Unit OS7: Windows Security Components and Concepts

More documents

Recommendations

Info

32 Powerful Privileges There are several privileges that gives an account that has them full control of a computer: Debug: can open any process, including System processes to Inject code Modify code Read sensitive data Take Ownership: can access any object on the system Replace system files Change security Restore: can replace any file Load Driver Drivers bypass all security Create Token Can spoof any user (locally) Requires use of undocumented Windows API Trusted Computer Base (Act as Part of Operating System) Can create a new logon session with arbitrary SIDs in the token
33 What Makes Logon Secure Before anyone logs on, the visible desktop is Winlogon’s Winlogon registers CTRL+ALT+DEL, the Secure Attention Sequence (SAS), as a standard hotkey sequence SAS takes you to the Winlogon desktop No application can deregister it because only the thread that registers a hotkey can deregister it When Windows’ keyboard input processing code sees SAS it disables keyboard hooks so that no one can intercept it
Page 1 and 2: Windows Security
Page 3 and 4: 3 Windows Security Mechanisms Permi
Page 5 and 6: User Mode Security Components WinLo
Page 7 and 8: 7 LSASS Components SAM Service A se
Page 9 and 10: 9 LSASS Components Net Logon servic
Page 11 and 12: 11 Security Reference Monitor Perfo
Page 13 and 14: 13 Protecting Objects Access to an
Page 15 and 16: 15 Tokens The main components of a
Page 17 and 18: 17 Security Descriptors Descriptors
Page 19 and 20: 19 Discretionary Access Control Lis
Page 21 and 22: 21 Example: Access granted Security
Page 23 and 24: 23 Access Check Quiz Token Mark Aut
Page 25 and 26: 25 Access Special Cases An object
Page 27 and 28: 27 Controllable Inheritance In NT 4
Page 29 and 30: Impersonation Lets an application a
Page 31: 31 Privileges Specify which system
Page 35 and 36: 35 Logon LSASS creates a token for
Page 37 and 38: 37 Remote Logon - Active Directory
Page 39 and 40: 39 Cross-platform Strategy Common K
Page 41 and 42: 41 Kerberos principles Kerberos req
Page 43 and 44: 43 Tickets and Authentication info
Page 45 and 46: 45 Ticket Characteristics KDC retur
Page 47 and 48: 47 Further Reading Mark E. Russinov

Unit OS7: Windows Security Components and Concepts

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?