1 / 21

Lecture 11 Security

Lecture 11 Security. xlanchen@04/29/2005. Why security?. Multi-user system must preventing unauthorized access Providing Security configuration mechanism Obvious security mechanisms Accounts/passwords/file protection Others mechanisms protecting OS from corruption

gdorothy
Télécharger la présentation

Lecture 11 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 11 Security xlanchen@04/29/2005

  2. Why security? • Multi-user system must • preventing unauthorized access • Providing Security configuration mechanism • Obvious security mechanisms • Accounts/passwords/file protection • Others mechanisms • protecting OS from corruption • preventing less privileged users from performing privileged actions • not allowing user programs to adversely affect the programs of other users or OS Understanding the Inside of Windows2000

  3. Contents • Security Ratings • Security System Components • Protecting Objects • Security Auditing • Logon Understanding the Inside of Windows2000

  4. Security Ratings • TCSEC • C2 security rating • A secure logon facility • Discretionary access control • Security auditing • Object reuse protection • B-level security • Trusted path functionality • Trusted facility management Understanding the Inside of Windows2000

  5. Security System Components Understanding the Inside of Windows2000

  6. Lsass • Local security authority subsystem Understanding the Inside of Windows2000

  7. Protecting Objects • the essence of discretionary access control and auditing • The objects that can be protected on 2K include • files, devices, mailslots, pipes (named and anonymous), • jobs, processes, threads, events, • mutexes, semaphores, shared memory sections, • I/O completion ports, LPC ports, • waitable timers, access tokens, • window stations, desktops, network shares, • services, registry keys, and printers Understanding the Inside of Windows2000

  8. Access Checks Understanding the Inside of Windows2000

  9. Security Identifiers Understanding the Inside of Windows2000

  10. Tokens Understanding the Inside of Windows2000

  11. Impersonation Understanding the Inside of Windows2000

  12. Restricted Tokens Understanding the Inside of Windows2000

  13. Security Descriptors & Access Control • ACL Assignment • Determining Access Understanding the Inside of Windows2000

  14. Discretionary access-control list (DACL) Understanding the Inside of Windows2000

  15. ACL Assignment Understanding the Inside of Windows2000

  16. Determining Access Understanding the Inside of Windows2000

  17. Access validation example Understanding the Inside of Windows2000

  18. Security Auditing • Flow of security audit records Understanding the Inside of Windows2000

  19. Process and thread security structures Understanding the Inside of Windows2000

  20. Logon • Components involved in logon Understanding the Inside of Windows2000

  21. Winlogon Initialization • \Windows\WinSta0 • three desktops • an LPC connection • a window class data structure • Registers the SAS • Registers the window • User Logon Steps Understanding the Inside of Windows2000

More Related