Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Windows Security Mechanisms

advertisement 
Windows Security Mechanisms
Al Bento - University of Baltimore
Authentication
• Challenge/response authentication protocol (CHAP)
• LAN Manager: saves passwords as hashes:
• as a 128-bit number, with passwords up to14 digits, but with
two 7 digits parts, not case sensitive, easier to break
• change possible combinations from 284 to 2 37
• uses old, easy to break DES encryption
• saved on SAM (Windows Security Accounts Manager) at
%systemroot%\system32\config\SAM
• NTLM and NTLM2: improved LAN Manager
• NTLM -- MD4 encryption, case sensitive, password up to 127
characters, supports up 56 bit encryption.
• NTLM2 -- improves NTLM to authenticate by session, and
supports up to 128-bit encryption
• Kerberos: uses AES encryption and very secure.
Authentication (2)
• Defaults
• XP by default uses both LM & NTLM
• Vista, Windows 7 defaults to NTML2
• Active Directory defaults to Kerberos, drops back as needed
• Security options
• See Microsoft long note on options
• Many different options: store LAN Manager, Lan Manager
authentication level, etc.
• Compatibility issues:
• example of Windows 7 and Win 2k server
• example of Windows 7 and Win 2003 server
• of course all sort of issues with XP, 98, and other settings in NT, 2K,
etc.
• More on authentication : a black hat presentation.
Tokens
• What are tokens?
• A data structure that contains authentication and authorization information
for a user.
• Windows creates the access token when the user logs on and the user's
identity is confirmed.
• The access token contains the user's security ID (SID), the list of groups
that the user is a member of, and the list of privileges held by that user.
• Each process or thread started for the user inherits a copy of the access
token. In some cases a user may have more than one access token, with
different levels of authority.
• What do they do?
• Provide the security context for processes and threads when accessing
objects in the system
• Securable objects include files, directories, devices, registry keys, etc, and
have specific user and group permissions.
• Some risks: token kidnapping.
Access Control List
• What is an ACL?
• is a list of access control entries (ACE). Each ACE in an ACL identifies a
trustee and specifies the access rights allowed, denied, or audited for that
trustee. The security descriptor for a securable object can contain two
types of ACLs: a DACL and a SACL.
• DACL: discretionary access control list (DACL) identifies the
trustees that are allowed or denied access to a securable object. When
a process tries to access a securable object, the system checks the
ACEs in the object's DACL to determine whether to grant access to it.
• SACL: A system access control list (SACL) enables administrators to
log attempts to access a secured object. Each ACE specifies the types
of access attempts by a specified trustee that cause the system to
generate a record in the security event log.
• Tokens and ACL
• When a user logs in he/she is assigned a access token; and securable
objects have ACLs. When an user attempts to access a securable object the
Windows security subsystem compare the information in the token access
with the securable object and grant or deny access.
Related documents
cicayda's IS security layered data protection
cicayda's IS security layered data protection
CodeMeter as Token - Wibu
CodeMeter as Token - Wibu
17.1 Case Study Worksheet1
17.1 Case Study Worksheet1
cryptography and network security
cryptography and network security
NOTICE to potential Bidders: MMIS Access provisions are currently
NOTICE to potential Bidders: MMIS Access provisions are currently
Computer and Network Security
Computer and Network Security
cpt
cpt
Inter Bank Fund Transfer in Distributed Network
Inter Bank Fund Transfer in Distributed Network
Download
advertisement