Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |

Published byShavonne Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |"— Presentation transcript:

1 Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: info@gopas,cz | www.gopas.cz | www.facebook.com/P.S.GOPAS Ing. Ondřej Ševeček | GOPAS a.s. | MCM:Directory | MVP:Enterprise Security | CEH: Certified Ethical Hacker | CHFI: Computer Hacking Forensic Investigator ondrej@sevecek.com | www.sevecek.com |

2 Specialties and demos Advanced Windows Security

3 Too many SIDs in access token  Access token can accumulate only up to 1025  More than that, user cannot log on cannot create the access token 0xC000015A = STATUS_TOO_MANY_CONTEXT_IDS  But the Account Logon Event will appear on DC as Kerberos authentication works fine

4 Translating SIDs in PowerShell 'S-1-5-18', 'S-1-5-32-544' | Select @{ n = 'SID' ; e = { $_ } }, @{ n = 'Name' ; e = { (New-Object System.Security.Principal.SecurityIdentifier $_).Translate([System.Type]::GetType('System.Security.Principal.NTA ccount')).Value } } 'Administrators', 'NT AUTHORITY\Network Service' | Select @{ n = 'Name' ; e = { $_ } }, @{ n = 'SID' ; e = { (New-Object Security.Principal.NTAccount $_).Translate([Security.Principal.SecurityIdentifier]).Value } } $rxSID = '[Ss]-1(?:-\d+){1,}' [regex]::Match('This SID S-1-5-80-3964583643-2633443559-2834438935- 3739664028-1580655619 has been detected', $rxSID).Value

5 Deleted domain user accounts  AD LDAP replication requires tombstone technology  All deleted objects remain in the database tombstone lifetime 60/180/360 days or anything configured manually  SID, samAccountName

6 Enumerating all users and groups in PowerShell (1..10000) | % { "S-1-5-21-2533895723-4202532492-454630010-$_" } | Select @{ n = 'SID' ; e = { $_ } }, @{ n = 'Name' ; e = { (New- Object System.Security.Principal.SecurityIdentifier $_).Translate([System.Type]::GetType('System.Security.Principal.NTA ccount')).Value } } | ? { $_.Name -ne $null }

7 Example IIS app pool identity  Running IIS application pool under Network Service enables it to receive authenticated traffic from network  It also allows it to access network authenticated as the computer domain account  Running IIS application pool under Local Service prevents remote access

8 User Account Control Advanced Windows Security

9 Restricted Users  Users often work as local Administrators users on workstations/notebooks local administrators on servers  We may want restrict their default permissions and rights allow them to elevate if required  Does not apply for remote (network) connections

10 UAC Options on Windows 7

11 UAC Options on Windows 8  Only display settings  You must use the policy

12 Restricting Local Administrators  Windows XP and newer can restrict local Administrators enforced by default on Windows Vista+ must use Run As on Windows XP  LSASS can issue restricted access token Administrators and Domain Admins groups are marked as Deny Only basic user rights enabled  LSASS maintains two separate Kerberos ticket caches

13 “Deny” Groups in Access Token  User is not member of the group for Allow ACEs if something is granted to the group, it does not apply  User is member of the group for Deny ACEs if something is explicitly denied to the group, it still applies not a common case for Administrators, but still good to know

14 Deny Group in Access Token

15 UAC on Windows XP and 2003

16 Děkuji za pozornost GOPAS: info@gopas,cz | www.gopas.cz | www.facebook.com/P.S.GOPAS Ing. Ondřej Ševeček | GOPAS a.s. | MCM:Directory | MVP:Enterprise Security | CEH: Certified Ethical Hacker | CHFI: Computer Hacking Forensic Investigator ondrej@sevecek.com | www.sevecek.com |

Download ppt "Bezpečnost Windows pro pokročilé: zajímavosti a UAC GOPAS: | | Ing. Ondřej Ševeček | GOPAS a.s. |"

Similar presentations

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator.

Ing. Ondřej Ševeček | GOPAS a.s. | MCSM:Directory | MVP:Enterprise Security | CEH:Certified Ethical Hacker | CHFI:Computer Hacking Forensic Investigator.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |

Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |
Understanding Active Directory

Understanding Active Directory
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.

11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | Certified Ethical Hacker | |
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Working with Workgroups and Domains

Working with Workgroups and Domains
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Similar presentations

Ads by Google