Download presentation
Presentation is loading. Please wait.
Published byTamsin Hodges Modified over 9 years ago
1
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active Directory, etc.)
2
Permissions can be assigned to groups of users. Users have security rights/permissions. Resources (objects) protected by ACLs. NTFS used. Each user has a profile and personal files/folders. Ctrl+Alt+Del guards logon. Users have accounts protected by password.
3
SID - Security IDentifier each user has a unique SID Predefined SIDs S-1-5-807522115-735419003-... -1204 RID - relative ID domain identifiers (length varies) identifier authority (1-5) revision level each group has a unique SID S-1-5-2 Network group S-1-5-3 Interactive group S-1-5-4 Authenticated Users group S-1-5-500 Administrator S-1-5-544 Administrators group S-1-5-545 Users group
4
Access Tokens When a user logs in an access token is created. Users can log in, but groups cannot. An access token includes 1) the user ’ s SID, 2) the SIDs of user ’ s groups, and 3) other user rights and privileges. An access token must be presented whenever a resource is requested. Groups One user can be assigned to multiple groups. Users with common security privileges are grouped. Local vs. Domain Domains are a means for implementing global (non-local) access. Local refers to the local computer.
5
Guest Automatically created at setp/install. Limited control (use installed programs, view permissions, create/change/delete owned files/folders) Exist if the system is upgraded. Limited Limited control (change personal account (password, picture, etc.), use installed programs, view permissions, create/change/delete owned files/folders) Created by Administrator. Computer Adminstrator Complete control (create users & groups, install programs, backup/restore, load/unload device drivers, manage security/auditing, set permissions, access all files, take ownership of objects). Created at setup/install. Unknown
6
Right-click file/folder > properties > security tab Right-click Computer > Manage > Local Users and Groups.
7
LSA Win login SAM database Active Directory SRM
8
Passwords are hashed: User IDs and passwords older versions of Windows use LM (DES) hash salt? post-NT versions of Windows use NTLM (MD4) hash
9
( SID, right ) ACL = a list of Access Control Entries An ACL is bound to an object. the object ’ s creator can specify an ACL. the O.S. can find an ACL from a parent object. To validate an operation: 1) The LSA must be presented with an access token. 2) The SRM supplies the ACL for the appropriate object. 3) The LSA validates that the SID from the token matches the ACL.
10
Registry = central database for configuration settings The individual settings are called keys. The entire registry consists of five hives. HKEY_LOCAL_MACHINE HKEY_CLASSES_ROOT HKEY_USERS HKEY_CURRENT_USERS HKEY_CURRENT_CONFIG Keys can be edited with WINDOWS\System32\regedt32.exe.
11
information about currently installed hardware and software includes SAM access and various important security keys HKEY_LOCAL_MACHINE HKEY_CLASSES_ROOT HKEY_USERS HKEY_CURRENT_USERS HKEY_CURRENT_CONFIG maintains file-application associations etc. contains default local user profiles (screen color, wallpaper, screen savers, etc.) stores profile for currently logged in user holds information for the hardware configuration that was booted
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.