Windows servers. NT networks

Similar documents
Windows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

Security. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik. Copyright Hermann Härtig, Ronald Aigner

Introduction to Computer Security

Windows Security Environment

Computer Security: Principles and Practice

More Than You Ever Wanted to Know about NT Login Authentication

Windows security for n00bs part 1 Security architecture & Access Control

Windows Server 2008/2012 Server Hardening

Configuring Authentication for Microsoft Windows

Windows passwords security

Web. Security Options Comparison

Objectives. Windows 7 Security. Desktop OS Market Share. Windows Background. CS140M Fall Lake

SECURITY SUBSYSTEM IN WINDOWS

Copyright

Check Point FW-1/VPN-1 NG/FP3

SQL Server Hardening

About Microsoft Windows Server 2003

Windows Operating Systems. Basic Security

Guide to Securing Windows NT/9x Clients in a Windows 2000 Network

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

Windows XP Login Vulnerabilities

Agency Pre Migration Tasks

BM482E Introduction to Computer Security

Security Options... 1

NeoMail Guide. Neotel (Pty) Ltd

e-governance Password Management Guidelines Draft 0.1

FORENSIC ARTIFACTS FROM A PASS THE HASH (PTH) ATTACK BY: GERARD LAYGUI

Data Stored on a Windows Server Connected to a Network

Courseware Samples Complete Training Courses available for FREE preview

Remote Administration

storage elements and computer systems so that data transfer is secure and robust."

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Analysis of the Security of Windows NT

Security IIS Service Lesson 6

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

USFSP Network Security Guidelines

Active Directory Integration with Blue Coat

Exploiting Transparent User Identification Systems

Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes

Enterprise Server Setup Guide

Microsoft Windows NT Server:

Securing Active Directory Correctly

CRYPTOLogon Agent. for Windows Domain Logon Authentication. Deployment Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved.

Windows network services for Samba folks

Activity 1: Scanning with Windows Defender

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Configuring and Monitoring Hitachi SAN Servers

Basic principles of infrastracture security Impersonation, delegation and code injection

SOLAARsecurity. Administrator Software Manual Issue 2

MSRPC NULL sessions. Exploitation and protection. Jean-Baptiste Marchand

Chapter 17. Transport-Level Security

RELEASE NOTES. Release Notes. Introduction. Platform. Product/version/build: Remote Control ( ) ActiveX Guest 11.

Module 10: Maintaining Active Directory

Server-based Password Synchronization: Managing Multiple Passwords

Hosts HARDENING WINDOWS NETWORKS TRAINING

CAPITAL UNIVERSITY PASSWORD POLICY

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

Chapter 1 Scenario 1: Acme Corporation

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Objectives. At the end of this chapter students should be able to:

How the Active Directory Installation Wizard Works

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v

Defense Security Service Office of the Designated Approving Authority

Securing Remote Desktop for Windows XP

Data Stored on a Windows Computer Connected to a Network

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

GENEVA COLLEGE INFORMATION TECHNOLOGY SERVICES. Password POLICY

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

How to monitor AD security with MOM

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Parallels Plesk Panel

Information Technology Security Procedures

Installation Guide. Before We Begin: Please verify your practice management system is compatible with Dental Collect Enterprise.

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

RemotelyAnywhere. Security Considerations

Windows 7. Qing Liu Michael Stevens

HP ProtectTools Windows Mobile

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012

Cal State Fullerton Account and Password Guidelines

9 Headless Systems & Remote Management

Windows 2000 Security Configuration Guide

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability

Windows Assessment. Vulnerability Assessment Course

: PASSWORD AUDITING TOOLS

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES

ESM s management across multi-platforms eliminates the need for various account managers.

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/ Barfield Road Atlanta, GA Tel: Fax:

APPENDIX I Basic Windows NT Server 4.0 Installation and Configuration

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Security Controls for the Autodesk 360 Managed Services

70-685: Enterprise Desktop Support Technician

Objectives I. IY5512 Computer Security. Agenda. Objectives II. Chris Mitchell. Final part of the course covers:

Transcription:

Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member Trusted domains Trusting resources 1

Architecture Modular OS interface (system calls) are available at: Integral subsystems Environment subsystems Both run in the user mode protection space Source: http://en.wikipedia.org/wiki/image:windows_2000_architecture.png Security viewpoint Four main components: Executive (kernel mode) Protected Servers (user mode) Network Subsystem (both kernel and user modes) Administrator tools (user mode) 2

Handle tables Each process has a table of object handles which enable the process to access those resources Maintained by object manager Each handle describes the type of access the process has to the object (read, write, etc) The object manager ensures that access is only granted if compatible with the handle When a process requests a new resource for the first time, the Object Manager asks the Security Reference Monitor to decide if the process may acquire the handle. File system protection Windows NT systems support many file systems, including: File Allocation Table (FAT) FS NTFS CD-ROM FS (CDFS) Named Pipe File System (NPFS) Mailslot File System (MSFS) Only the NTFS is protected by the access control system. Use FAT only in diskettes 3

Configuration Manager Keeps the configuration registry Stores system configuration information, including the password database (SAM), hardware and initialization information, and OS configuration information Entries in the registry are called keys Security-related servers Winlogon Session Manager Local Security Authority Security Accounts Manager (SAM) Service Controller Event Logger 4

Local Security Authority Local Security Authority Subsystem Service (LSASS) Invoked at login time, it verifies the user authentication and grants the system access token (SAT), which is used to start the initial shell and is inherited by all programs spawned during this login session Performs audit functions Operates in user mode Security Account Manager (SAM) User mode component Maintains the user account database required by the LSA Therefore the login sequence requires the following intermediation by securityrelated services: Winlogon LSA SAM 5

SAM and authentication It is possible to configure a special computer called a domain controller to consolidate the SAM database in a single server. Secure Attention Sequence: <CTRL> + <ALT> + <DEL> cannot be captured by user-level programs The system invokes Winlogon, which starts a graphical application (GINA), to handle local and remote connection requests (via the LSA and SAM) Protection (Access Control) Windows NT and later provide discretionary access control (DAC). The unit of control is called an ACE (access control entry). The format of ACEs is as follows: ACE Field Inheritance Control Flags (Boolean flags) ACE Type ACE Type-Specific Description OBJECT_INHERIT ACE CONTAINER_INHERIT_ACE NO_PROPAGATE_INHERIT_ACE INHERIT_ONLY_ACE ACCESS_ALLOWED_ACE ACCESS_DENIED_ACE SYSTEM_AUDIT_ACE SUCCESSFUL_ACCESS_ACE_FLAG FAILED_ACCESS_ACE_FLAG Access Mask SID 6

Picture from Final Evaluation of Windows NT Workstations by Science Applications International Corp./ Ctr. for Information Security Windows passwords Password policies can be established using the UserManager administration tool, which supports the following: Password aging Minimum password length Password uniqueness Account lockout features Number of failed logon attempts How long to lockout an account Better password protection is offered through passfilt.dll: Passwords must be at least six characters long Passwords must contain at least three of the following four classes of characters: Upper case letters Lower case letters Numbers Non-alphanumeric characters (punctuation symbols) Passwords can not match your username or part of your full name listed for the account. 7

Windows passwords The original Windows password hashing scheme (LM): Up to 14-character long passwords (all uppercase). Computed as two independent hashes on 7-character values Highly vulnerable to dictionary based attacks, such as L0phtrack NTLM uses 14 characters for a single hash LM hash still exported by default for compatibility with older machines in same network (i.e., placed in the SAM). NTLMv2 accepts longer than 14 characters, and in that case the exported values for LanManager are incorrect (backward incompatibility). Encrypts password hashes before storing them in the SAM Enforce 15 characters as minimum password length and disable LAM authentication Password hash challengeand-response Windows machines use hash-based challenge and response mechanisms This implies that while passwords are required for local login, password hashes can be used for remote authentication It also means that, by eavesdropping the network and capturing challenge/response pairs, an adversary can collect information to perform dictionary and/or brute-force attacks on the password. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information