• Home

  • Documents

  • NT SECURITY Introduction Security features of an operating system revolve around the principles of...
25
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For a system to be “Confidential,” it must provide features which control data access to those persons who require it for the business process or function. The information must be available to users this is the key concept surrounding “Availability.” The “Integrity” of the data involves the requirement that the data is in the form that is needed for the business process. The designers of NT 4.0 made a conscious effort to realize these features in this network operating

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Embed Size (px)

Citation preview

Page 1: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT SECURITYIntroduction

Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality.

For a system to be “Confidential,” it must provide features which control data access to those persons who require it for the business process or function.

The information must be available to users this is the key concept surrounding “Availability.”

The “Integrity” of the data involves the requirement that the data is in the form that is needed for the business process. The designers of NT 4.0 made a conscious effort to

realize these features in this network operating system.

Page 2: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Introduction

Microsoft Windows NT 4.0 features a fully pre-emptive 32-bit multitasking operating system that is scalable across enterprise level networks with diverse clients.

It supports Novell, DOS, Windows 95, Unix and Apple Workstation. This system allows for the granular control of resources, as well as strong authentication and encryption.

It has many security features that make it a more stable platform than its predecessors, and yet retains the familiar Windows 95/98 interface.

Many networking features have been build into both the server and workstation version of this product, but NT server has many more features than the workstation variant.

Page 3: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT System Identification

The NT token for users is known as the System Identification or SID.

It is based on a combination of the user identification, account domain, process up time, password, time, and a unique hashing function that is specific to NT.

This method guarantees that a user with a given name, and a given password will be almost certain to be uniquely identified by the system. The SID is the real basis for access and permission in NT.

SIDs are not re-used with identical accounts in this operating system.

Page 4: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT IDENTIFICATION AND AUTHENTICATION

The User in the NT environment is identified by some arrangement of characters.

The authentication mechanism for each identified user is a configurable password.

Specific constraints may be applied to individual user identification including; length of passwords, times of access, duration of password authenticity, rotation, and even the composition of the password.

The individual user and password identification is used by the NT operating system to generate a unique token that is referenced for each process initiated by the user.

Page 5: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 6: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT ACCOUNT CONTROLS

User accounts that are part of the default installation of NT server include, Administrators, Users, Guests, Backup Operators, Replicators, Print Operators, Account Operators, and Server Operators.

Each type of user is limited in the privileges that may be exercised on the system.

Users may be either global accounts (able to access the server remotely), or local accounts.

Accounts may be customized to a large degree beyond these default accounts.

Page 7: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 8: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT SECURITY OBJECTS

Security for NT is included in many fundamental aspects of the operating system. These aspects are represented as objects and the security subsystem maintains the permissions related to the objects contained in the system. Account rights may be as specific as an individual user account, or may be applied to a group of users who have been granted identical privileges.

Page 9: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT SECURITY COMPONENTS

NT features a security subsystem that contains many separate components to enhance the security of the product. These features include; Local Security Authority (LSA), the Security Reference Monitory, (SRM), and the Security Account Manager (SAM). Each component of the security subsystem has a role in maintaining the confidentiality, integrity and availability of the operating system. The rights or ability of a user to gain access to a file, application, or system resource, is dependent on the rights granted to the individual accounts by the system administrator. NT is able to control user access to file and directories, operating system processes and programs, as well as the systems of NT itself.

Page 10: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

ACE/ACL/LSA CONTROLS

The object in the NT environment is closely related to the Access Control Entry. This is an individual list of permissions and attributes that are featured by a specific object.

The combination of all system ACE permissions and attributes is known as the system Access Control List (ACL). Each system maintains a database of account permissions that is referenced upon system access (log-in). This database is the Security Account Manager, and it retains information such as passwords and account information.

The Local Security Authority (LSA) to validate the request of individual users based on the ACL.

Page 11: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

SRM

The functional portion of the SAM and LSA is the Security Reference Monitor, which is based, in the very core of the operating system or the kernel.

All instantiations of processes, and access are actually verified by the SRM.

The SRM is used for system calls, as well as user access requests. This allows individual services of the operating system to verify access requests through the SRM.

Page 12: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 13: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

WORKGROUP MODELS

In a workstation model, NT workstation is used as the authenticating authority for the resources on the host computer. If there are 10 computers sharing resources then each computer must be authenticated individually for each resource to be shared. This would mean that there would be a potential of 90 different passwords in all (10 * 9) for every combination of sharing. NT server offers centralization of these services, and is capable of managing accounts within or across Domains. The workgroup model becomes very difficult to manage after the addition of only a few computers.

Page 14: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

DOMAIN MODELS

NT server is capable of the authentication of users across a single Domain. The Primary Domain Controller is able to authenticate individual users, as well as replicate SAM accounts to secondary controllers known as Backup Domain Controllers. This central management of users is a key feature of NT, and may be extended across domains by the use of trust relationships. The server in NT is generally given one of three roles, the Primary Domain Controller, the Backup Domain Controller, and the Stand-alone server. PDC and BDC servers may exchange roles due to a hardware failure, and continue the authentication of users with little or no problem

Page 15: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 16: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 17: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

FILE SYSTEM/ACCESS CONTROL

NT is capable of very fine access control of users. Individual files can be controlled through the use of the NT file system (NTFS). This allows for the control of access to files and programs, as well the extension of permissions by persons with access. This means that the system administrator may control files copied from one directory to another. User rights are generally kept to those absolutely required by the system. This allows for a clear separation of power within the system and the enforcement of minimal privileges. These are key components that serve as the foundation of good security practices.

Page 18: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 19: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT ENCRYPTION AND AUDITING

NT confidentiality is supported by a number of encryption features that are a part of the operating system.

Domestic versions of NT support up to 128-bit encryption in addition to encrypted authentication of remote access services.

Export versions of NT support less robust encryption features.

In addition to the encryption and fault-tolerance features of the operating features, system auditing is supported for security, applications, and system events.

This is a method of recording system failures, access attempts, and changes in the configuration of files. The audit features allow for very close monitoring of the allocation and alteration of resources

Page 20: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 21: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 22: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 23: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Reproduced from www.ftq.com/book

Page 24: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

NT FAULT TOLERANCE

NT offers several features that contribute to the integrity of the system.

Raid configurations that are based on software solutions, tape back-up based on software, and multiple processors.

Raid types supported by NT software include disk duplexing and disk striping.

The use of redundant disks contributes to the availability of the system and the integrity of the data being processed

Page 25: NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For

Sourceshttp://www..ftq.com/book/

http://www..microsoft.com/security/default.asp

http://www..microsoft.com/technet/security/

Windows NT 4.0 Server Security Guide (Prentice Hall Series on Microsoft Technologies, Gonsalves, Marcus

Windows NT Server Networking Guide, Microsoft Press1996


ORO Findings on Privacy, Confidentiality, and Information Security

ORO Findings on Privacy, Confidentiality, and Information Security

Documents
THE PRIVACY, CONFIDENTIALITY AND SECURITY …onusidalac.org/1/images/2016/workbook.pdf6 The privacy, confidentiality and security assessment tool: workbook|UNAIDS Contents Forword

THE PRIVACY, CONFIDENTIALITY AND SECURITY …onusidalac.org/1/images/2016/workbook.pdf6 The privacy, confidentiality and security assessment tool: workbook|UNAIDS Contents Forword

Documents
Revolve the sucker Sack garden H LIVELIHOODS N REVOLVE … · New granny house HOUSING Revolve the Goat & revolve the pig e Practical training in sustainable agriculture Revolve the

Revolve the sucker Sack garden H LIVELIHOODS N REVOLVE … · New granny house HOUSING Revolve the Goat & revolve the pig e Practical training in sustainable agriculture Revolve the

Documents
DATA SECURITY AND CLIENT CONFIDENTIALITY · DATA SECURITY AND CLIENT CONFIDENTIALITY. HONORABLE REBECCA SIMMONS . Associate General Counsel . Acelity . 12930 IH 10 West . San Antonio,

DATA SECURITY AND CLIENT CONFIDENTIALITY · DATA SECURITY AND CLIENT CONFIDENTIALITY. HONORABLE REBECCA SIMMONS . Associate General Counsel . Acelity . 12930 IH 10 West . San Antonio,

Documents
Security and Confidentiality Agreement

Security and Confidentiality Agreement

Documents
SECURITY, PRIVACY, CONFIDENTIALITY AND INTEGRITY OF ...d-scholarship.pitt.edu/35436/1/Harold-ETD-Final... · SECURITY, PRIVACY, CONFIDENTIALITY AND INTEGRITY OF EMERGING HEALTHCARE

SECURITY, PRIVACY, CONFIDENTIALITY AND INTEGRITY OF ...d-scholarship.pitt.edu/35436/1/Harold-ETD-Final... · SECURITY, PRIVACY, CONFIDENTIALITY AND INTEGRITY OF EMERGING HEALTHCARE

Documents
Information Security Concepts: Confidentiality, Integrity ...docshare01.docshare.tips/files/8867/88677091.pdf · Information Security Concepts: Confidentiality, Integrity, Availability,

Information Security Concepts: Confidentiality, Integrity ...docshare01.docshare.tips/files/8867/88677091.pdf · Information Security Concepts: Confidentiality, Integrity, Availability,

Documents
Chapter seven Privacy, Security, Confidentiality, and Legal Issues

Chapter seven Privacy, Security, Confidentiality, and Legal Issues

Documents
Maximizing Data Security and Confidentiality for Case Surveillance

Maximizing Data Security and Confidentiality for Case Surveillance

Documents
Computer Security Confidentiality Policies

Computer Security Confidentiality Policies

Documents
Confidentiality Privacy and Security in PGMT

Confidentiality Privacy and Security in PGMT

Documents
Incident Security & E-Mail Confidentiality Integrity Availability

Incident Security & E-Mail Confidentiality Integrity Availability

Documents
Confidentiality and Security for e- Health

Confidentiality and Security for e- Health

Documents
Security and Confidentiality of Computer Based Dental · PDF fileThe Confidentiality and Security of Computer Based Dental Records. ... near future. While the dental profession

Security and Confidentiality of Computer Based Dental · PDF fileThe Confidentiality and Security of Computer Based Dental Records. ... near future. While the dental profession

Documents
Security and Confidentiality Training & Guidelinesorigin-sl.michigan.gov/...Confidentiality_Training... · confidentiality of HIV data. In addition users should complete a security

Security and Confidentiality Training & Guidelinesorigin-sl.michigan.gov/...Confidentiality_Training... · confidentiality of HIV data. In addition users should complete a security

Documents
Database Security and Confidentiality: Examining Disclosure Risk

Database Security and Confidentiality: Examining Disclosure Risk

Documents
SYSTEM SECURITY AND CONFIDENTIALITY

SYSTEM SECURITY AND CONFIDENTIALITY

Documents
Annual Security and Confidentiality Training · working with hard copies of documents containing confidential, identifiable information do so in a ... Annual Security and Confidentiality

Annual Security and Confidentiality Training · working with hard copies of documents containing confidential, identifiable information do so in a ... Annual Security and Confidentiality

Documents
Privacy, Confidentiality, and Security Component 2/Unit 8b

Privacy, Confidentiality, and Security Component 2/Unit 8b

Documents
Implementation of Security and Confidentiality in GP Practices

Implementation of Security and Confidentiality in GP Practices

Documents
HIV/AIDS Surveillance Security & Confidentiality Trainingdhhr.wv.gov/oeps/std-hiv-hep/HIV_AIDS/Documents/... · 2017-06-21 · HIV/AIDS Surveillance Security & Confidentiality Training

HIV/AIDS Surveillance Security & Confidentiality Trainingdhhr.wv.gov/oeps/std-hiv-hep/HIV_AIDS/Documents/... · 2017-06-21 · HIV/AIDS Surveillance Security & Confidentiality Training

Documents
HIV/AIDS Surveillance Security & Confidentiality Trainingdhhr.wv.gov/oeps/std-hiv-hep/resources/Documents/Confidentiality... · HIV/AIDS Surveillance Security & Confidentiality Training

HIV/AIDS Surveillance Security & Confidentiality Trainingdhhr.wv.gov/oeps/std-hiv-hep/resources/Documents/Confidentiality... · HIV/AIDS Surveillance Security & Confidentiality Training

Documents
Security Building Blocks: CIA Confidentiality ... › ... › Security-CIA.pdf• Cryptography is the backbone of network security as it is used to provide (in part): confidentiality,

Security Building Blocks: CIA Confidentiality ... › ... › Security-CIA.pdf• Cryptography is the backbone of network security as it is used to provide (in part): confidentiality,

Documents
CCNA Security · Web viewCIA (Confidentiality, Integrity, Availability) Introduction The primary objective of security is to establish confidentiality, integrity and availability

CCNA Security · Web viewCIA (Confidentiality, Integrity, Availability) Introduction The primary objective of security is to establish confidentiality, integrity and availability

Documents
Security Extensions for Integrity and Confidentiality in Embedded

Security Extensions for Integrity and Confidentiality in Embedded

Documents
1/15/20161 Computer Security Confidentiality Policies

1/15/20161 Computer Security Confidentiality Policies

Documents
Security and Confidentiality Policies and Procedures...health information confidentiality and security should be based on human rights principles. The ultimate goal public healthof

Security and Confidentiality Policies and Procedures...health information confidentiality and security should be based on human rights principles. The ultimate goal public healthof

Documents
HIV Security and Confidentiality Policyalabamapublichealth.gov/hiv/assets/security_confidentiality_policy.pdf · confidentiality procedures for handling HIV information across all

HIV Security and Confidentiality Policyalabamapublichealth.gov/hiv/assets/security_confidentiality_policy.pdf · confidentiality procedures for handling HIV information across all

Documents
Privacy, Confidentiality, and Security

Privacy, Confidentiality, and Security

Documents
Privacy, Confidentiality, Security, and HIPAA · – Ensure confidentiality, integrity, availability. – Identify and protect against reasonably anticipated threats to the security

Privacy, Confidentiality, Security, and HIPAA · – Ensure confidentiality, integrity, availability. – Identify and protect against reasonably anticipated threats to the security

Documents