Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] - نسخه متنی

Roberta Bragg

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید







Windows Security Architecture and the Authorization Process


The Windows security architecture model is based on multiple inter-related components. You have already been introduced to one aspect of the design: the authentication component. In Figure 3-1, these areas of the architecture are circled and labeled. Authentication is the first hurdle a potential system user must pass. After logging on, the user's ability to do anything depends on the evaluation done by the Security Reference Monitor (SRM). The SRM resolves each request the user makes for access by comparing the request to his rights on the system and/or the permissions that he has been granted on the resource. If you are charged with assigning rights and permissions on systems, your first obligation is to understand how this process works.

Figure 3-1. Windows security architecture.

Anonymous Access" later in this chapter.Well-Known SIDs."

Local Security Authority (LSA)

The component that controls user logon and access permission. It is made up of user mode services, the Local Security Authority Subsystem (LSASS), Winlogon, and other kernel mode components. The local security authority can also be thought of as the database of password rules, system policies, and trust accounts for the computer.

Local Security Authority Subsystem (LSASS)

Hosts the Kerberos KDC on a domain controller, the NTLM security support provider, the Security Account Manager (SAM), Netlogon, IPSec, and Protected Storage.

Security Support Providers (SSP)

These are protocols such as Kerberos, NTLM, Digest, Schannel, basic authentication (Clear text password authentication), and Passport support. SSPs manage credentials, determine access, protect data, and secure client-server communications.

Winlogon

Obtains credentials from users interactively.

Netlogon

Obtains credentials over the network.

Security Support Provider Interface (SSPI).

Provides the interface between the SSPs and the application processes (IPSec, CIFS/SMB, LDAP, and so on).

Security Reference Monitor (SRM)

The arbitrator of access on the system. The SRM examines SIDs in the access token and security descriptors placed in an ACL on an object to determine whether requested access should occur.

Security Descriptors

Data structures that contain the discretionary access control list and system access control list for an object.

Discretionary Access Control Lists (DACLs)

Sometimes referred to as access control lists (ACLs), these are linked to objects. The DACL provides information including the security principals that have explicit permission to access the objects and those that are explicitly denied. This information is included in Access Control Entities and is used during authorization.

System Access Control List (SACL)

Contains information that specifies the type of audit records that should be recorded during access attempts. The information is contained in ACEs, which contain the SID of the security principal and the type of audit record that should be produced if the SID is used to access the object.

Access Control Entities (ACEs)

Contains a user or group SID, a permission (such as read or write), and the Allow or Deny designation. Figure3-2 displays the Permission page of the Advanced Security settings property page. The first three columnstype, name, and permissionrepresent the ACE. The ACEs of an SACL are sometimes referred to as audit control entries and are composed of a user or group SID, the type of access (read, write, and so on) that should be recorded, and whether or not the access was successful.

Access Token

Built by the LSASS when a user logs on. It contains the user's SID, the SIDs for any groups of which the user is a member, and security policy settings, including the rights assigned to the user. The access token is built on the local machine when the user logs on. Another access token is built when the user attempts to access a network resource. During authentication, the list of information necessary to build an access token is collected and stored in the authentication material produced. When Kerberos is utilized for network authentication, the SIDs and other authorization information are stored in the authorization field of the TGT and session tickets. NTLM authentication returns this information when the user is authenticated at logon and when a server confirms a user's credentials after the user requests access. Access tokens are built for each unique computer on which the user requests access. Access tokens do not traverse the network. After an access token is created, it is attached to every process that the user runs so that the process has it available when it needs to request access to resources or exercise a right.

Figure 3-2. The Advanced Permissions page.

In spite of the large number of components, the access control process can be easily explained by focusing on four components: SIDs, access control lists (ACLs), access tokens, and the SRM. A more complex explanation with examples is provided in the section "The Access Control Process" and in Chapter 5, "Controlling Access to Data." Following are the basic steps that occur:


1.

An access token is created for each logged on user. The access token consists of the user's SID, the SIDs of all of the groups she is a member of, and the rights she has on the specific machine.

2.

Each resource has an ACL. Within the ACL, ACEs detail who can do what with this resource. Each ACE includes a SID.

3.

A logged on user makes a request to access an object (read a file, run a program, and so on).

4.

The SRM compares the user's access token information and the ACL on the object the user is attempting to access and determines if that user can do what she has asked to do. The request is either granted or denied.



/ 194