Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access token String of bits representing user Attached to processes
Guide to MCSE , Second Edition, Enhanced2 The Windows XP Security Model (continued) Access token Compared with ACL (Access Control List) Domain security Centered on Active Directory
Guide to MCSE , Second Edition, Enhanced3 Active Directory Centralized database containing: Security Configuration Communication information Manages: Information about domain Resources shared by network
Guide to MCSE , Second Edition, Enhanced4 Logon Authentication Logon is mandatory Logon process components: Identification Authentication Password authentication typically used Access token attached to shell process
Guide to MCSE , Second Edition, Enhanced5 Shell Defines environment inside which user executes programs or spawns other processes Default: Windows Explorer Defines desktop, start menu, etc.
Guide to MCSE , Second Edition, Enhanced6 Resources as Objects Access to individual resources controlled at object level Everything in environment is an object Identified by type Type determines Permitted range of contents Kinds of operations
Guide to MCSE , Second Edition, Enhanced7 Resources as Objects (continued) Service How object can be manipulated Attributes Named characteristics
Guide to MCSE , Second Edition, Enhanced8 Access Control Logon process Initiated with Ctrl+Alt+Delete Hardware interrupt cannot be imitated Mandatory logon Restricted user mode Physical logon User profiles
Guide to MCSE , Second Edition, Enhanced9 Customizing the Logon Process Administrator can alter default process Winlogon process: Produces logon dialog box Controls automated logon Warning text Display of Shutdown button Display of last user to log onto system
Guide to MCSE , Second Edition, Enhanced10 Disabling the Default Username Logon window Displays name of the last user to logon Can be unsecure DontDisplayLastUserName Regisry setting Edit with: Local Computer Policy utility
Guide to MCSE , Second Edition, Enhanced11 Adding a Security Warning Message Might be legally obligated to add a warning message Settings in Registry: LegalNoticeCaption LegalNoticeText
Guide to MCSE , Second Edition, Enhanced12 Changing the Shell Default shell Windows Explorer Change Registry setting
Guide to MCSE , Second Edition, Enhanced13 Disabling the Shutdown Button Windows XP logon window includes Shutdown button Potential for unwanted system shutdowns ShutdownWithoutLogon Registry setting Users can still physically power-off machine Winlogon settings for: Laptop Sleep mode Other advanced shutdown settings
Guide to MCSE , Second Edition, Enhanced14 Automating Logons Values for username and password can be coded into Registry to automate logons Registry settings: DefaultDomainName DefaultUserName DefaultPassword AutoAdminLogon
Guide to MCSE , Second Edition, Enhanced15 Automatic Account Lockout Disables account Predetermined number of failed logins Predetermined amount of time Default: Unlimited number of attempts
Guide to MCSE , Second Edition, Enhanced16 Domain Security Concepts and Systems Domain Collection of computers with centrally managed security and activities Offers: Increased security Centralized control Broader access to resources
Guide to MCSE , Second Edition, Enhanced17 Domain Security Overview Control of: User accounts Group memberships Resource access for all members of a network instead of only a single computer
Guide to MCSE , Second Edition, Enhanced18 Local Computer Policy Combination of controls System policies Control panel applets Registry settings Other names: Software policy Environmental policy Windows XP policy
Guide to MCSE , Second Edition, Enhanced19 Local Computer Policy (continued) Local system’s group policy Effective policy: Result of combination of all group policies applicable to system Controlled on a domain basis on a Windows domain controller Add Global Policy snap-in to MMC
Guide to MCSE , Second Edition, Enhanced20 Local Computer Policy (continued) Local Group Policy tool Also called Local Security Policy tool Accessed from Administrative Tools Local computer policy contents: Determined during installation Based on: System configuration Existing devices Selected options and components
Guide to MCSE , Second Edition, Enhanced21 Local Computer Policy (continued) Custom policies: Created through the use of.adm files Local group policy: System.adm file Local Computer Policy snap-in Divided into two sections: User Configuration Computer Configuration Contains over 300 individual controls
Guide to MCSE , Second Edition, Enhanced22 Computer Configuration Subnodes: Software Settings The Windows Settings folder: Scripts Security Settings Administrative Templates folder
Guide to MCSE , Second Edition, Enhanced23 Public Key Policies Three purposes Offers additional controls over the Encrypting File System (EFS) Enables the issuing of certificates Allows you to establish trust in a certificate authority
Guide to MCSE , Second Edition, Enhanced24 IP Security Policies Security measure added to TCP/IP Protects communications between two systems using that protocol Can be used over a RAS or WAN link Creates a secured point-to-point link between two systems Configured and enabled with Advanced TCP/IP Settings dialog box
Guide to MCSE , Second Edition, Enhanced25 IP Security Policies (continued) Modes: Transport Tunneling Predefined IPSec policies: Client (Respond Only) Server (Request Security) Secure Server (Require Security)
Guide to MCSE , Second Edition, Enhanced26 IP Security Policies (continued) Authentication methods: Kerberos version 5 Default and preferred Public key certificate authentication Preshared key Less secure
Guide to MCSE , Second Edition, Enhanced27 Administrative Templates Offer controls on a wide range of environmental functions and features Registry based group policy information Used to overwrite Registry to force compliance with group policy
Guide to MCSE , Second Edition, Enhanced28 User Configuration Subfolders: Software Settings Windows Settings folder Administrative Templates folder
Guide to MCSE , Second Edition, Enhanced29 Security Configuration and Analysis Tool MMC snap-in Used to: Analyze Configure Export Validate system security based on a security template Seven predefined security templates
Guide to MCSE , Second Edition, Enhanced30 Security Configuration and Analysis Tool (continued) Checks system’s current configuration against selected security template Produces a report of discrepancies Apply security templates to system
Guide to MCSE , Second Edition, Enhanced31 Auditing Security process Records occurrence of specific operating system events inSecurity log Every object has audit events related to it Event Viewer Maintains logs about: Application events Security events System events
Guide to MCSE , Second Edition, Enhanced32 Event Properties Dialog Box
Guide to MCSE , Second Edition, Enhanced33 Encrypting File System Allows you to encrypt data stored on an NTFS drive Only enabling user can gain access to encrypted object Enabled using Properties dialog Uses public and private key encryption method Encryption process is invisible to user
Guide to MCSE , Second Edition, Enhanced34 Encrypting File System (continued) Recovery Agent Used to recover encrypted files Required for EFS to function CIPHER Command-line tool for batch processing of encryption