1 / 21

Windows Security

Windows Security. -- Archana Galipalli. Agenda. Windows Security Windows Security and CLR Implementing Windows Security for IIS Configuring Security settings DEMO- By pass traverse checking Token, Principal and Identity objects DEMO- Accessing Token DEMO- User Roles

nami
Download Presentation

Windows Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Windows Security -- Archana Galipalli

  2. Agenda • Windows Security • Windows Security and CLR • Implementing Windows Security for IIS • Configuring Security settings • DEMO- By pass traverse checking • Token, Principal and Identity objects • DEMO- Accessing Token • DEMO- User Roles • Runtime security through windows

  3. Why windows security? • To make application more secure • Configuring the system level settings along with application level settings

  4. Vulnerability Trends Decreasing – Leveling out Application Vertical OS Increasing Network Physical Horizontal

  5. Windows security and CLR .NET CLR .NET Configuration Authorization .NET Application Authentication Administrator User Windows Protected resources Logon authentication Security Monitor MMC Snap-ins Database of accounts Security Policy

  6. Implementing Windows Security • Minimize services • Define the user account for anonymous access • Secure the file system • Apply specific registry settings

  7. Securing file system NTFS wwwRoot Executables Scripts Include Static Images

  8. Specific registry settings SynAttackProtect register value to HKLM\System\Currentcontrolset\Services\Tcpip\Parameters\SynAttackProtect • TCPMaxPortsExhausted • TCPMaxHalfOpen • TCPMaxHalfOpenedRetired

  9. Configuring Security settings • Configuring account policies • Password policy • Account lock out policy • Configuring Local Policies • Audit policy • User Rights Assignment • Security Options

  10. Walkthrough to configure the Account policies and Local policies….

  11. DirA DirB DirC File.txt By pass traverse checkingWill it work?  User A has no rights to access folder A User A User A has full access to file file.txt

  12. Here goes the answer!

  13. By pass traverse checking • Is user checked for permissions???

  14. Token • Token unifies data about identity: • User’s SID • Group SID • Privileges • Every process has own token representing principal • First process are running on behalf of the SYSTEM account when computer is started • When user logs on then shell is running in user mode under specific principal • WinLogon.exe (SYSTEM) starts user’s shell with CreateProcessAsUser method => then user’s token is propagated to other processes

  15. What are Principal and Identity objects? • WindowsIdentity: This object encapsulates the Windows login user name and the type of protocol adopted for authentication by Windows • GenericIdentity: also stores information about a user, but is used when an application needs to implement custom logon. • GenericPrincipal: This object encapsulates the identity object and the role • WindowsPrincipal: also stores identity and the Windows group membership of the user.

  16. User Roles • Acquiring User’s name. • Displaying all the roles in which user is a member.

  17. Accessing token • Is token in WindowsIdentity? • Acquiring token from running process • User’s name and SID from GetTokenInformation

  18. Runtime security through windows • Increase Assembly Trust • Adjust Zone Security • Evaluate Assembly • Create Deployment Package • Reset All Policy Levels

  19. Walkthrough to configure the runtime security policies….

  20. References • Windows Security 2nd Edition by Ben Smith and Brain Komar. • http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToGetATokenForAUser.html • http://www.skilldrive.com/WindowsSecIntEngOut.zip

  21. Questions?

More Related