Professional Documents
Culture Documents
Security
By,
Omkar Sravan Kasinadh
1.
2.
3.
4.
5.
6.
7.
8.
Agenda
Security Context & Security Principal
What is Access Token?
How to secure Accounts in Windows?
Rights and Permissions
How & where does Windows store
passwords?
Trade Off in Windows Security
Duties of a Developer!
Countermeasure (Auditing)
Security Context
Security Principal
Access Token
A token is a kernel object that caches part
of a user's security profile, including the
user SID, group SIDs, and privileges.
A token is created when ever a user
successfully logs on to the network. And a
copy of this token is assigned to every
process and thread that executes on the
users behalf.
A token consists of the following
components.
accountID, groupID, Rights, Owner,
Primary group, Source, Type,
Impersonation level, statistics, Restricted
Account Security
User accounts are core unit of Network security.
In Win Server 2003 & Win2000, domain accounts
are stored in Active Directory directories
databases, where as in local accounts, they are
stored in Security Accounts Manager database.
The passwords for the accounts are stored and
maintained by System Key.
Though the accounts are secured by default, we
can secure them even further.
Go to Administrative tools in control panel (only
when you are logged in as an admin) and click on
Local Security and Settings.
There you will find the Account policies.
It contains, password policies and account
lockout policies.
Password Policies:
Enforce password History: Enforces password history(024)
Maximum password age: Set max password age(0-999)
Minimum password age: Set min password age(0 to 999)
Minimum password length: set min password length(0 to
14)
Password must meet complexity requirements: forces
user to set complex alpha numeric passwords.
Storing password using reversible encryption for
users in
the domain: We enable this if we want the password to be
decrypted and compared to pain text using methods like
Challenge Handshake Authentication Protocol (CHAP) or
Shiva password Authentication Protocol (SPAP)
Trade Off
There is always a tradeoff between
countermeasures and convenience.
Security and ease of you are like two
corners of a long scale.
Securi
satisfaction
Ease of you
ty
Developers Duty
References
Microsoft security Resource Kit By,
Ben Smith and Brian Komar with
Microsoft Security tream
The .NET Developer's Guide to
Windows SecurityBy KeithBrown
http://www.windowsnetworking.com/nt/r
egistry/rtips320.shtml
http://www.windowsecurity.com/article
s/Group-Policy-Changes-Vista.html