Windows Security Mechanisms - PowerPoint PPT Presentation

About This Presentation
Title:

Windows Security Mechanisms

Description:

Windows Security Mechanisms Al Bento - University of Baltimore – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 6
Provided by: AlBe45
Learn more at: http://home.ubalt.edu
Category:

less

Transcript and Presenter's Notes

Title: Windows Security Mechanisms


1
Windows Security Mechanisms
Al Bento - University of Baltimore
2
Authentication
  • Challenge/response authentication protocol (CHAP)
  • LAN Manager saves passwords as hashes
  • as a 128-bit number, with passwords up to14
    digits, but with two 7 digits parts, not case
    sensitive, easier to break
  • change possible combinations from 284 to 2 37
  • uses old, easy to break DES encryption
  • saved on SAM (Windows Security Accounts Manager)
    at systemroot\system32\config\SAM
  • NTLM and NTLM2 improved LAN Manager
  • NTLM -- MD4 encryption, case sensitive, password
    up to 127 characters, supports up 56 bit
    encryption.
  • NTLM2 -- improves NTLM to authenticate by
    session, and supports up to 128-bit encryption
  • Kerberos uses AES encryption and very secure.

3
Authentication (2)
  • Defaults
  • XP by default uses both LM NTLM
  • Vista, Windows 7 defaults to NTML2
  • Active Directory defaults to Kerberos, drops back
    as needed
  • Security options
  • See Microsoft long note on options
  • Many different options store LAN Manager, Lan
    Manager authentication level, etc.
  • Compatibility issues
  • example of Windows 7 and Win 2k server
  • example of Windows 7 and Win 2003 server
  • of course all sort of issues with XP, 98, and
    other settings in NT, 2K, etc.
  • More on authentication a black hat presentation.

4
Tokens
  • What are tokens?
  • A data structure that contains authentication and
    authorization information for a user.
  • Windows creates the access token when the user
    logs on and the user's identity is confirmed.
  • The access token contains the user's security ID
    (SID), the list of groups that the user is a
    member of, and the list of privileges held by
    that user.
  • Each process or thread started for the user
    inherits a copy of the access token. In some
    cases a user may have more than one access token,
    with different levels of authority.
  • What do they do?
  • Provide the security context for processes and
    threads when accessing objects in the system
  • Securable objects include files, directories,
    devices, registry keys, etc, and have specific
    user and group permissions.
  • Some risks token kidnapping.

5
Access Control List
  • What is an ACL?
  • is a list of access control entries (ACE). Each
    ACE in an ACL identifies a trustee and specifies
    the access rights allowed, denied, or audited for
    that trustee. The security descriptor for a
    securable object can contain two types of ACLs a
    DACL and a SACL.
  • DACL discretionary access control list (DACL)
    identifies the trustees that are allowed or
    denied access to a securable object. When a
    process tries to access a securable object, the
    system checks the ACEs in the object's DACL to
    determine whether to grant access to it.
  • SACL A system access control list (SACL) enables
    administrators to log attempts to access a
    secured object. Each ACE specifies the types of
    access attempts by a specified trustee that cause
    the system to generate a record in the security
    event log.
  • Tokens and ACL
  • When a user logs in he/she is assigned a access
    token and securable objects have ACLs. When an
    user attempts to access a securable object the
    Windows security subsystem compare the
    information in the token access with the
    securable object and grant or deny access.
Write a Comment
User Comments (0)
About PowerShow.com