Upload
lucien
View
31
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Intro to Windows7 Security. Users and Groups. Security Architecture. Editing Security Policies. The Registry. File Security. Auditing/Logging. Network Issues (client firewall, IPSec, Active Directory, etc.). Security Features. • Users have accounts protected by password. - PowerPoint PPT Presentation
Citation preview
Users and Groups
Security Architecture
Editing Security Policies
The Registry
File Security
Auditing/Logging
Network Issues (client firewall, IPSec, Active Directory, etc.)
• Permissions can be assigned to groups of users.
• Users have security rights/permissions.
• Resources (objects) protected by ACLs.
• NTFS used.
• Each user has a profile and personal files/folders.
• Ctrl+Alt+Del guards logon.
• Users have accounts protected by password.
SID - Security IDentifier
• each user has a unique SID
Predefined SIDs
S-1-5-807522115-735419003- ... -1204
• each group has a unique SID
S-1-5-2 Network group
S-1-5-3 Interactive group
S-1-5-4 Authenticated Users group
S-1-5-500 Administrator
S-1-5-544 Administrators group
S-1-5-545 Users group
Access Tokens• When a user logs in an access token is created.
• Users can log in, but groups cannot.
• An access token includes
• An access token must be presented whenever a resource is requested.
Groups
• One user can be assigned to multiple groups.
• Users with common security privileges are grouped.
Local vs. Domain
• Domains are a means for implementing global (non-local) access.
• Local refers to the local computer.
Guest• Automatically created at setp/install.
• Limited control (use installed programs, view permissions,create/change/delete owned files/folders)
• Exist if the system is upgraded.
Limited
• Limited control (change personal account (password, picture, etc.), use installed programs, view permissions,create/change/delete owned files/folders)
• Created by Administrator.
Computer Adminstrator
• Complete control (create users & groups, install programs, backup/restore, load/unload device drivers, manage security/auditing, set permissions, access all files, take ownership of objects).
• Created at setup/install.
Unknown
Right-click file/folder > properties > security tab
Right-click Computer > Manage > Local Users and Groups.
LSA
Winlogin
SAM
SAMdatabase
Active
Directory
SRM
Passwords are hashed:
User IDs and passwords
• older versions of Windows use LM (DES) hash
• salt?
• post-NT versions of Windows use NTLM (MD4 & MD5) hash
( SID, right )
ACL = a list of Access Control Entries
An ACL is bound to an object.• the object’s creator can specify an ACL.
• the O.S. can find an ACL from a parent object.
To validate an operation:1) The LSA must be presented with an access token.2) The SRM supplies the ACL for the appropriate object.3) The LSA validates that the SID from the token matches the ACL.
Registry = central database for configuration settings
The individual settings are called keys.
The entire registry consists of five hives.
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_CURRENT_USERS
HKEY_CURRENT_CONFIG
Keys can be edited with WINDOWS\System32\regedit32.exe.
information about currently installed hardware and softwareincludes SAM access and various important security keys
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_CURRENT_USERS
HKEY_CURRENT_CONFIG
maintains file-application associations etc.
contains default local user profiles (screen color, wallpaper, screen savers, etc.)
stores profile for currently logged in user
holds information for the hardware configuration that was booted