Windows XP Security and Access Controls

1
Chapter 6

• Windows XP Security and Access Controls

2
Objectives

• After completing this chapter you will be able
  to
• Describe the Windows XP security model, and the
  key role of logon authentication
• Customize the logon process
• Discuss domain security concepts
• Understand the Local Computer Policy

3
Objectives contd

• Enable and use auditing
• Encrypt NTFS files, folders, or drives using the
  Encrypted File System (EFS)
• Understand and implement Internet security

4
The Windows XP Security Model
Valued Gateway Client

• Windows XP Professional can establish local
  security or participate in domain security
• User must supply a valid user ID and password
• Successful logon results in an access token
• Includes information about the users identity,
  permissions, and a list of all the groups to
  which the user belongs
• Access token is compared with a list of
  permissions stored in the access control list

5
The Windows XP Security Model, contd.

• Logon process has two components
• Identification requires that a user supply a
  valid account name
• Authentication means that a user must verify his
  or her identity
• Once constructed, access token is attached to the
  users shell process
• The environment inside which the user executes
  programs or spawns other processes

6
The Windows XP Security Model, contd.

• Access to individual resources is controlled at
  the object level
• Everything in the XP environment is an object
• files, folders, processes, user accounts,
  printers, computers, etc.
• Each object hosts its own access control list

7
The Windows XP Security Model, contd.

• Objects are logically subdivided into three
  parts
• Type describes the kind of entity it is
• Services define how the object can be manipulated
  (Read, Write, Delete)
• Attributes are named characteristics and their
  values

8
The Windows XP Security Model, contd.

• Logon process is initiated through the attention
  sequence (CtrlAltDelete)
• Sequence cannot be faked by a program
• Windows XP security structure requires logon with
  a valid username and password
• Without this step, nothing more can be
  accomplished in the Windows XP environment

9
The Windows XP Security Model, contd.

• Logon provides security through use of the
  following
• Mandatory logon
• Restricted user mode
• Physical logon
• User profiles

10
Customizing the Logon Process

• System administrator can customize the default
  logon process using WinLogon
• Retain or disable the last logon name entered
• Add a logon security warning
• Change the default shell
• Enable/Disable the WinLogon Shutdown button
• Enable automated logon

11
Disabling the Default Username

• The username and its associated password are
  required to log onto a domain or computer. By
  default, Microsoft operating systems
• blank the password box
• display the last username used
• To increase security, the administrator can cause
  the username box to be blanked
• Via Local Computer Policy

12
Disabling the Default Username, contd.

• You might be legally obligated to display a
  warning message at login
• To facilitate criminal prosecution
• Two Registry or Local Security Policy values are
  involved
• LegalNoticeCaption Limited to 30 characters
• LegalNoticeText Limited to 65,535 characters

13
Disabling the Default Username, contd.

• The shell is the application launched by WinLogon
  after a successful logon
• Default is Windows Explorer
• Can change the shell to a custom or third-party
  application
• Use Registry Editor

14
Disabling the Default Username, contd.

• Windows XP logon window includes a Shutdown
  button that can be disabled
• Default is enabled
• Edit the value ShutdownWithoutLogon in either the
  Registry or the Local Security Policy

15
Disabling the Default Username, contd.

• Special- or limited-use Windows XP machines may
  need to be always logged-on
• The values for username and password can be coded
  into the Registry to automate logons

16
Disabling the Default Username, contd.

• To set up an automated logon, the following
  Registry value entries must be defined and set
• DefaultDomainName
• DefaultUserName
• DefaultPassword
• AutoAdminLogon

17
Disabling the Default Username, contd.

• Automatic account lockout disables a user account
  if a predetermined number of failed logon
  attempts occur within a specified time limit
• Helps prevent intrusion by guessing a password or
  launching a dictionary attack

18
Domain Security Concepts and Systems

• Domain security is the control of user accounts,
  group memberships, and resource access for the
  network
• Information is contained in the Active Directory
• A database maintained by one or more domain
  controllers
• Domain controller is a Windows 2000 or Windows
  .NET Server system with the Active Directory
  support services installed

19
Domain Security Concepts and Systems, contd.

• Network authentication occurs when you attempt to
  connect to resources from another member of the
  network
• Network authentication is used to prove that you
  are
• A valid member of the domain,
• Your user account is properly authenticated
• You have proper access permissions

20
Domain Security Concepts and Systems, contd.

• Kerberos version 5 is the primary protocol for
  authentication
• Provides mutual authentication
• Assigns a unique key (a ticket) to each user
• Ticket is then embedded in messages to identify
  the sender to the recipient
• Completely invisible to the user

21
Domain Security Concepts and Systems, contd.

• Secure Socket Layer/Transport Layer Security
  (SSL/TLS) is used by Web-based applications
• Supported on Windows XP through the Internet
  Information Server

22
Domain Security Concepts and Systems, contd.

• The SSL/TLS process works as follows
• A third-party Certificate Authority issues
  identity certificates
• Client sends its certificate to the server
• Server verifies validity then replies with its
  own certificate and encryption key
• The client verifies validity then uses the
  encryption key for communications with the server
• Encrypted link is used the duration of the session

23
Domain Security Concepts and Systems, contd.

• NT LAN Manager authentication is used by Windows
  NT 4.0
• XP supports this for backward compatibility
• NTLM uses a static encryption level (40-bit or
  128-bit) to encrypt traffic between a client and
  server
• NTLM is significantly less secure than Kerberos
  version 5

24
Local Computer Policy

• Local computer policy is the local systems group
  policy
• The effective policy is the composite of all
  group policies applicable to the system
• Divided into two sections
• Computer Configuration contains controls that
  focus on the computer system itself
• User Configuration contains controls that focus
  on the user and the user environment

25
Local Computer Policy, contd.

• Public key policies control features
• Offer additional controls over the Encrypted File
  System (EFS)
• Enable the issuing of certificates
• Allow you to establish trust in a certificate
  authority

26
Local Computer Policy, contd.

• IP Security (IPSec) is a security measure added
  to TCP/IP
• Protects communications between two systems
• Negotiates a secure encrypted communications link
  between a client and server through public and
  private encryption key management
• Can be used in one of two modes
• Transport mode a link can be established between
  any two systems on the network
• Tunneling mode a link can be established only
  between two specific systems

27
Local Computer Policy, contd.

• The three predefined IPSec policies are
• Client (Respond Only)
• Server (Request Security)
• Secure Server (Require Security)
• IPSec supports three types of authentication
  methods
• Kerberos v5
• public key certificate
• pre-shared key

28
Local Computer Policy, contd.

• Administrative Templates overwrite the Registry
  to force compliance with Group Policy
• Available controls include
• Security and software updates for Internet
  Explorer
• Access/use of Task Scheduler and Windows
  Installer
• Logon security features and operations
• Disk quotas
• How group policies are processed
• System file protection
• Offline access of network resources
• Printer use and function

29
Local Computer Policy, contd.

• User Configuration folder is also divided into
  three subfolders
• Software settings for any user-specific Microsoft
  or third-party product appear here
• Windows Settings folder contains Internet
  Explorer (IE), Scripts, and Security Settings
• Administrative Templates contains collection of
  user-specific functional and environmental
  Registry-based controls

30
Local Computer Policy, contd.

• Secedit is the command-line version of the
  Security Configuration and Analysis tool
• Used to analyze, configure, export, and validate
  security based on a security template
• Security template is a predefined group policy
  file with specific levels of security
• The four functions of secedit each have their own
  specific parameters and syntax

31
Local Computer Policy, contd.
32
Auditing

• Auditing records the occurrence of specific
  internal events in a Security Log
• Enabled through the Local Security Policy or
  through a domain policy
• Event Viewer is accessed through the
  Administrative Tools
• Maintains logs about application, security, and
  system events
• Enables you to view and manage event logs, gather
  information about hardware and software problems,
  and monitor security events

33
Auditing, contd.
34
Auditing, contd.

• Auditing is a good way to monitor inappropriate
  activity and who is responsible for it
• Auditing too many items can degrade performance,
  and
• If you gather too much data, it is difficult to
  extract relevant information

35
Auditing, contd.
36
Encrypted File System

• Encrypted File System allows you to encrypt data
  stored on an NTFS drive
• Uses a public and private key encryption method
• Private key is assigned to a single user account
• If the encryption key is lost, encrypted files
  can be recovered
• Via the recovery agent

37
Internet Security

• Connecting to the Internet requires that you
  accept some risks
• Trojan horses or viruses
• Malicious e-mail
• Remote hackers
• Most security features can also be leveraged to
  protect against Internet attacks
• Microsoft has added the Internet Connection
  Firewall to XP
• a simple firewall used to protect any network
  connection

38
Summary

• Windows XP has object-level access controls
• Compares access control list to access tokens
• Logon process (WinLogon) strictly controls user
  identification
• The attention sequence (CtrlAltDelete) prevents
  an unauthorized user from obtaining system access
  
• WinLogons protected memory structures keep this
  gatekeeper function from being replaced by system
  crackers
• Authentication can take place using various
  encryption schemes, including Kerberos, SSL, or
  NTLM

39
Summary, contd.

• WinLogon supports logon controls handling of
  default logon name, providing security notices,
  changing default shell, handling system shutdown,
  and enabling automatic logon
• Local computer policy controls security as well
  as enabling or restricting specific OS functions
• Auditing capabilities track errant behavior or
  detect when system problems may be occurring
• Encrypted File System protects data via encryption