1
|
- Windows XP Security and Access Controls
|
2
|
- Describe the Windows XP security model, and the key role of logon
authentication
- Customize the logon process
- Discuss domain security concepts
- Understand the Local Computer Policy
|
3
|
- Enable and use auditing
- Encrypt NTFS files, folders, or drives using the Encrypted File System
(EFS)
- Understand and implement Internet security
|
4
|
- Windows XP Professional can establish local security when used as a
standalone system, or participate in domain security
- Domain security
- Control of user accounts, group memberships, and resource access for
all members of a network
- Password
- Unique string of characters that must be provided before logon or an
access is authorized
|
5
|
- A user who successfully logs on receives and access token
- Process
- Primary unit of execution in the Windows XP operating system
environment
- Access control list (ACL)
- List of security identifiers that are contained by a resource object
|
6
|
- The logon process has two components:
- Identification
- Requires that a use supply a valid account name (and in a domain
environment, the name of the domain to which that user account
belongs)
- Authentication
- Means that a user must use some method to verify his or her identity
|
7
|
- An access token includes all security information pertaining to that
user, including the user’s security ID (SID) and SIDs for each of the
groups to which the user belongs
- An access token includes the following components:
- Unique SID for the account
- List of groups to which the user belongs
- List of rights and privileges associated with the specific user’s
account
|
8
|
- Access to the system is allowed only after the user receives the access
token
- Each access token is created for one-time use during the logon process
- Once constructed, the access token is attached to the user’s shell
process
|
9
|
- In Windows XP, access to individual resources is controlled at the object level
- Object
- Everything within the Windows XP operating environment is an object
- Objects include files, folders, shares, printers, processes, etc.
|
10
|
- The Windows XP logon procedure provides security through the use of the
following:
- Mandatory logon
- Restricted user mode
- Physical logon
- User profiles
|
11
|
- The WinLogon process can be customized to display some or all of the
following characteristics:
- Retain or disable the last logon name entered
- Add a logon security warning
- Change the default shell
- Enable/Disable the WinLogon Shutdown button
- Enable automated logon
|
12
|
|
13
|
- By default, the logon window displays the name of the last user to log
on
- It is possible to change the default by altering the value of its
associated Registry key or Local Security Policy value
- Disabling the default username option presents a blank username field at
the logon prompt
|
14
|
- Depending on your organization’s security policy, you might be legally
obligated to add a warning message that appears before the logon prompt
is displayed
- Two Registry or Local Security Policy values are involved in this
effort:
- LegalNoticeCaption
- LegalNoticeText
|
15
|
- The default shell is Windows Explorer
- You can change the shell to a custom or third-party application
depending on the needs or security policy of your organization
|
16
|
- By default, the Windows XP logon window includes a Shutdown button
- However, in an environment in which users have access to the keyboard
and mouse on a Windows XP machine, this option has the potential for
unwanted system shutdowns
- Fortunately, this option can be disabled
|
17
|
- To set up an automated logon, the following Registry value entries must
be defined and set within the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
key:
- DefaultDomainName
- DefaultUserName
- DefaultPassword
- AutoAdminLogon
|
18
|
- Disables a user account if a predetermined number of failed logon
attempts occur within a specified time limit
- This feature is intended to prevent intrusion by unauthorized users
attempting to gain access by guessing a password or launching a
dictionary attack
- The default setting in Windows XP is to allow an unlimited number of
failed access attempts to a user account without locking out that
account
|
19
|
- A domain is a collection of computers with centrally managed security
and activities
- Domain security
- Control of user accounts, group memberships, and resource access for
all members of a network
- Domain controller
- Windows 2000 .NET Server system with the Active Directory support
services installed and configured
|
20
|
- Kerberos version 5
- An authentication encryption protocol employed by Windows XP to protect
logon credentials
- Network authentication
- Act of connecting to or accessing resources from some other member of
the domain network
|
21
|
- The communications that occur during network authentication are
protected by one of several methods, including:
- Kerberos v5
- Secure Socket Layer/Transport Layer Security (SSL/TLS)
- NTLM (NT LAN Manager) authentication for compatibility with Windows NT
4.0
|
22
|
- Kerberos version 5 authentication
- Windows XP uses Kerberos version 5 as the primary protocol for
authentication security
- Secure Socket Layer/Transport Layer
- Authentication scheme often used by Web-based applications and is
supported on Windows XP through IIS
- SSL functions by issuing an identity certificate to both the client and
server
|
23
|
- NTLM (NT LAN Manager) authentication
- Mechanism used by Windows NT 4.0
- Windows XP supports this authentication method solely for backward
compatibility with Windows NT Servers and Windows NT Workstation
clients
- NTLM is significantly less secure than Kerberos version 5
|
24
|
- Combination of controls that in Windows NT existed only in the Registry,
through system policies, or as Control Panel applet controls
- Sometimes the local computer policy is called a software policy or an
environmental policy or even a Windows XP policy
- No matter what name is actually used, the local computer policy is
simply the local system’s group policy
|
25
|
|
26
|
- There are three purposes for using the public key policies:
- To offer additional controls over the EFS
- To enable the issuing of certificates
- To allow you to establish trust in a certificate authority
|
27
|
- IP Security (IPSec)
- Security measure added to TCP/IP to protect communications between two
systems using that protocol
- Negotiates a secure encrypted communications link between a client and
server through public and private encryption key management
- Can be used over a RAS or WAN link (through L2TP) or within a LAN
|
28
|
- The controls available through the Administrative Templates folder
include:
- Controlling security and software updates for Internet Explorer
- Controlling access and use of the Task Scheduler and Windows Installer
- Controlling logon security features and operations
- Controlling disk quotas
|
29
|
- The controls available through the Administrative Templates folder
include (cont.):
- Managing how group policies are processed
- Managing system file protection
- Managing offline access of network resources
- Controlling printer use and function
|
30
|
- The items contained in the User Configuration’s Administrative Templates
section include:
- Internet Explorer configuration, interface, features, and function
controls
- Windows Explorer management (interface, available commands, features)
- MMC Management
- Task Scheduler and Windows Installer controls
|
31
|
- The items contained in the User Configuration’s Administrative Templates
section include (cont.):
- Start menu and Taskbar features management
- Desktop environment management
- Control Panel applet management
- Offline network access control
|
32
|
- The items contained in the User Configuration’s Administrative Templates
section include (cont.):
- Network connection management
- Logon and logoff script management
- Group Policy application
|
33
|
|
34
|
- The Policy tab on the Properties dialog box for each control offers
three settings:
- Not configured
- Enabled
- Disabled
|
35
|
- Auditing
- Security process that records the occurrence of specific operating
system events in a Security log
- Event Viewer
- Utility that maintains application, security, and system event logs on
your computer
|
36
|
|
37
|
|
38
|
- Allows you to encrypt data stored on NTFS drive
- When EFS is enabled on a file, folder, or drive, only the enabling user
can gain access to the encrypted object
- EFS uses a public and private key encryption method
|
39
|
- Connecting to the Internet requires that you accept some risk
- Most of the security features used to protect data within a LAN or even
on a standalone system can also be leveraged to protect against Internet
attacks
- As well, Microsoft has added the Internet Connection Firewall (ICF) to
Windows XP
|
40
|
- Windows XP has object-level access controls that provide the foundation
on which all resource access rest
- The Windows XP logon process strictly controls how users identify
themselves and log onto a Windows XP machine
- Likewise, WinLogon’s protected memory structures keep this all-important
gatekeeper function from being replaced by would-be system crackers
|
41
|
- WinLogon also supports a number of logon controls
- Key Local Computer Policy settings can be used to block unauthorized
break-in attempts
- The local computer policy controls many aspects of the security system
as well as enabling or restricting specific functions and features of
the operating system
|