Windows Security Security Windows 2000XP Professional security oriented

  • Slides: 9
Download presentation
Windows Security

Windows Security

Security Windows 2000/XP Professional security oriented n Authentication n Authorization n Internet Connection Firewall

Security Windows 2000/XP Professional security oriented n Authentication n Authorization n Internet Connection Firewall n

Authentication n Credentials n n Identity (username) Proof of identity (password) Graphical Identification and

Authentication n Credentials n n Identity (username) Proof of identity (password) Graphical Identification and Authentication (GINA) DLL Authentication n n Managed by Local Security Authority (LSA) Security Accounts Manager (SAM) database (local) Kerberos version 5 + Active Directory (remote) Network Lan. Man (NTLM) + SAM database(remote) Security Support Provider Interface (SSPI)

Authentication process in Windows 2000/XP network.

Authentication process in Windows 2000/XP network.

Authorization n Security principal n Any entity that can perform an action • User

Authorization n Security principal n Any entity that can perform an action • User • Group • Computer • Service n Security identifier (SID) • Uniquely identifies security principal

Authorization n Access token n Stores in security information about security principal • Security

Authorization n Access token n Stores in security information about security principal • Security principal SID • All group SIDs • Session ID n Enables fast user switching • Session ID tells which processes to run in background n Inheritance • Given to all processes and threads owned by security principal

Authorization n Security descriptor Protect resources: files, programs, printers, etc. n Discretionary Access Control

Authorization n Security descriptor Protect resources: files, programs, printers, etc. n Discretionary Access Control List (DACL) n • Ordered list of Access Control Entries (ACEs) • Stores SID • What security principal with that SID may do • First ACE to match access token SID determines authorization • Inclusive or exclusive security policy (or both)

Internet Connection Firewall n Internet Connection Firewall (ICF) protects n n n Packet filtering

Internet Connection Firewall n Internet Connection Firewall (ICF) protects n n n Packet filtering n n n Single computer Network Outbound traffic recorded in flow table Inbound packets permitted only if match entry in flow table Port mapping n Some applications require unsolicited inbound traffic • Web servers • On-line games • LDAP n Users may explicitly open a port to unsolicited packets

Other Features Encrypting File System n Cookie management n Control software execution n n

Other Features Encrypting File System n Cookie management n Control software execution n n File hash provides extra protection Certificates n Trusted Internet Zones n Automatic Update n Notifies users of security patches n Can download and install patches automatically n

IP Windows 2000XP IP Windows 2000XP IP WindowsIP Windows 2000XP IP Windows 2000XP IP Windows
Windows 2000XP Internet Protocol Security IPSec Mike ChiricoWindows 2000XP Internet Protocol Security IPSec Mike Chirico
8 OS BSD UNIX Linux MS Windows 2000XP8 OS BSD UNIX Linux MS Windows 2000XP
Windows NT to 2000XP Migration at SLAC DennisWindows NT to 2000XP Migration at SLAC Dennis
Netstat abn ipconfig IP Ipconfig Windows 2000xp WinconfigNetstat abn ipconfig IP Ipconfig Windows 2000xp Winconfig
8 OS BSD UNIX Linux MS Windows 2000XP8 OS BSD UNIX Linux MS Windows 2000XP
Unit 5 Windows 2000XP History and Data ManagementUnit 5 Windows 2000XP History and Data Management
Windows Windows Windows XP Windows Vista Windows 7Windows Windows Windows XP Windows Vista Windows 7