags are not propagated in ACEs inherited by sub-containers. � INHERIT_ONLY_ACE – ACE is not to be used in validating access attempts to the corresponding object, but will be applied to sub-objects as they are created. The following flags apply if this ACE is of type SYSTEM_AUDIT_ACE SUCCESSFUL_ACCESS_ACE_FLAG – audit messages should be generated for successful accesses. FAILED_ACCESS_ACE_FLAG – audit messages should be generated for failed accesses. The Masks have different meanings, according to the type: ACCESS_ALLOWED_ACE – access mask indicating which accesses are granted to the specified SID. ACCESS_DENIED_ACE - access mask indicating which accesses are denied to the specified SID. SID -- System ID to which this ACE applies. Each subject in Windows has an associated SID Breno de Medeiros Florida State University Fall 2005

13 Florida State University
Overview of the security infrastructure: Windows has support for centralized policy database, audit log, and SAM database. The various user mode services are conceptually protected because changes to them are managed through the security reference monitor. Picture from Final Evaluation of Windows NT Workstations by Science Applications International Corp./ Ctr. for Information Security Breno de Medeiros Florida State University Fall 2005

14 Florida State University
Windows passwords Password policies can be established using the UserManager administration tool, which supports the following: Password aging Minimum password length Password uniqueness Account lockout features Number of failed logon attempts How long to lockout an account Better password protection is offered through passfilt.dll: Passwords must be at least six characters long Passwords must contain at least three of the following four classes of characters: Upper case letters Lower case letters Numbers Non-alphanumeric characters (punctuation symbols) Passwords can not match your username or part of your full name listed for the account. Breno de Medeiros Florida State University Fall 2005

15 Florida State University
Windows passwords The original Windows password hashing scheme (LM): Up to 14-character long passwords (all uppercase). Computed as two independent hashes on 7-character values Highly vulnerable to dictionary based attacks, such as L0phtrack NTLM uses 14 characters for a single hash LM hash still exported by default for compatibility with older machines in same network (i.e., placed in the SAM). NTLMv2 accepts longer than 14 characters, and in that case the exported values for LanManager are incorrect (backward incompatibility). Encrypts password hashes before storing them in the SAM Enforce 15 characters as minimum password length and disable LAM authentication For instance, if the system had a minimum 8-character password length, and a user chose an 9-character password, one LM hash would correspond to the first 7 characters, the second for the last two characters. Much of Windows secure configuration involves editing registry files to enforce various settings. Breno de Medeiros Florida State University Fall 2005

16 Password hash challenge-and-response
Windows machines use hash-based challenge and response mechanisms This implies that while passwords are required for local login, password hashes can be used for remote authentication It also means that, by eavesdropping the network and capturing challenge/response pairs, an adversary can collect information to perform dictionary and/or brute-force attacks on the password. Breno de Medeiros Florida State University Fall 2005

Download ppt "Florida State University"

Similar presentations

1 Module 1 The Windows NT 4.0 Environment. 2  Overview The Microsoft Operating System Family Windows NT Architecture Overview Workgroups and Domains.

1 Module 1 The Windows NT 4.0 Environment. 2  Overview The Microsoft Operating System Family Windows NT Architecture Overview Workgroups and Domains.
Access Control Methodologies

Access Control Methodologies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Case Study: Windows 2000 Part I Will Richards CPSC 550 Spring 2001.

Case Study: Windows 2000 Part I Will Richards CPSC 550 Spring 2001.
Home: www.cse.dmu.ac.uk/~pkang Phones OFF Please Unix Kernel Parminder Singh Kang Home: www.cse.dmu.ac.uk/~pkang Email: pkang@dmu.ac.uk.

Home: Phones OFF Please Unix Kernel Parminder Singh Kang Home:
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Chapter Six Windows XP Security and Access Controls.

Chapter Six Windows XP Security and Access Controls.

Similar presentations

Ads by Google