Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei

Published bySybil Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei"— Presentation transcript:

1 © Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei http://www.mit.bme.hu/~micskeiz S ECURITY S UBSYSTEM IN W INDOWS Operating Systems

2 Copyright Notice  These materials are part of the Windows Operating System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E. Russinovich with Andreas Polze  Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic environments (and not for commercial use)  http://www.academicresourcecenter.net/curriculum/pfv.aspx?ID=6191 http://www.academicresourcecenter.net/curriculum/pfv.aspx?ID=6191  © 2000-2005 David A. Solomon and Mark Russinovich 2

3 Questions SID BSOD HKLM 3

4 Security tasks in Windows  Authentication − Has / Knows / Is − E.g. logon screen, password popup  Authorization − Principle: Role based access control − E.g. access control lists  Auditing − Audit logging 4

5 Security tasks in Windows  Authentication − Has / Knows / Is − E.g. logon screen, password popup  Authorization − Principle: Role based access control − E.g. access control lists  Auditing − Audit logging 5

6 Security entities in Windows 6

7 Security Identifier (SID)  Unique identifier  E.g. SID of a machine: S-1-5-21-2052111302-1677128483-839522115  Users, groups: − - − RID: relative identifier  Well-known SIDs − Everyone: S-1-1-0 − Administrator: S-1-5-domain-500  Vista: services also get their own SIDs 7

8 DEMO  psgetsid.exe machineName  psgetsid.exe administrator  psgetsid.exe Security identifier (SID)

9 Authentication  Login − Through Winlogon’s own desktop − Secure Attention Sequence: Ctrl + Alt + Del − Windows 8: Microsoft account, picture password  Storing passwords: − Hash in the registry  Network authentication − NTLM: NT LAN Manager − Kerberos: since Windows 2000, in domain environment 9

10 Authentication – Access token  Impersonation 10

11 DEMO  registry − HKEY_LOCAL_MACHINE\SAM  viewing: psexec –s –i regedit.exe Security Account Manager DB

12 Security tasks in Windows  Authentication − Has / Knows / Is − E.g. logon screen, password popup  Authorization − Principle: Role based access control − E.g. access control lists  Auditing − Audit logging 12

13 Categorizing authorization (see prev. lecture) 13 Authorization categories CompulsorinessMandatoryDiscretionaryLevelSystem levelResource levelTypes Integrity control Access control lists

14 Authorization - Compulsoriness  Classical concepts (US DoD standard)  Mandatory − Only central access control − Users cannot change the policy  Discretionary − authorized users can change policies 14

15 Authorization – Level  System level − Privilege − Account right  Resource level − Integrity level − Access control list 15

16 Authorization – Types  Integrity control − Labeling objects ● low, medium, high… − Check: ● user with a lower integrity label cannot read up/write up  Access control list − Object → ( SID, permissions) ● Permission: write data, read attribute… 16

17 Authorization methods in Windows  Mandatory Integrity Control  System level privileges and rights  Discretionary Access Control 17

18 DEMO  Vista feature  icacls /setintegritylevel H|M|L  Trying „No write up” − psexec –l cmd.exe : starts with low integrity  e.g. Internet Explorer uses MIC Mandatory Integrity Control

19 Authorization methods in Windows  Mandatory Integrity Control  System level privileges and rights  Discretionary Access Control 19

20 System level authorization  Privilege − operating system level − E.g.: shutdown machine, load device driver − Name: SeShutdownPrivilege, SeLoadDriverPrivilege  Account right − who / how can or cannot login − E.g.: interactive, network logon… 20

21 DEMO  Privileges − whomai /priv − Local Policy: User rights  Local Security Policy − Password policy − Account locking − Security options Privileges Local Security Policy

22 Authorization methods in Windows  Mandatory Integrity Control  System level privileges and rights  Discretionary Access Control 22

23 Access control lists 23

24 Access control lists Windows object E.g. file, registry key, pipe… Windows object E.g. file, registry key, pipe… 24

25 Access control lists High level structure 25

26 Access control lists Can change the object’s permissions even if no access is defined 26

27 Access control lists Discretionary Access Control List Access control Discretionary Access Control List Access control 27

28 Access control lists System Access Control List Security auditing System Access Control List Security auditing 28

29 Access control lists Type allow, deny, audit Flag E.g. inheritance SID who to apply Mask execute | delete | write owner… Type allow, deny, audit Flag E.g. inheritance SID who to apply Mask execute | delete | write owner… 29

30 Access control lists - Example Object C:\temp Descriptor Owner: Administrator DACL ACE1: allow, inherits, Administrators, list folders | create files ACE2: allow, not inherited, Users, list folders | read attributes SACL 30

31 Access control lists  Inheritance flag − For container type objects (e.g. folder) − Child object inherits the ACE  Evaluation method − Several ACE can apply to a given SID − UNION of all the permission from the ACEs − Exception: deny ACE, it overcomes everything 31

32 DEMO  Basic permissions  Inheritance − Limiting inheritance  Take ownership  Effective permissions − Union, except − Deny ACE  Debugging: Process Monitor Authorization – Access control lists

33 Security tasks in Windows  Authentication − Has / Knows / Is − E.g. logon screen, password popup  Authorization − Principle: Role based access control − E.g. access control lists  Auditing − Audit logging 33

34 Eventlog  System, application, security events  Event: − Type, time, source, ID, description  Overwrite events: − Never, x day older, circular 34

35 DEMO  Auditing policy  Content of the security log  Use of permissions Auditing

36 DEMO  Dangers of running as Administrator  Working limited user − Windows XP: Run as… and runas command − Showing Run as..: left SHIFT + right click  Vista solution: UAC User Account Control, Runas

37 DEMO  Computer settings − Security options − System componets, e.g. Windows Update  User settings − Applications − Windows interface  Templates  Administrative templates  ~2500 settings Group Policy

38 Troubleshooting

39 DEMO  If there is no other choice…  Don’t hate the messenger  KeBugCheckEx function, Bugcheck.h  Error reporting  Creating memory dump  Analyzing minidump in WinDgb Blue Screen of Death (BSOD)

40 DEMO  Event log errors: − Help & Support − EventID.net − Knowledge Base articles Problem solving

41 Special startup modes  Hit F8 before the Windows logo 41

Download ppt "© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei"

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei

© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei
Windows Vista Security model and vulnerabilities.

Windows Vista Security model and vulnerabilities.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:

CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Scheduling in Windows Zoltan Micskei

Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Scheduling in Windows Zoltan Micskei
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.

Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
Access Control Lists and NTFS Permissions INFO333 – Lecture 4 2010 Mariusz Nowostawski Noria Foukia.

Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.
Security features of Windows 2000. What is computer security ? Computer security refers to the protection of all components—hardware, software, and stored.

Security features of Windows What is computer security ? Computer security refers to the protection of all components—hardware, software, and stored.
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS4: Scheduling and Dispatch 4.6. Demos.

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS4: Scheduling and Dispatch 4.6. Demos.
W INDOWS BLUE SCREEN OF DEATH AFTER CRASH DEBUGGING Alex Mclean Amy Valley Derek Visch.

W INDOWS BLUE SCREEN OF DEATH AFTER CRASH DEBUGGING Alex Mclean Amy Valley Derek Visch.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Similar presentations

Ads by Google