910 likes | 1.11k Views
Windows. Introduction. Old black-and-white “Western” movie Gunslinger wants to quit fighting Some new young upstart wants to fight So the old guy fights one more time… “Target-ability” Depends on popularity and reputation Windows is most hackers favorite target . Introduction.
E N D
Windows Windows 1
Introduction • Old black-and-white “Western” movie • Gunslinger wants to quit fighting • Some new young upstart wants to fight • So the old guy fights one more time… • “Target-ability” • Depends on popularity and reputation • Windows is most hackers favorite target Windows 2
Introduction • Windows is the most popular OS • May 2005: 390M Windows machines • Over half of those running XP • Windows is the obvious target • From attacker’s point of view • Attacker’s “cost-benefit” analysis • Attacker wants most “bang for the buck” Windows 3
This Chapter • Brief history of Windows • Consider core NT security features • Consider security in Windows 2000+ • That is, Windows 2000, XP, Server 2003 • Book does not cover Vista Windows 4
History • History began in April 1993… • Release of Windows NT • NT == “New Technology”/“No Technology” • Before NT • Microsoft Windows 3.0, 95, 98, Me • No authentication, program isolation, logging, etc. • “No security” prior to NT Windows 5
Modern Windows OSs • NT, Windows 2000, XP, Server 2003 • And Vista, but not covered in book • Windows NT • Based on technology developed at DEC for their VMS operating system • 1988: Microsoft hired David N. Cutler • He came from DEC, with 20+ others Windows 6
Windows NT • Originally, Cutler was to build successor to OS/2, called OS/2 NT • Microsoft/IBM collaboration • With success of Windows 3.0 in 1990 • Microsoft changed its mind • Windows NT to be their UNIX-beater Windows 7
Backwards Compatibility • What is backward compatibility? • New-and-improved works with bad/old versions • NT tried to be backwards compatible • Users complain if not backwards compatible • But, creates many security compromises • Continues to plague Windows (& others) today • Damned if you do, damned if you don’t… Windows 8
Windows History • After introduction of NT… • Incremental changes: NT 3.1, 3.5, 3.51, 4.0 • Major overhaul: Windows 2000 • In essence, Windows NT 5.0 • Windows XP (“eXPerience”) • Released in October 2001 • Refers to itself as “Windows 2002” • Windows Server 2003 Windows 9
Windows History • 1993 to 2001, dual Windows lines • Home users: Windows 3.0/3.1/95/98/Me • Professional: NT 3.1/3.5/3.51/4.0/2000 • Windows XP • Evolved from NT (“professional”) line • For home and professional users • Ended the dual Windows approach Windows 10
BAD Old Days • Before Active Directory (BAD)… • Windows 2000: Active Directory • Major shift in security • Active Directory: all-in-one service for locating stuff • Find printer in next cubicle • Change pwd policy on machines in branch office Windows 11
Active Directory • Active Directory • “Native mode” --- all Windows 2000+ environment • “Mixed mode” --- some pre-2k machines • Which is more common? • Backwards compatibility… • Necessary to understand what came before Active Directory • More on Active Directory later Windows 12
BAD Basics • Before Active Directory… • Domains (currently deprecated) • Networked Windows computers that share an authentication database • Single sign-on for domain • Must have a “domain controller” • For authentication to the domain • Usually more than one controller Windows 13
BAD Basics • Primary Domain Controller (PDC) • First server in domain • Updates authentication info in Security Accounts Manager (SAM) database • Backup Domain Controller (BDC) • Can access SAM, but not update • Admin can temporarily “promote” BDC • Active Directory: all controllers authoritative • More robust, but possibly less secure Windows 14
BAD Basics • Domain sets critical parameters • Min pwd length • Pwd expiration policy • Restrictions on users, etc. • Workgroup --- like domain but worse • No control mechanisms Windows 15
Shares • Share • Connection to network devices • Used with domains and Active Directory • Similar to NFS mounts in UNIX • Windows Explorer: My Network Places • Convenient transparent way for users to “reach across the network” Windows 16
Windows Architecture • NT architecture based on layers • Layers important to security • Each layer restricts layer above • “Security issues are nearly always a result of some sort of compromise of this layering.” • Two “modes”: user mode, kernel mode Windows 17
Windows Architecture Windows 18
User Mode • Part of OS that users interacts with • User mode is “go between” • Between user and kernel • Strict communication rules… • …Application Program Interfaces (APIs) • User mode: 2 types of services • Integral subsystem: native to Windows • Environment services: support for other OSs Windows 19
User Mode • Integral subsystem • Provide APIs used by Win32 apps • For OS functions such as files, windows, process mgmt, virtual memory, I/O, etc. • DLLs translate (documented) API calls into (undocumented) calls into kernel • User mode Kernel Executive subsystem Windows 20
LSASS • Local Security Authority Subsystem Service • User mode subsystem • Determines if login is valid • Sends login data to SAM database • For each account, SAM has 2 entries • NT pwd hash, LM/LanMan pwd hash --- Why??? • Backwards compatibility, of course! Windows 21
Windows Passwords • NT hash used in NT and beyond • LM hash used in Windows 95 & 98 • SAM entries not stored in ASCII • Different from UNIX • Pwdump3 converts to readable form • How are pwd hashes derived? Windows 22
Windows Passwords • LM pwd hashes • Assume pwd is 14 characters or less • Pad password to 14 characters • Split into two 7-char strings • Convert to lower-case • Hash each half independently • Use DES block cipher (string is the key) • No salt is used Windows 23
Windows Passwords • NT password hash • Hash entire pwd using MD4, no salt used • Note: MD4 not a strong hash • Which is better, NT or LM? • Spse 64 choices/character, 14 char pwd • NT: try 283, LM: try 242 • LM is 2,000,000,000,000+ times easier • LM is even worse than that… Windows 24
Windows Password • By default, both LM and NT hashes • What will attacker do? • Attack LM pwd, of course • May need to convert to upper case • Still much easier than NT pwd • Both types unsalted (dictionary attacks) • Disable LM if possible Windows 25
Kernel Mode • Fundamental OS issues • Memory mgmt, deal with hardware, etc. • More secure than user mode • Security Reference Monitor • Part of Executive subsystem • Checks attempts to access kernel mode • Checks attempts to access files, etc. • Checks permissions, gather audit data, etc. Windows 26
Kernel Mode • Object Manager • Manages info about files, directories, etc. • Objects get Object Identifier (OID) • OIDs used by Object Manager • Object Manager aware of some inheritance relationships (e.g., subfolders) Windows 27
Kernel Mode • Hardware Abstraction Layer (HAL) • Deals with hardware in a high-level way • Low level details left to device drivers • Makes life easier for Windows… • …but not for hardware manufacturers • Bad drivers can cause serious problems like crashing the whole system • Windows used to support multiple processors Windows 28
Service Packs and Updates • When bugs and problems are found… • Patches come in 2 flavors • Hotfixes/patches --- specific issue • Service packs --- major bundle of fixes, once per 6 months to year • Automatically (Windows Update service) • Fixes to OS and to other MS products • Patching is a big deal for companies Windows 29
Accounts • Default accounts: Administrator, Guest • Administrator account • Administrator has highest privilege • Administrator acct cannot be locked or deleted • Can only be disabled if another admin exists • If one Admin acct, unlimited pwd guessing • Good idea to have more than one Admin acct Windows 30
Accounts • Guest account • Anyone can log on to guest acct • Limited in what it can do, but still… • Guest is generally a bad idea • Disabled by default on modern Windows Windows 31
Accounts • User accts, application accts, etc. • How to secure accounts? • Give all admin accts “neutral” names • Change acct description(s) too • Create decoy acct named “Administrator” • Disable Guest, give it a strong pwd • “Belt and suspenders principle” • Security by obscurity? Is it worth it? Windows 32
Groups • Used to control access/privilege • Why not users accounts? • Easier to manage (fewer) groups instead of (many) users • Before Active Directory (Win 2K) • Two types of groups • Global groups, local groups Windows 33
Groups • Local groups give access to resources • Global groups cannot grant access • Typically, users included in global groups • Global groups then included in local groups • Access given to those in local group (including those in included global groups) • Global groups cannot be included in global groups • Local groups cannot be included in local groups Windows 34
Groups • Huh? • For example, suppose a new hire • Include user in global groups • Then automatically included in appropriate local groups • Otherwise, have to make config changes to individual local machines Windows 35
Default Groups • Local: Administrators, Account Operators, Power Users, Server Operators, Backup Operators, Print Operators, Replicator, Users, Guests • Global: Domain Administrators, Domain Users Windows 36
Special Groups • Special since cannot add or delete users • But can change group rights/privileges • Special groups are local groups • EVERYONE --- for about anything • SYSTEM --- “holy grail” • Nothing has higher privilege • Not a login ID • Some processes run with SYSTEM privilege • Compromise one of these and you “own” system Windows 37
Special Groups • Other special groups • INTERACTIVE --- currently logged in locally • NETWORK --- currently logged in non-locally • CREATOR OWNER --- owner of a given object (confusing name…) • These are not as special as SYSTEM… Windows 38
Privilege • Privilege --- capacity to access and manipulate things • Rights --- things users can do; can be added/modified (accts and groups) • Abilities --- built-in capabilities • Administrator --- highest privilege • Operator groups --- like bits and pieces of admin • Power user --- next highest • Then users followed by guest Windows 39
Privilege Control • “…advanced rights control internal functions within Windows system” • Example: “Act as Part of Operating System” • Gives right to reach into kernel mode • Attacker has got to love this… • Principle of least privilege • Give least privilege needed to do job • “Putting this into practice is one of the most fundamental steps to making Windows (or any operating system, for that matter) more secure.” Windows 40
User Rights Assignments Windows 41
Policies • Admin can create “policies” • Can affect local machine • Or entire domain • Account Policy --- most basic policy • Applies to all accounts in a domain • Max pwd age, pwd history, lockout, etc. • See next 2 slides… Windows 42
Account Policies: Passwords Windows 43
Account Policies: Lockout Windows 44
User Properties Settings • User Properties • Technically, not Policies, but serve similar purpose • Like Policies, but set for individual accts • E.g., User Must Change Password at Next Login, User Cannot Change Password, etc. Windows 45
User Property Settings Windows 46
Trust • Extends “login” across domains • Like single sign-on to trusting domains • One (or more) global group in trusted domain must be included in one (or more) local groups in trusting domain • Can limit access via local group(s) Windows 47
Windows Trust Models • No trust --- most secure, most inconvenient • Complete trust --- every domain trusts every other domain • Master domain --- user accounts in central account domain • Gives central control for mapping users to resources (via groups) • Multiple master domains --- like a distributed master domain Windows 48
Windows Trust • Based on password authentication • Better than UNIX r-commands • Btw, what is authentication based on in UNIX r-commands? • Active Directory uses Kerberos (Windows 2000+) Windows 49
Auditing • Can only audit what you log • Types of logging/audit • System • Security (or just “auditing”) --- logons, logoffs, file access, use of rights, etc. • Application Windows 50