80 likes | 319 Views
Security. Rahul Taing Dec 1, 2006. Security Ratings. Trusted Computer System Evaluation Criteria – C2 Information Technology Security – E3 Common Criteria – controlled access PP. TCSEC Rating Levels. A1 – Verified Design B3 – Security Domains B2 – Structured Protection
E N D
Security Rahul Taing Dec 1, 2006
Security Ratings • Trusted Computer System Evaluation Criteria – C2 • Information Technology Security – E3 • Common Criteria – controlled access PP
TCSEC Rating Levels • A1 – Verified Design • B3 – Security Domains • B2 – Structured Protection • B1 – Labeled Security Protection • C2 – Controlled Access Protection • C1 – Discretionary Access Protection (obsolete) • D – Minimal Protection
C2 Security Ratings • Secure logon facility • Discretionary access control • Security auditing • Object reuse protection • Trusted path functionality • Trusted facility management
Security System Components • Security reference monitor (SRM) • Local security authority subsystem (Lsass) • Lsass policy database • Security Accounts Manager (SAM) service • SAM database
Contd… • Active Directory • Authentication Packages • Logon process (Winlogon) • Graphical Identification and Authentication (GINA) • Network logon service (Netlogon)
Protecting Objects • Impersonation • Access Checks • Security Identifiers (SID) • S – 1 – 5 – 21 – 13124455 – 1224812800 – 863842198 – 1128 • Tokens • Security Descriptors
Account Rights & Privileges • Account Rights • Privileges • Super Privileges • Take Ownership • Restore files and directories • Load & Unload device drivers • Create a token object