discussion

harshloka

winsec3e_ppt_ch02.pptx

Home >Information Systems homework help >discussion

Security Strategies in Windows Platforms and Applications

Lesson 2

Security in the Microsoft Windows Operating System

www.jblearning.com

Cover image © Sharpshot/Dreamstime.com

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Learning Objective(s)

Describe information systems security and the inherent security features of the Microsoft Windows operating system.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Key Concepts

Basic Microsoft Windows operating system architecture

Windows systems and application vulnerabilities

Purpose of access controls, authentication, and permissions

Windows attack surfaces and mitigation

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Operating System Components and Architecture

Operating system

A collection of many programs working together, along with data, to provide access to physical resources

Goal of secure information

All required information is available to authorized users

No information is available to unauthorized users

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Operating System Components and Architecture

First step in planning how to secure operating system is to understand purpose of:

Kernel

Operating system components

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Operating System Kernel

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Kernel

Is part of the operating system that may reside partially in memory and provides the backbone of the operating system’s services

Classic definition of kernel states that the entire kernel resides in memory

Today’s operating system kernels are made up of both the main memory-resident components and external loadable modules

Loadable modules reduces the kernel’s memory footprint

Kernel provides access to physical resources and often runs other operating system programs to complete a task

Memory-resident kernel code directly handles access to the CPU, where efficiency is crucial.

Micro-kernel

Many current operating systems implement microkernel architecture

Implements minimal required functionality in the memory-resident portion of the operating system, such as memory management, interprocess communication, and process scheduling

Other necessary functionality supported by external programs

Main difference between internal and external programs is the privilege level at which each runs. A pure microkernel allows only memory-resident components to run at kernel, or maximum privilege, mode.

Windows Process Table Contents

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Kernel

The kernel includes areas of memory reserved for the operating system data structures.

One example of an operating system data structure is the process, or task table.

The process table contains one entry for each running process. Each operating system stores different process properties, but the basic information in the process table is consistent.

Processes generally run in either user mode or supervisor mode. You may also see supervisor mode referred to as kernel mode.

Processes run in supervisor mode can perform more tasks and access more restricted parts of the computer system.

One way for an attacker to access a protected resource is to modify the process table entry and change a user mode process to supervisor mode.

Operating System Components

Kernel provides core services of the operating system and calls external programs to provide many more operating system services

Operating system is the collection of programs that control access to the physical hardware

Information is stored and transmitted on physical hardware

Ensuring security of protected information starts with ensuring security of the operating system

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Operating System Components

Operating System Service	Description
Program/process management	OS manages locating, loading, and executing programs; handles memory allocation, CPU scheduling, and providing environment for programs
Input and output	OS hides details of physical hardware and provides programs with ability to process input and output
File system	OS provides access to long-term storage and helps to organize information to make it easily and efficiently accessible
Communication	OS provides support for exchanging information between programs locally and on other computers
Error detection and alerts	OS monitors activities that occur within computer responds when errors occur

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Basic Windows Operating System Architecture

Current versions of client and server Windows operating systems:

Are based on Windows NT code base

Are designed with modified microkernel architectures

Because of modular nature of Windows, major components can be removed, replaced, or enhanced without having to rewrite the entire operating system

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Run Modes

Windows architecture consists of two main layered components

Kernel (or supervisor) mode

User mode programs

Kernel mode and user mode programs:

Run in privileged mode, also called kernel or supervisor mode

Interact closely with physical hardware

User mode programs interact with both users and kernel mode programs

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Operating System Components

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Kernel Mode

Programs running in kernel mode have complete access to computer’s hardware and system services

Needed by the operating system and provides an attractive target for attackers

Windows kernel mode components:

Hardware Abstraction Layer (HAL)

Kernel mode drivers

Microkernel

Executive

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Hardware Abstraction Layer (HAL)

The HAL provides the actual access to physical hardware. All other kernel mode programs interact with hardware

through the HAL. This allows Microsoft to support multiple hardware platforms by just writing different HAL modules,

instead of rewriting all operating system programs.

Kernel mode drivers

Kernel mode drivers provide user programs and other kernel mode programs access to individual hardware devices,

through the HAL. These drivers provide the translation to allow other programs to access devices as file objects.

Microkernel

The microkernel is the memory-resident portion of the operating system that provides the core functionality of operating

system functionality, including CPU synchronization, process thread/interrupt scheduling, and exception handling.

Executive

The executive is at the “highest level” of the kernel mode programs. It provides services, such as managing objects,

I/O, security, and process management. User mode programs interact with the operating system via the executive.

User Mode

Nonkernel mode programs run under user mode

Includes application programs and the user mode layer of Windows

Windows user mode layer programs:

Handle user interaction and processing requests

Pass I/O requests to the necessary kernel mode drivers, using the executive

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Main User Mode Program Components

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Environment subsystem

Provides ability to run programs written for different operating systems, including previous Windows versions and Linux

Integral subsystem

Handles user mode functions on behalf of environment subsystem, including logon and access control, network access, and providing network services

Access Controls and Authentication

Access control

Process of providing and denying access

Multistep process, starting with identification and authentication

Regardless of methods used, operating system needs to identify user asking for access to a resource

Most often, user provides a username (or user ID)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Authentication Methods

Authentication system

Collects identification credentials, such as a username

Collects authentication credentials, such as a password

Finds stored information that corresponds to supplied credentials in user list, often in an authentication database

Compares stored credentials with supplied credentials; if they match, user is authenticated

Strongest authentication: Two-factor authentication and multifactor authentication

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Authentication Types

Type I–What you know

Examples: Passwords and personal identification number (PINs)

Type II–What you have

Examples: Token, smart card

Type III–What you are

Examples: Fingerprint, hand print, or retina characteristic

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Access Control Methods

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Access Control Methods

Mandatory access control (MAC)

Role-based access control (RBAC)

Discretionary access control (DAC)

Tokens, Rights, and Permissions

Each local user and group in Windows has a unique security identifier (SID)

When Windows user logs on, operating system:

Fetches user’s SID, and SIDs for groups to which user is assigned

Looks up local rights for computer

All SIDs and local rights are written to an ID object called Security Access Token (SAT)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Computer Management Tool

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

In a Windows environment, each local system defines local users and groups during the installation process. You can add more local users and groups at any time using the Computer Management tool.

The Local Users and Groups section of the Computer Management tool allows you to add, remove, and manage local users and groups. This tool is most commonly used to create new users and groups, and to associate users with groups.

Access Rules, Rights, and Permissions

User rights

Actions a user is permitted to carry out

Permissions

Define what user can do to a specific object, such a read or delete

Access control list (ACL)

Stores access rules, or permissions, for resources (objects)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Each object has an associated ACL and can be used to allow or deny access to the object by user or group.

Users, Groups, and Active Directory

Computing environments becoming more diverse and geographically separated, but still integrated using networks

Windows environments becoming more dependent on internally and externally shared resources

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Workgroups

Peer-to-peer networks that allow Windows computers to share resources

Users and groups must be defined on each computer

Every change to security permissions must be applied to every computer

Administration of workgroups with more than a half dozen computers becomes difficult

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Active Directory

Allows users and groups to be defined at a central location and shared among multiple computers

Can define limits of how many computers share users and groups by defining domains

Domain

A group of computers that can be grouped together for some purpose

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Active Directory (Cont.)

Ability to define identity and authorization permission that can be shared among multiple computers within one or more domains

Reduces redundant administrative effort

Requires additional administration time and resources than workgroups

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows Attack Surfaces and Mitigation

Operating system services expose part of computer to external access; risk involved

Vulnerabilities

Weaknesses that can allow unauthorized access if successfully exploited

Attack surface

Total collection of vulnerabilities that could provide unauthorized access to computer resources

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Multilayered Defense

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Mitigation

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Remove vulnerabilities

Stop attacks from exploiting vulnerabilities

Fundamentals of Windows Security Monitoring and Maintenance

Points in a system’s life cycle that serve as milestones for security management:

Install the operating system or application software

Monitor the operation of the computer system

Make any configuration changes to the computer system

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Security Monitoring and Identifying Vulnerabilities

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Security Monitoring

Define security goals

Describe secure behavior as a baseline

Sample performance information and compare with the baseline

Report anomalies

Vulnerabilities

Identify vulnerabilities

Make a plan to address each vulnerability

Summary

Basic Microsoft Windows operating system architecture

Windows systems and application vulnerabilities

Purpose of access controls, authentication, and permissions

Windows attack surfaces and mitigation

Page ‹#›

Security Strategies in Windows Platforms and Applications