DOCSLIB.ORG

EITA25 Computer Security (Datasäkerhet) Windows Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EITA25 Computer Security (Datasäkerhet) Windows Security 2020-01-30 Windows Security • Windows XP evolved from Windows 2000 (Datasäkerhet) EITA25 Computer Security • Windows 10, 8, 7 and Vista evolved from XP Windows Security • Similar security solution PAUL STANKOVSKI WAGNER, EIT, 2020-01-30 – Things have been added, but ideas are the same • Standalone computers administered locally Rich support for • Domains used for centralized administration managing security – Domain controller (DC) has information about users » Acts as a trusted third party Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 2 Design Motivation Networked Computers, Domains and Workgroups • Security was designed to meet requirements for C2 rating in Orange Book Workgroup – Secure logon – users must be uniquely identified • All accounts are local – Discretionary access control – Owner determines access • Resources can be shared but are managed locally • Peer-to-peer – Auditing – Record security related events in a logfile • No computer in charge – Object reuse protection – Initialize all objects before giving access to users • Typically at most 20 computers – Trusted path – Functionality to detect spoofing attacks at authentication time (called SAS in Windows) – Trusted facility management – Separate accounts for users and administrators Domain Active Directory Domain Controller • Windows NT 3.5 SP3 was the first Windows version to earn C2 rating (1995) • Both local and domain accounts – Windows NT 4 SP6a earned C2 rating in 1999 • Login to domain account from any computer • Centralized administration • Can be thousands of computers Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 3 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 4 1 2020-01-30 Windows Logon (somewhat simplified) Security Accounts Manager (SAM) • Winlogon.exe handles logon and responds to the Secure Attention Sequence (SAS) • Stores user account information – CTRL+ALT+DEL – Username • Winlogon uses libraries that authenticate the user – Full name – Can be libraries for passwords, smartcards, biometric data, etc. – Expiration date • Local Security Authority (LSA) creates an access token – Password dates (date of last change, expiry, when it can be changed next time, if – LSA is responsible for the local security policy (who can log in, password policies, privileges, what should be audited, etc.) it can be changed) – Logon hours and workstations (thrown out a certain time or continue) • Password hashes are stored in SAM Client Server – Security Accounts Manager Winlogon LSA AD – Profile path and logon script name NTLM NTLM/Kerberos – Home directory Library SAM – Groups Local logon • Locked while machine is running Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 5 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 6 Local Accounts vs. Domain Accounts NTLM Hash and Protocol Can you find problems here? • Local accounts • Challenge response • Server sends 8 byte random challenge – NTLM used as authentication protocol • Response calculated as: – MD4(password) gives 16 byte result (NTLM hash stored in SAM database) • Domain accounts – Pad with 5 zero bytes → 21 bytes – Kerberos V5 used as authentication protocol – Split into 3 DES keys and encrypt challenge with each key NTLM hash – 24 byte response »Mutual authentication password MD4 920a3bdfe12e5fa537d7e8b8c6a064fe »This will be covered in detail later in the course 920a3bdfe12e5f DES – NTLM used in some cases challenge a5ef3810bf7aced4 a537d7e8b8c6a0 DES 910af3418cd8e9af response »Unilateral authentication challenge 64fe0000000000 DES challenge 72ad34ev019baf2d Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 7 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 8 2 2020-01-30 NTLM Hash, Problems LM Hash Can you find problems here? • Problem 1: MD4 is a very fast hash function • If wanted, both NTLM and LM response are used – This was default before Windows Vista • LM hash calculated as • Problem 2: No salt is used so time-memory tradeoff attacks (rainbow – Convert password to uppercase and pad to 14 bytes tables) can be used – Split into two parts of 7 byte each → two DES keys – Encrypt ”KGS!@#$%” with the two keys to get 16 bytes LM hash stored in the SAM database • LM response calculated same way as NTLM response 53454352455457 DES KGS!@#$% 82745f14a56579af SecreTWoRd SECRETWORD LM hash 4f524400000000 DES fe52438160a64e6c KGS!@#$% Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 9 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 10 LM Hash, Problems Access Control • Problem 1: DES is a fast block cipher • Security Reference Monitor (SRM) responsible for access control • Three parameters are considered • Problem 2: No salt here either… – Identity of subject (SID) – Type of access – Object security settings (Security Descriptor) • Problem 3: Passwords up to 14 characters are never better than passwords of 7 characters SID Access type Yes/No SRM • Problem 4: No lowercase characters in the effective character set Security Descriptor Generate Audit Message Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 11 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 12 3 2020-01-30 SID Known SIDs • SID = Security Identifier • Generic groups and users • Unique for each user or group • S-1-1-0 Everyone, a group that includes all users • Format: • S-1-5-20 Network Service S-R-I-SA-SA-SA-N • S-1-5-18 SYSTEM, local operating system • S: The letter S (just means that the string is a SID) • S-1-5-SA-SA-SA-500 Administrator • R: revision number (1) • S-1-5-SA-SA-SA-501 Guest account (no password required) • I: Identifier authority (5 for user accounts) • S-1-5-SA-SA-SA-512 Domain Admins (global group) • SA: subauthority (specifies domain or computer) – Can be up to 14 groups, but 3 is typical • N: relative identifier, incremented for each new principal Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 13 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 14 Access Token Privileges • After successful authentication LSA builds an access token • The right to perform system related operations • Processes which run as the user has a copy of the token – Shutting down – Change system time • When a process interacts with a securable object, token determines authorization level – Backup files – Generate audit • Applies only to local computer. A user can have different privileges on different machines in a domain. • Privileges can be assigned to both users and groups • Access token is checked when user tries to perform privileged operation • Differs from access rights – Access to resources and tasks, not objects – Stored with subject – Admin assigns privileges e.g., restricting SIDs • Stored in access token produced at logon Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 15 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 16 4 2020-01-30 Two Kinds of Access Tokens Objects • Token is either a • All resources are objects – primary access token or an – Files, folders, printers, registry keys, processes, threads, access tokens, etc.. – impersonation access token • Containers can hold other objects, e.g., folders • Primary access token – access token of the user account associated with the process. • Non-containers can not hold other objects, e.g., files – Every process has this • Impersonation access token – allows a thread to execute in a different security context than • Securable object – Any object that can be shared the process owner. primary primary • All securable objects can have a security descriptor – A thread may additionally have an impersonation access token Token Token – But it is not necessary • Example: File server runs with high privileges and can access any files Object – Threads handle concurrent user requests Service – Thread gets token of user → access based on user’s token • Ability to create access token is a privilege impersonation Token Security Descriptor – SeImpersonatePrivilege Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 17 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 18 Security Descriptor DACL • Contains security information associated with an object • Identifies who is allowed or denied access to an object Owner SID Object • If an object has no DACL, everyone has full control Primary group SID • SID for the owner • An empty DACL results in everyone is denied access DACL • A SID can be allowed or denied access. SACL • SID for the primary group Security Descriptor • All ”deny” entries are stored in the beginning of the DACL Security descriptor Owner SID • Contains a list of access control entries (ACEs) • DACL (Discretionary Access Control List) specifying access rights Primary group SID User SID: Alice ACE 1 Deny: write • SACL (System Access Control List) DACL User SID: Alice specifying types of events that should ACE 2 Allow: read, write generate audit records SACL Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 19 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 20 5 2020-01-30 Searching the DACL Example: Accessing Object • Rule: • Two processes (subjects) wants read access to an object – Go through list of ACEs until all access requests are allowed or any request is denied Process 1 Object – Otherwise deny access • Consequences Access Token Security Descriptor User SID: Alice – Deny has higher precedence than allow Group SIDs: G1, G2 Owner SID: Charlie Privileges: Access allowed – If user SID has read only access and user is member of group which SID has read + Other info: Primary Group SID: G3 write, then
Load more

Recommended publications
  • Local Security and Permissions
    Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | [email protected] | www.sevecek.com | LOCAL SECURITY AND PERMISSIONS Outline . Generic Terminology . NTFS Permissions . Registry Permissions . LDAP Permissions . File Sharing . Disk Quotas . Windows Management Instrumentation . Other Permission Settings . Windows Firewall . Service Accounts and Impersonation . Physical Security . BitLocker . Dynamic Access Control Advanced Windows Security GENERIC TERMINOLOGY Security Descriptor . Objects are protected with permissions files, folders, registry keys, LDAP objects, printers, windows, desktops, ... ACE – Access Control Entry one item in the permissions list Deny, Allow . ACL – Access Control List permission list . SACL – System Access Control List auditing ACL . Owner Object Owner . Members of Administrators group owner is Administrators group instead of the user . Can always change permissions even if explicitly denied . Take Ownership user right that allows taking ownership . CREATOR OWNER identity used as a placeholder to express the current owner of the file ACL Processing vs. ACE Order . ACEs are ordered Note: it is contrary to a common statement that Deny ACEs are always stronger the correct order must be maintained by applications when they modify ACL . ACEs are evaluated in the order present like with firewall rules Lab: Investigate Incorrect ACE Order . Log on to GPS-WKS as Kamil . Start REGEDIT . Right-click on SYSTEM/CurrentControlSet/Services/{anyGUID}/ Parametes/Tcpip and select Permissions . Note the text: The permissions on the object are incorrectly ordered, which may cause some entries to be ineffective . Click Cancel to see the incorrect order, click Advanced note that the Full Control permissions are lower than expected Auditing . Object Access auditing category general switch to turn auditing on/off .
    [Show full text]
  • A Survey of Access Control Policies
    A Survey of Access Control Policies Amanda Crowell University of Maryland [email protected] ABSTRACT nisms to the standard checks. Modern operating systems each have different implementa- tions of access controls and use different policies for deter- The Common Weakness Enumeration (CWE) describes sev- mining the access that subjects may have on objects. This eral mistakes that application developers have made in re- paper reviews the three main types of access control policies: gard to access control. Often, developers do not give the discretionary, mandatory, and role-based. It then describes application objects the appropriate rights to begin with (i.e. how Windows and various Unix systems implement their they specify more rights than are necessary) and do not chosen access control policies. Finally, it discusses some modify rights throughout the application's lifetime. Since common mistakes that application programmers make when spawned processes typically take on the rights of the spawn- enforcing access control in their applications and gives some ing process, rights might be passed on to the spawned pro- general guidance to reduce the occurrence of mistakes. cess that were unintentional. In response to these mistakes, some researchers have developed guidelines for using access 1. INTRODUCTION controls appropriately. These include: (a) understanding Modern operating systems use different mechanisms for pro- what information is available to the system and how it can viding access control. These mechanisms are designed to be used to make decisions, (b) determining exactly which meet security policies that vary in the way access decisions rights are absolutely necessary and only allow those and are made.
    [Show full text]
  • [MS-DTYP-Diff]: Windows Data Types
    [MS-DTYP-Diff]: Windows Data Types Intellectual Property Rights Notice for Open Specifications Documentation ▪ Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions. ▪ Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation. ▪ No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. ▪ Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise or the Microsoft Community Promise. If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]
  • Technische Universität Hamburg-Harburg
    Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314/ Chapter 8: 1 Chapter 8: Windows Security Chapter 8: 2 Objectives . This is not a Windows security crash course. Windows security discussed to show how general security principles work in practice. Understanding the principles will help you to master practical details, should you need to. Details of Windows security keep changing as the product develops; principles are more stable. Many features exits to help administration of large systems; this lecture does not teach administration. Chapter 8: 3 Agenda . Windows architecture . Principals & Domains . Subjects & Objects of access control . Privileges & Permissions (access rights) . Access control rules . Least privilege: restricted contexts, UAC Chapter 8: 4 Windows architecture Win32 Security Plug & Play Application Subsystem Manager Win32 Active Subsystem Directory user mode kernel mode executive services Security Plug & I/O IPC Memory Process Power Window Reference Play Manager Manager Manager Manager Manager Manager Monitor Manager Object Manager Graphic File Device Systems Device Drivers Microkernel Drivers Hardware Abstraction Layer (HAL) Chapter 8: 5 Windows Architecture . Two modes: user mode & kernel mode . Security components in kernel mode: Security Reference Monitor . Security components in user mode: Log-on process (WinLogon) Local Security Authority (LSA): deals with user logon and audit logs Security Accounts Manager (SAM): accounts database, including e.g. passwords (encrypted) . Device drivers (often third party products) run in kernel mode. Chapter 8: 6 Registry . Registry: central Windows configuration database. Entries in the registry are called keys. Registry hive: group of keys, subkeys, and values in the registry. HKEY_CLASSES_ROOT: holds file extension associations; e.g., to specify that .doc files are handled by Word.
    [Show full text]
  • Access Control: Principles and Solutions
    SOFTWARE—PRACTICE AND EXPERIENCE Softw. Pract. Exper. 2003; 33:397–421 (DOI: 10.1002/spe.513) Access control: principles and solutions Sabrina De Capitani di Vimercati1, Stefano Paraboschi2 and Pierangela Samarati1,∗,† 1Dipartimento di Tecnologie dell’Informazione, Universit`a di Milano, Via Bramante 65, 26013 Crema, Italy 2Dipartimento di Ingegneria, Universit`a di Bergamo, Via Marconi 5, 24044 Dalmine, Italy SUMMARY Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The variety and complexity of the protection requirements that may need to be imposed makes access control a far from trivial process. Expressiveness and flexibility are top requisites for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and illustrate the main characteristics of access control solutions in some of the most popular existing systems. Copyright c 2003 John Wiley & Sons, Ltd. KEY WORDS: access control; security principles; operating systems; DBMS; Internet-based solutions 1. INTRODUCTION An important requirement of any system is to protect its data and resources against unauthorized disclosure (secrecy or confidentiality) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denial-of-service or availability)[1]. The problem of ensuring protection has existed
    [Show full text]
  • Windows Security Template Settings Ted Mac Daibhidh, Cd
    Working Aide - Windows Security Template Settings Final - 06 March 2008 Ted Mac Daibhidh, CD WORKING AIDE - WINDOWS SECURITY TEMPLATE SETTINGS TED MAC DAIBHIDH, CD Page 0 Working Aide - Windows Security Template Settings Final - 06 March 2008 Ted Mac Daibhidh, CD Table of Contents 1 INTRODUCTION ...................................................................................................................3 2 WINDOWS SECURITY TEMPLATES ...............................................................................4 3 SECURITY SETTINGS .........................................................................................................5 3.1 PASSWORD .........................................................................................................................4 3.2 ACCOUNT LOCKOUT...........................................................................................................5 3.3 KERBEROS POLICY .............................................................................................................6 3.4 AUDIT POLICY ....................................................................................................................7 3.5 USER RIGHTS ASSIGNMENTS ..............................................................................................8 3.6 SECURITY OPTIONS ..........................................................................................................14 3.7 EVENT LOG SIZE ..............................................................................................................27
    [Show full text]
  • Permissions for a Wider World
    Permissions for a Wider World David Disseldorp SUSE LINUX GmbH What is Access Control? •Dictate who can access an object • Object = file, directory, device etc. • Who = user, group •The restrictions placed on access • Allow read and execute, deny write etc. •These components can be combined to form an Access Control Entry (ACE) • ACEs are bundled together to form an Access Control List (ACL) © June 8, 2011 Novell Inc. 2 What is Access Control? 3 Problem Statement Across Operating Systems and protocol implementations, definition of access control rules and how such rules are enforced varies greatly. In particular there is a vast difference between Windows and traditional Unix methods. This talk aims to: •Provide an overview of existing UNIX permissions models •Outline Windows security descriptors •Discuss existing permissions mapping schemes implemented in Samba •Introduce Rich ACLs - a new permissions model for Linux © June 8, 2011 Novell Inc. 4 Traditional UNIX Permissions The POSIX specification defines a file mode: •Files have an owner (UID), and an owning group (GID) •Requests classed into owner, owning group or other •Grant who is allowed to read, write or execute a file •Create/delete permission governed by parent directory • Write permission required on parent directory • Sticky bit for non-owner deletion restrictions (/tmp) •Creates require a corresponding mode for the new object © June 8, 2011 Novell Inc. 5 POSIX Draft ACLs •POSIX 1003.1e / 1003.2c draft 17 •Extends the owner/group/other scope of the mode • ACEs can refer to a specific UID or GID • Same read/write/execute restrictions •Default ACLs can be defined for basic create time inheritance •Implemented in many modern file systems • Supported by XFS, EXT3, EXT4 and btrfs © June 8, 2011 Novell Inc.
    [Show full text]
  • Access Control Lists on Dell EMC Powerscale Onefs
    Access Control Lists on Dell EMC PowerScale OneFS Abstract This document introduces access control lists (ACLs) on the Dell EMC™ PowerScale™ OneFS™ operating system, and shows how OneFS works internally with various ACLs to provide seamless, multi-protocol access. This document covers OneFS versions 8.0.x and later. June 2020 Dell EMC Technical White Paper Revisions Revisions Date Description September 2018 Initial release September 2019 Updated for OneFS 8.2.1. The canonical ACL translation behavior is disabled for NFSv4 in OneFS 8.2.1 and later. June 2020 PowerScale rebranding Acknowledgements This paper was produced by the following members of the Dell EMC: Author: Lieven Lin ([email protected]) Dell EMC and the author of this document welcome your feedback along with any recommendations for improving this document. The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. © 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Dell believes the information in this document is accurate as of its publication date. The information is subject to change without notice. 2 Access Control Lists on Dell EMC PowerScale OneFS Table of contents Table of contents Revisions............................................................................................................................................................................. 2 Acknowledgements ............................................................................................................................................................
    [Show full text]
  • Security Target
    Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 version 1909 (November 2019 Update) Microsoft Windows Server version 1909 (November 2019 Update) Security Target Document Information Version Number 0.04 Updated On January 16, 2020 Microsoft © 2020 Page 1 of 164 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 June 27, 2019 Initial draft 0.02 October 31, 2019 Updates from security target evaluation 0.03 January 16, 2020 Final version for certification bod 0.04 January 16, 2020 Version for publication Microsoft © 2020 Page 2 of 164 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
    [Show full text]
  • Windows Server ® Administration Fundamentals, Exam 98-365 Credits
    Microsoft® Official Academic Course Windows Server ® Administration Fundamentals, Exam 98-365 Credits EDITOR Bryan Gambrel DIRECTOR OF SALES Mitchell Beaton DIRECTOR OF MARKETING Chris Ruel MICROSOFT SENIOR PRODUCT MANAGER Merrick Van Dongen of Microsoft Learning EDITORIAL PROGRAM ASSISTANT Jennifer Lartz CONTENT MANAGER Micheline Frederick SENIOR PRODUCTION EDITOR Kerry Weinstein CREATIVE DIRECTOR Harry Nolan COVER DESIGNER Jim O’Shea TECHNOLOGY AND MEDIA Tom Kulesa/Wendy Ashenberg Cover photo: Credit: © Aimin Tang/iStockphoto This book was set in Garamond by Aptara, Inc. and printed and bound by Bind Rite Graphics. The cover was printed by Phoenix Color. Copyright © 2011 by John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions. Microsoft, ActiveX, Excel, InfoPath, Microsoft Press, MSDN, OneNote, Outlook, PivotChart, PivotTable, PowerPoint, SharePoint, SQL Server, Visio, Visual Basic, Visual C#, Visual Studio, Windows, Windows 7, Windows Mobile, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/ or other countries.
    [Show full text]
  • Microsoft Windows Common Criteria Evaluation Security Target
    Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 version 1903 (May 2019 Update) Microsoft Windows Server version 1903 (May 2019 Update) Security Target Document Information Version Number 0.04 Updated On July 19, 2019 Microsoft © 2019 Page 1 of 126 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 March 23, 2019 Initial draft 0.02 June 18, 2019 Updates from evaluation, switched to GP OS PP 4.2.1 0.03 July 19, 2019 Final version for certification body 0.04 July 19, 2019 Version for publication Microsoft © 2019 Page 2 of 126 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
    [Show full text]
  • EITA25 Computer Security (Datasäkerhet) Windows Security
    2020-01-30 EITA25 Computer Security (Datasäkerhet) Windows Security PAUL STANKOVSKI WAGNER, EIT, 2020-01-30 1 2020-01-30 Windows Security • Windows XP evolved from Windows 2000 • Windows 10, 8, 7 and Vista evolved from XP • Similar security solution – Things have been added, but ideas are the same • Standalone computers administered locally Rich support for • Domains used for centralized administration managing security – Domain controller (DC) has information about users » Acts as a trusted third party Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 2 2 2020-01-30 Design Motivation • Security was designed to meet requirements for C2 rating in Orange Book – Secure logon – users must be uniquely identified – Discretionary access control – Owner determines access – Auditing – Record security related events in a logfile – Object reuse protection – Initialize all objects before giving access to users – Trusted path – Functionality to detect spoofing attacks at authentication time (called SAS in Windows) – Trusted facility management – Separate accounts for users and administrators • Windows NT 3.5 SP3 was the first Windows version to earn C2 rating (1995) – Windows NT 4 SP6a earned C2 rating in 1999 Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 3 3 2020-01-30 Networked Computers, Domains and Workgroups Workgroup • All accounts are local • Resources can be shared but are managed locally • Peer-to-peer • No computer in charge • Typically at most 20 computers Domain Active Directory Domain Controller • Both local and domain accounts • Login to domain account from any computer • Centralized administration • Can be thousands of computers Paul Stankovski Wagner EITA25 Computer Security 2020-01-30 4 4 2020-01-30 Windows Logon (somewhat simplified) • Winlogon.exe handles logon and responds to the Secure Attention Sequence (SAS) – CTRL+ALT+DEL • Winlogon uses libraries that authenticate the user – Can be libraries for passwords, smartcards, biometric data, etc.
    [Show full text]