windows nt security
play

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - PowerPoint PPT Presentation

Jul 27, 2023 •746 likes •1.28k views

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda Brief information about Windows NT Security architecture Identification and authentication Access control Administration C. Ding -

  1. Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1

  2. Agenda • Brief information about Windows NT • Security architecture • Identification and authentication • Access control • Administration C. Ding - COMP4631 - L20 2

  3. Security Architecture C. Ding - COMP4631 - L20 4

  4. Security Architecture • The core operating system service is the Windows NT executive . • User programs make application program interface (API) calls to invoke operating system services. • Two modes: user and kernel modes – User programs (user mode) – Operating system services (kernel mode) C. Ding - COMP4631 - L20 5

  5. Windows NT : kernel vs user mode System Processes Services Applicatio ns Subsystems OS/2 User WinLogon Alerter Application User Win32 Subsystem DLLs Mode System NTDLL.DLL ( NT Layer DLL that control NT system functions ) Threads Executive API Kernel Mode I/O Manager Processes Virtual Cache PnP/Power Security Manager & Threads Memory Manager File systems Object management / Executive RTL Device drivers Kernel Hardware Abstraction Layer (HAL) Hardware interfaces (read/write port, timers, C. Ding - COMP4631 - L20 clocks, cache control, etc.) 6

  6. Security Subsystems • Security Reference Monitor (SRM): – in charge of access control, – an executive component running in “kernel mode”. • Local Security Authority (LSA): – a user mode component involved at login when it checks the user account and creates a system access token (SAT). – the LSA is also responsible for auditing functions. C. Ding - COMP4631 - L20 7

  7. Security Subsystems ctd. • Security Account Manager (SAM): – A user mode component that maintains the user account database used by the LSA – It provides user authentication for the LSA. Winlogon LSA SAM account data base C. Ding - COMP4631 - L20 8

  8. The Registry • It is the central database for Windows NT configuration data. • Entries in the registry are called keys (not be confused with cryptographic keys). • It is a hierarchical database. At the top level, the registry is structured into four sections called hives (or root keys) . Hives contains keys (directories) which in turn contain subkeys (subdirectories) or data items C. Ding - COMP4631 - L20 9

  9. Protection of the Registry • The registry is stored in a proprietary format. • Only the operating system tool Registry Editor can modify the registry. • Protection: remove the Registry Editor from all machines NOT used for system management. C. Ding - COMP4631 - L20 10

  10. Registry File Permissions • Defining access permissions: – use access control lists for hives and keys. • Possible access permissions: – read only: not allowed to make any changes. – full control: edit, create, delete, take away ownership of a key. – special access: users can be granted permissions according to a specified list, i.e., discretionary ACLs . C. Ding - COMP4631 - L20 11

  11. A List of Special Access (1) • Create subkey : create a new subkey within an exiting key • Enumerate keys : identify all subkeys within a key • Notify : receive audit notification generated by the key C. Ding - COMP4631 - L20 12

  12. A List of Special Access (2) • Delete : delete a key • Wr Write DAC : modify the access control list for the key • Write owner : take ownership • Read control : read security information from within the key C. Ding - COMP4631 - L20 13

  13. The Registry in Summary • Hardware configuration • Account data • Software, servers, services • Network configuration, host name, IP address • Description of user’s desktop • Critical to security – Repository for local security data – Access control built in C. Ding - COMP4631 - L20 14

  14. Identification and Authentication C. Ding - COMP4631 - L20 15

  15. Identification and Authentication • Authentication: user name + password – Windows NT 5.0 uses Kerberos for authentication • Implementation: towards networks of servers and workstations C. Ding - COMP4631 - L20 16

  16. Logging on to Windows NT 4.0 • Security Attention Sequence (SAS) - CTRL+ALT+DEL – Eliminates the possibility of Trojan Horses – Handled by WinLogon, which loads GINA to authenticate user – Authentication against local SAM or domain controller’s SAM • GINA: a remotely controllable Logon Graphical User Interface C. Ding - COMP4631 - L20 17

  17. Interactive logon to the machine Winlogon in Windows NT 4.0 1. CTRL + ALT + DEL Winlogon Win32 5. 4. Access token GINA LSA 6. 3. 2. SAM Shell Account DB C. Ding - COMP4631 - L20 18

  18. Windows NT Password Scheme • Passwords are stored in encrypted form. • Two encrypted passwords are computed, one for the Microsoft LAN Manager, the other one for Windows NT. • To prevent users adopting weak passwords, a password filtering dynamically linked library (DLL) can be installed. • The password filter forces the password to have at least six characters. C. Ding - COMP4631 - L20 19

  19. Windows NT Password Scheme • Passwords must contain at least three of the following four data types: upper case letter, lower case letter, Arabic numerical, and non-alphanumeric character. • Passwords cannot contain parts of the username. • The encrypted passwords are stored in the user accounts which are held in the SAM database. The SAM database is part of the registry. C. Ding - COMP4631 - L20 20

  20. The LAN Manager Password • It is encrypted and can be retrieved from the ciphertext stored in the SAM database. – Detailed encryption algorithm is not given here. • Passwords can be up to 14 characters long. C. Ding - COMP4631 - L20 21

  21. The Windows NT Password • It is hashed using a one-way function (MD4). • It cannot be retrieved from the hash value stored in the SAM database. C. Ding - COMP4631 - L20 22

  22. Access Control to Objects C. Ding - COMP4631 - L20 23

  23. Domain • Domain: a collection of machines sharing a common user accounts database, and security policy. • Advantage : you do not need an account in every workstation. • Windows NT uses domains to facilitate single sign-on and coordinated security administration. C. Ding - COMP4631 - L20 24

  24. Domain Controller • A domain controller (DC) is a server computer that responds to security authentication requests within a computer domain. • It is a server on a network that is responsible for allowing host access to domain resources. • It authenticates users, stores user account information and enforces security policy for a domain. C. Ding - COMP4631 - L20 25

  25. User Accounts • Each user needs a user account in a domain. – The master copy of the user accounts database for the domain is held on a server called the primary domain controller (PDC). – Copies of it are held on a backup domain controller (BDC). • Access to any network resource is solely based on the user account. C. Ding - COMP4631 - L20 26

  26. Fields in a User Account • user name (login) • full name • password : – up to 14 characters long. – You can force users to change their password at the next login. – You can prevent them from changing their passwords. – You can set an expiry date on passwords. C. Ding - COMP4631 - L20 27

  27. Fields in a User Account ctd. • User profile path: – the profile defines the user’s desktop environment, i.e., program group, network connections, screen colors, etc. • Home directory : – you can specify whether the home directory is on the local machine or on a network server. • Expiration date : – by default, accounts do not have an expiration date. C. Ding - COMP4631 - L20 28

  28. Security Identifiers • Every user, group, and machine account has a unique security identification number (SID), which is used for discretionary access control . • The SID is constructed when the account is created, and is fixed for life time. • When a workstation or server joins a domain, it receives a SID that including the domain’s SID. Machines need their SID to check whether they are in the same domain. C. Ding - COMP4631 - L20 29

  29. NT Executive – object oriented • Object is anything that needs naming, sharing, protecting w.r.t. user-mode processes. Object Types (Example) Object Types (Example) • Process • Devices • File • Network shares • Access token • NT services • (Registry) Key • Printers • Memory section • timers • Events C. Ding - COMP4631 - L20 30

  30. Security Descriptor of Each Object It contains: • the security ID of the owner of the object • a group security ID • a discretionary access control list , its entry may be: – AccessDenied, AccessAllowed, SystemAudit • a system access control list , what to write to security audit trial C. Ding - COMP4631 - L20 31

  31. Access to Windows NT Objects Access Token Security ID:S-1-5-21-146... User Name: MichaelW Group IDs: Employees Scientists EVERYONE LOCAL Read INTERACTIVE Other Information: . . File Object Access Control List . . Allow Deny Allow Security Scientists MichaelW Employees Descriptor . Execute All Read, Write . C. Ding - COMP4631 - L20 32

  32. Administration (Security Management) C. Ding - COMP4631 - L20 33

Recommend

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security whatsoever. Windows NT has security features, especially as a computer in a network. Security of Windows NT should be understood correctly. In

592 views • 31 slides
26.1 FUNDAMENTAL WINDOWS SECURITY ARCHITECTURE Anyone who wants to understand Windows security

26.1 FUNDAMENTAL WINDOWS SECURITY ARCHITECTURE Anyone who wants to understand Windows security

CHAPTER 26 W INDOWS S ECURITY 26.1 FUNDAMENTAL WINDOWS SECURITY ARCHITECTURE.................. 2 26.2 WINDOWS VULNERABILITIES ................................................. 18 26.3 WINDOWS SECURITY DEFENSES

537 views • 43 slides
Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Unit OS7: Security 7.2. Windows Security Components and Concepts Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.2. Windows Security Features Components of the Security

454 views • 14 slides
SUMMARY History End of life CLI Services Security Considerations Powershell

SUMMARY History End of life CLI Services Security Considerations Powershell

SUMMARY History End of life CLI Services Security Considerations Powershell Server Setup BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995) Windows ME

725 views • 43 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314/ Chapter 8: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314/ Chapter 8: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314/ Chapter 8: 1 Chapter 8: Windows Security Chapter 8: 2 Objectives This is not a Windows security crash course. Windows security discussed to show how general

928 views • 56 slides
Module 4 AFA CyberCamp Format Day T wo Day Three Day Four Day Five Day One Windows

Module 4 AFA CyberCamp Format Day T wo Day Three Day Four Day Five Day One Windows

AFA CyberCamp Module 4 AFA CyberCamp Format Day T wo Day Three Day Four Day Five Day One Windows Intermediate Intro to Linux CyberPatriot Cyber Safety System Windows and Ubuntu Competition! Administration Security Security 1

824 views • 53 slides
SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell Incident Response BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995)

810 views • 46 slides
SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell Incident Response BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995)

949 views • 58 slides
Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box - Still GUI based - Still makes no sense - No start menu :( - (Install classic shell)... trust me... Windows Server What can it do? - Email

1.06k views • 37 slides
Windows 10 Security Piet Carpentier Senior IT Consultant Xylos About me Piet Carpentier

Windows 10 Security Piet Carpentier Senior IT Consultant Xylos About me Piet Carpentier

Windows 10 Security Piet Carpentier Senior IT Consultant Xylos About me Piet Carpentier Piet.carpentier@xylos.com @dfter https://be.linkedin.com/in/pcarpentier Windows Client Consultant Agenda Intro Windows 10: which security tools

569 views • 18 slides
SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec

SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec

SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec Security Researcher @Safebreach Presented at DEFCON, DEEPSEC, Hackfest @bemikre Contents 1. Windows IoT Core 2. Live SirepRAT

967 views • 74 slides
Demystifying Modern Windows Rootkits Bill Demirkapi Independent Security Researcher

Demystifying Modern Windows Rootkits Bill Demirkapi Independent Security Researcher

Demystifying Modern Windows Rootkits Bill Demirkapi Independent Security Researcher Demystifying Modern Windows Rootkits Black Hat USA 2020 1 Who Am I? 18 years old Sophomore at the Rochester Institute of Technology Windows

847 views • 73 slides
Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues

Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues

Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues Windows Protocol Protocol Analysis: Analysis: Windows Various Protocols and Problems Various Protocols and Problems MSCHAP &

411 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Windows 10 IoT Core Product Overview Microsoft Windows 10 IoT Core One platform that can scale

Windows 10 IoT Core Product Overview Microsoft Windows 10 IoT Core One platform that can scale

Windows 10 IoT Core Product Overview Microsoft Windows 10 IoT Core One platform that can scale down to small and low cost devices Leading connectivity to empower business scenarios Enterprise-grade security specifically designed for the

744 views • 40 slides
Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple different versions of Windows 10 that support different features The version of Windows that we will be using is Enterprise edition This

973 views • 53 slides
Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson

Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson

Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Remote Access Telnet Rlogin X-Windows X-Windows FTP General

765 views • 52 slides
Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8 Heap Internals Who Chris Valasek (@nudehaberdasher) Sr. Research Scientist Coverity Tarjei Mandt (@kernelpool) Vulnerability

1.33k views • 91 slides
SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON MOBILE DEVICES Key Questions 1. How are Web

SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON MOBILE DEVICES Key Questions 1. How are Web

Anil Dhawan, Program Manager Rich Internet Applications Windows Mobile [anild@microsoft.com] Geir Olsen, Program Manager Security for Windows Mobile [geiro@microsoft.com] Microsoft Corp SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON

454 views • 6 slides
mc-a ISSUED DATE McAlpine Architecture PC (T) E-mail: 34-26 Street 212.366 .0700

mc-a ISSUED DATE McAlpine Architecture PC (T) E-mail: 34-26 Street 212.366 .0700

WINDOWS TO BE REPLACED, APT. 508/509 UPPER SASH OF BATHROOM WINDOW WINDOWS TO BE REPLACED, APT. 508/509 WINDOWS TO BE REPLACED, APT. 508/509 WINDOWS TO BE REPLACED, APT. 508/509 WITH LOUVER IN PLACE OF GLASS FOR A/C mc-a mc-a mc-a mc-a

217 views • 8 slides
Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu Advanced Cyber Attacks (e.g. APTs): What can we do? Defense! Firewall

257 views • 21 slides
Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma, Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma, Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu (ACSAC 15) Presented by Noor Michael CS 563 (Fall 2018) Motivation

399 views • 19 slides
ADVANCED HEAP MANIPULATION IN WINDOWS 8 Who Am I Zhenhua(Eric) Liu Senior Security Researcher

ADVANCED HEAP MANIPULATION IN WINDOWS 8 Who Am I Zhenhua(Eric) Liu Senior Security Researcher

ADVANCED HEAP MANIPULATION IN WINDOWS 8 Who Am I Zhenhua(Eric) Liu Senior Security Researcher Fortinet, Inc. Previous: Dissecting Adobe ReaderXs Sandbox: Breeding Sandworms@BlackHat EU 2012 Agenda 0x01: Why start this research 0x02:

1.13k views • 102 slides
Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux kernel

Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux kernel

Unit OS B: Comparing the Linux and Windows Kernels Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux

430 views • 25 slides

More recommend