security features of windows 2000
DESCRIPTION
Security features of Windows 2000. What is computer security ?. Computer security refers to the protection of all components—hardware, software, and stored data—of a computer or a group of computers from damage, theft, or unauthorized use. - PowerPoint PPT PresentationTRANSCRIPT
Security features of Windows 2000
What is computer security ?
•Computer security refers to the protection of all components—hardware, software, and stored data—of a computer or a group of computers from damage, theft, or unauthorized use.
•A computer security plan that is well thought out, implemented, and monitored makes authorized computer use easy and unauthorized use or accidental damage difficult or impossible.
The security features inherited from Windows NT
• Secure login with antispoofing measures.
• Discretionary access controls.
• Privileged access controls.
• Address space protection per process.
• New pages must be zeroed before being mapped in.
• Security auditing.
Secure login with antispoofing measures.
•Means that the system administrator can require all users to have a password in order to log in.
•Spoofing is when a malicious user writes a program that displays the login prompt or screen, an innocent user enter a name and password
•The name and password are then written to disk
Secure login with antispoofing measures.
•Windows 2000 instructs users to hit CTRLALT-DEL to log in.
•This key sequence is .always captured by the keyboard driver - invokes a system program that puts up the genuine login screen
•Works because there is no way for user processes to disable CTRL-ALT-DEL
• Discretionary access controls. – ▫allow the owner of a file or other object to say
who can use it and in what way. • Privileged access controls
▫allow the system administrator to override them• Address space protection
▫each process has its own protected virtual space unaccessible by an unauthorized process
• Security auditing ▫allows the administrator to produce a log of
certain security related events
Fundamental concepts
•Every Windows 2000 user (and group) is identified by a SID (Security ID).
Security ID
•SIDs are binary numbers with a short header followed by a long random component
•intended to be unique worldwide•When a user starts up a process, the
process and its threads run under the user‘s SID
•Makes sure that each object can be accessed only by threads with authorized SIDs
Access token
•Each process has an access token that specifies its SID and other properties
•assigned at login time by winlogon•processes should call
GetTokeninformation to acquire this information
•Header ▫contains some administrative information
•Expiration time field▫tells when the token ceases to be valid▫Not currently used
•Groups fields▫specify the groups to which the process belongs
•DACL (Discretionary ACE) ▫access control list assigned to objects created
by the process if no other ACL is specified
•user SID▫tells who owns the process
•restricted SIDS▫to allow untrustworthy processes to take part
in jobs with trustworthy processes but with less power to do damage
•Privileges▫give the process special powers, such as the
right to shut the machine down or access files to which access would otherwise be denied
•The privileges split up the power of the superuser into several rights that can be assigned to processes individually.
•Thus a user can be given a part of superuser power
•The access token tells who owns the process and which defaults and powers are associated with it.
•A client thread can pass its access token to a server thread to allow the server to access the client‘s protected files and other objects
•This mechanism is called impersonation.
Security descriptor
•Every object has a security descriptor •Tells who can perform which operations
on it •Consists of a header followed by a DACL
with one or more ACEs (Access Control Elements)
•two main kinds of elements (Specifies SIDs)▫Allow▫Deny
•A security descriptor also has a SACL (System Access Control list) ▫Specifies which operations on the object
are recorded in the system-wide security event log.
Security API calls
Security API calls•Most of the Windows 2000 access control
mechanism is based on security descriptors •InitializeSecurityDescriptor
▫To create a security descriptor storage for it is first allocated and then initialized using
•LookupAccountSid ▫If the owner SID is not known, it can be looked
up •AddAccessAllowedAce, AddAccessDeniedAce
▫ACL entries can be added •..etc
Other security features
Windows 2000Active Directory
Key DistributionCenter (KDC)
Windows 2000 Domain Controller
1. Insert smart card to reader, activate card with PIN
2. Private key and certificate on card authenticates user to KDC
3. KDC returns TGT response protected by User’s public key certificate
TGT
4. Account control option requiring smart card logon per user
Smart Card Logon
Secure Distributed Services Model
SecureDistributed
Service
Client request
Impersonate Client
Get object’ssecuritydescriptor
Get client’s access token
Private DataStore
Return response
Authenticate Client
Kernel access check
Windows 2000 Active Directory• Domain hierarchy: domain tree
▫ Organizational Unit (OU)hierarchy within a domain Users, groups, machines Domain configuration
OU
OU
Users
Active DirectoryAuthentication and Access Control
• LDAP v3 is core directory access protocol ▫ Authenticate using SASL and Kerberos
protocol▫ LDAP with SSL/TLS support
OU
OU
Users
Bind Request
Every object has a unique ACL Like NTFS folders and
files
Security Descriptor
Active Directory Security administration•Delegation of administration
▫ Grant permissions at organizationalunit (OU) level
▫ Who creates OUs, users, groups, etc. •Fine-grain access control
▫ Grant or deny permissions on per-property level, or a group of properties
Read property Write property
•Per-property auditing
Example: Delegation in Action
SQL Server
IIS
1. 401 Access Denied WWW-Authenticate: Negotiate
2. Ticket request to KDC
6. SQL Server impersonates original client, then data access
5. ASP uses ADO to query SQL, integrated security requests ticket
3. WWW-Authenticate: Negotiate <blob>
ISAPI
4. IIS impersonates client, invokes ISAPI extension
Server-A
Server-B
InteroperabilityCross Platform Secure 3-Tier App
Windows 2000 Professional
Smart Card Logon
Windows 2000 Server
Web Server
SolarisUNIX Server
Oracle DB Application
IISISAPI
Extension
SSPI/Krb
AppService
GSS/Krb
IE5
SSPI/Krb
HTTP TCP
CryptoAPI (CAPI)
•Microsoft’s application programming interface
•allows the developer to access encryption services within the operating system
•also allows developers to provide their own encryption provider services
•known as cryptographic service providers (CSPs)
Encrypting File System •Privacy of data that goes beyond access
control▫Protect confidential data on laptops ▫Configurable approach to data recovery
•Integrated with core operating system components ▫Windows NT File System - NTFS▫Crypto API key management
•Transparent and very high performance
EFS Architecture
I/O manager
EFSNTFS
User mode
Kernel mode
Win32 layer
Applications
Encrypted on-disk data storage
All key management support
Crypto API
EFSservice
Application Server (target)
Windows 2000 Active Directory
Key DistributionCenter (KDC)
Windows 2000 domain controller
4. Present service ticketat connection setup
Target
2. Lookup Service,Compose SPN
1. Publish ServiceConnection Point and SPN
TGT3. Request service
ticket for <spn>
5. Mutual auth usingunique session key
Kerberos AuthenticationMutual Authentication
Single Sign-On (SSO)
•Key feature to Windows 2000 authentication
•User to log on just once to the domain using a single password and then authenticate to any computer within the domain.
Managing Security Policy
•Security settings in local or group policy
•Local computer policy▫Audit policy, rights, security options
•Group Policy in the directory▫Common computer policies
•Domain level policies▫Account policies▫Public key trust policies
Enterprise Framework• Integrated with Group Policy
management▫ Security settings in group policy ▫ Settings applied as part of policy
enforcement on each computer
Administrators vs. Users•Administrators
▫Full control of the operating system▫Install system components, drivers▫Upgrade or repair the system
•Users▫Cannot compromise system integrity▫Read-only access to system resources▫Interactive and network logon rights▫Can shutdown desktop system
Security Features Summary•Single sign on with standard protocols
▫Kerberos V5 and X.509 V3 certificates•Public key certificate management
▫Enterprise services for PKI rollout•Distributed security for applications
▫Authentication, authorization, auditing•Active Directory integration
▫Scalable, extensible user account directory
THANK YOU