1 / 36

Security features of Windows 2000

Security features of Windows 2000. What is computer security ?. Computer security refers to the protection of all components—hardware, software, and stored data—of a computer or a group of computers from damage, theft, or unauthorized use.

orpah
Download Presentation

Security features of Windows 2000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security features of Windows 2000

  2. What is computer security ? • Computer security refers to the protection of all components—hardware, software, and stored data—of a computer or a group of computers from damage, theft, or unauthorized use. • A computer security plan that is well thought out, implemented, and monitored makes authorized computer use easy and unauthorized use or accidental damage difficult or impossible.

  3. The security features inherited from Windows NT • Secure login with antispoofing measures. • Discretionary access controls. • Privileged access controls. • Address space protection per process. • New pages must be zeroed before being mapped in. • Security auditing.

  4. Secure login with antispoofing measures. • Means that the system administrator can require all users to have a password in order to log in. • Spoofing is when a malicious user writes a program that displays the login prompt or screen, an innocent user enter a name and password • The name and password are then written to disk

  5. Secure login with antispoofing measures. • Windows 2000 instructs users to hit CTRLALT-DEL to log in. • This key sequence is .always captured by the keyboard driver - invokes a system program that puts up the genuine login screen • Works because there is no way for user processes to disable CTRL-ALT-DEL

  6. Discretionary access controls. – • allow the owner of a file or other object to say who can use it and in what way. • Privileged access controls • allow the system administrator to override them • Address space protection • each process has its own protected virtual space unaccessibleby an unauthorized process • Security auditing • allows the administrator to produce a log of certain security related events

  7. Fundamental concepts • Every Windows 2000 user (and group) is identified by a SID (Security ID).

  8. Security ID • SIDs are binary numbers with a short header followed by a long random component • intended to be unique worldwide • When a user starts up a process, the process and its threads run under the user‘s SID • Makes sure that each object can be accessed only by threads with authorized SIDs

  9. Access token • Each process has an access token that specifies its SID and other properties • assigned at login time by winlogon • processes should call GetTokeninformation to acquire this information

  10. Header • contains some administrative information • Expiration time field • tells when the token ceases to be valid • Not currently used • Groups fields • specify the groups to which the process belongs • DACL (Discretionary ACE) • access control list assigned to objects created by the process if no other ACL is specified

  11. user SID • tells who owns the process • restricted SIDS • to allow untrustworthy processes to take part in jobs with trustworthy processes but with less power to do damage • Privileges • give the process special powers, such as the right to shut the machine down or access files to which access would otherwise be denied

  12. The privileges split up the power of the superuser into several rights that can be assigned to processes individually. • Thus a user can be given a part of superuser power • The access token tells who owns the process and which defaults and powers are associated with it.

  13. A client thread can pass its access token to a server thread to allow the server to access the client‘s protected files and other objects • This mechanism is called impersonation.

  14. Security descriptor • Every object has a security descriptor • Tells who can perform which operations on it • Consists of a header followed by a DACL with one or more ACEs (Access Control Elements) • two main kinds of elements (Specifies SIDs) • Allow • Deny

  15. A security descriptor also has a SACL (System Access Control list) • Specifies which operations on the object are recorded in the system-wide security event log.

  16. Security API calls

  17. Security API calls • Most of the Windows 2000 access control mechanism is based on security descriptors • InitializeSecurityDescriptor • To create a security descriptor storage for it is first allocated and then initialized using • LookupAccountSid • If the owner SID is not known, it can be looked up • AddAccessAllowedAce, AddAccessDeniedAce • ACL entries can be added • ..etc

  18. Other security features

  19. 2. Private key and certificate on card authenticates user to KDC TGT 3. KDC returns TGT response protected by User’s public key certificate Smart Card Logon 1. Insert smart card to reader, activate card with PIN Windows 2000Active Directory Key DistributionCenter (KDC) 4. Account control option requiring smart card logon per user Windows 2000 Domain Controller

  20. Client request Get object’ssecuritydescriptor Get client’s access token Kernel access check Return response Secure Distributed Services Model SecureDistributedService Authenticate Client Private DataStore Impersonate Client

  21. Windows 2000 Active Directory • Domain hierarchy: domain tree • Organizational Unit (OU)hierarchy within a domain • Users, groups, machines • Domain configuration OU OU Users

  22. Security Descriptor Bind Request • Every object has a unique ACL • Like NTFS folders and files Active DirectoryAuthentication and Access Control • LDAP v3 is core directory access protocol • Authenticate using SASL and Kerberos protocol • LDAP with SSL/TLS support OU OU Users

  23. Active Directory Security administration • Delegation of administration • Grant permissions at organizationalunit (OU) level • Who creates OUs, users, groups, etc. • Fine-grain access control • Grant or deny permissions on per-property level, or a group of properties • Read property • Write property • Per-property auditing

  24. 1. 401 Access Denied WWW-Authenticate: Negotiate 4. IIS impersonates client, invokes ISAPI extension 3. WWW-Authenticate: Negotiate <blob> ISAPI 2. Ticket request to KDC 5. ASP uses ADO to query SQL, integrated security requests ticket 6. SQL Server impersonates original client, then data access Example: Delegation in Action IIS SQL Server Server-A Server-B

  25. IIS App Service IE5 ISAPI Extension HTTP TCP GSS/Krb SSPI/Krb SSPI/Krb InteroperabilityCross Platform Secure 3-Tier App SolarisUNIX Server Oracle DB Application Windows 2000 Professional Smart Card Logon Windows 2000 Server Web Server

  26. CryptoAPI (CAPI) • Microsoft’s application programming interface • allows the developer to access encryption services within the operating system • also allows developers to provide their own encryption provider services • known as cryptographic service providers (CSPs)

  27. Encrypting File System • Privacy of data that goes beyond access control • Protect confidential data on laptops • Configurable approach to data recovery • Integrated with core operating system components • Windows NT File System - NTFS • Crypto API key management • Transparent and very high performance

  28. EFS service Crypto API All key management support EFS Architecture Applications Win32 layer User mode Kernel mode I/O manager NTFS EFS Encrypted on-disk data storage

  29. 4. Present service ticketat connection setup 1. Publish ServiceConnection Point and SPN Target 2. Lookup Service,Compose SPN TGT 3. Request service ticket for <spn> 5. Mutual auth usingunique session key Kerberos Authentication Mutual Authentication Application Server (target) Windows 2000 Active Directory Key DistributionCenter (KDC) Windows 2000 domain controller

  30. Single Sign-On (SSO) • Key feature to Windows 2000 authentication • User to log on just once to the domain using a single password and then authenticate to any computer within the domain.

  31. Managing Security Policy • Security settings in local or group policy • Local computer policy • Audit policy, rights, security options • Group Policy in the directory • Common computer policies • Domain level policies • Account policies • Public key trust policies

  32. Enterprise Framework • Integrated with Group Policy management • Security settings in group policy • Settings applied as part of policy enforcement on each computer

  33. Administrators vs. Users • Administrators • Full control of the operating system • Install system components, drivers • Upgrade or repair the system • Users • Cannot compromise system integrity • Read-only access to system resources • Interactive and network logon rights • Can shutdown desktop system

  34. Security Features Summary • Single sign on with standard protocols • Kerberos V5 and X.509 V3 certificates • Public key certificate management • Enterprise services for PKI rollout • Distributed security for applications • Authentication, authorization, auditing • Active Directory integration • Scalable, extensible user account directory

  35. THANK YOU

More Related