Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Security -- Archana Galipalli. Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security.

Published byHerbert Harrington Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows Security -- Archana Galipalli. Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security."— Presentation transcript:

1 Windows Security -- Archana Galipalli

2 Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security settings  DEMO- By pass traverse checking  Token, Principal and Identity objects  DEMO- Accessing Token  DEMO- User Roles  Runtime security through windows

3 Why windows security?  To make application more secure  Configuring the system level settings along with application level settings

4 Vulnerability Trends Physical Network OS Application VerticalVerticalVerticalVertical Horizontal Decreasing – Leveling out Increasing

5 Windows security and CLR.NET CLR Administrator Windows User Protected resources MMC Snap-ins Database of accounts Security Policy Security Monitor Logon authentication.NET Configuration Authorization Authentication.NET Application

6 Implementing Windows Security  Minimize services  Define the user account for anonymous access  Secure the file system  Apply specific registry settings

7 Securing file system wwwRoot Executables Scripts Include Static Images

8 Specific registry settings SynAttackProtect register value to HKLM\System\Currentcontrolset\Services\ Tcpip\Parameters\SynAttackProtect  TCPMaxPortsExhausted  TCPMaxHalfOpen  TCPMaxHalfOpenedRetired

9 Configuring Security settings  Configuring account policies Password policy Password policy Account lock out policy Account lock out policy  Configuring Local Policies Audit policy Audit policy User Rights Assignment User Rights Assignment Security Options Security Options

10 Walkthrough to configure the Account policies and Local policies….

11 By pass traverse checking Will it work? By pass traverse checking Will it work? DirA DirB DirC File.txt User A User A has no rights to access folder A User A has full access to file file.txt

12 Here goes the answer!

13 By pass traverse checking  Is user checked for permissions???

14 Token  Token unifies data about identity:  User’s SID  Group SID  Privileges  Every process has own token representing principal  First process are running on behalf of the SYSTEM account when computer is started  When user logs on then shell is running in user mode under specific principal  WinLogon.exe (SYSTEM) starts user’s shell with CreateProcessAsUser method => then user’s token is propagated to other processes

15 What are Principal and Identity objects?  WindowsIdentity: This object encapsulates the Windows login user name and the type of protocol adopted for authentication by Windows  GenericIdentity: also stores information about a user, but is used when an application needs to implement custom logon.  GenericPrincipal: This object encapsulates the identity object and the role  WindowsPrincipal: also stores identity and the Windows group membership of the user.

16 User Roles  Acquiring User’s name.  Displaying all the roles in which user is a member.

17 Accessing token  Is token in WindowsIdentity?  Acquiring token from running process  User’s name and SID from GetTokenInformation

18 Runtime security through windows  Increase Assembly Trust  Adjust Zone Security  Evaluate Assembly  Create Deployment Package  Reset All Policy Levels

19 Walkthrough to configure the runtime security policies….

20 References  Windows Security 2 nd Edition by Ben Smith and Brain Komar.  http://pluralsight.com/wiki/default.aspx/Keit h.GuideBook/HowToGetATokenForAUser. html http://pluralsight.com/wiki/default.aspx/Keit h.GuideBook/HowToGetATokenForAUser. html http://pluralsight.com/wiki/default.aspx/Keit h.GuideBook/HowToGetATokenForAUser. html  http://www.skilldrive.com/WindowsSecIntE ngOut.zip http://www.skilldrive.com/WindowsSecIntE ngOut.zip http://www.skilldrive.com/WindowsSecIntE ngOut.zip

21 Questions? Questions?

Download ppt "Windows Security -- Archana Galipalli. Agenda  Windows Security  Windows Security and CLR  Implementing Windows Security for IIS  Configuring Security."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.

Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory

Understanding Active Directory
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

Similar presentations

Ads by Google