Академический Документы
Профессиональный Документы
Культура Документы
Windows is one of the user friendly OS now-a-days. And it’s so important to know about
the security of the windows. Before deep diving into the security, we need to know about the
Active Directory, Group Policy Object, Work Group, SID, SAT, File System, Different Types of
Account.
Work Group:
A workgroup is a peer-to-peer network setup using Microsoft Windows operating
system. It’s a group of computers on a local area network that share common resources
and responsibilities. You can easily create a workgroup by connecting two or more PCs
without going through a separate server computer.
Workgroups are great for smaller networks, but they aren’t efficient for larger ones. Here’s
two reason why:
Social ID (SID):
Users (you and me) refer to accounts by the account's name, like "Shihab", but Windows
uses the SID when dealing with accounts internally. Now it’s not only a ID number, besides it’s
also contain the role of the user.
S-1-1-0 = Everyone Group
S-1-5-11 = Authenticated User Group
S-1-5-32-544 = Local Administrator Group
S-1-5-32-547 = Power User Group
Now its time to discuss about the authenticator of the request. There’s to popular authenticator
used in windows one is KEROBEROS and another is NTML. Between these two
KEROBEROS is mostly used. Because it’s faster. Client can cache and reuse their respective
SAT (TOKENS) again. But here’s a little issue. If an attacker can capture the PACKETs of the
initial KEROBERO exchange then he/she can bruteforce and detect the SAT. Before windows 7,
there was no default cryptographer. But after that, MS gave an update and include bitLocker and
AES.
KEROBEROS:
Kerberos has several important advantages. For example, it:
is very secure, preventing various types of intrusion attacks
uses "tickets" that can be securely presented by a client or a service on the client's behalf
to a server for access to services
permits Cross-Forest Trusts to use transitive properties and eliminate the "full mesh"
scenario; all domains in both forests establish a trust with a single Kerberos trust at the root
permits interoperability with other Kerberos realms such as Unix; this permits non-
Windows clients to authenticate to Windows domains and gain access to resources
provides authentication across the Internet for Web apps
There’s a proverb,
“The single most important thing any company or individual can do to improve
security is have a good backup strategy.”
To prevent this, TMP is being used. If the system has no TMP installed then a drive or
USB must be attached when booting the OS.
IIS Logging:
IIS logging is one type of server side logging that can be enabled on a URL group. The
IIS log file format is a fixed ASCII text-based format that cannot be customized. The IIS log
file contains the HTTP Server API kernel-mode cache hits. This type of logging can be enabled
on a URL group only; it cannot be used on the server session.
The IIS log file format records the following data. The data in the table is in the order of
occurrence in the log file.
IPsec:
IPsec, also known as the Internet Protocol Security or IP Security protocol, defines the
architecture for security services for IP network traffic. IPsec describes the framework for
providing security at the IP layer, as well as the suite of protocols designed to provide that
security, through authentication and encryption of IP network packets. Also included in IPsec
are protocols that define the cryptographic algorithms used to encrypt, decrypt and authenticate
packets, as well as the protocols needed for secure key exchange and key management.
Firewall:
Firewall is said to be the protector of the Windows. Windows Firewall is a security software
that provides filtering mechanisms such as firewalling and packet filtering for Microsoft
Windows OS. Windows Firewall is a program included in Microsoft Windows that helps your
home network keep data secure from online threats. A firewall basically, permits or denies
communication between an external network and your computer, or between computers or
between the networks. Almost all the networks communicate by establishing a connection
between two hosts or an IP address.
Packet filtering - Packets (small chunks of data) are analyzed against a set of filters.
Packets that make it through the filters are sent to the requesting system and all others are
discarded.
Proxy service - Information from the Internet is retrieved by the firewall and then sent to
the requesting system and vice versa.
Stateful inspection - A newer method that doesn't examine the contents of each packet
but instead compares certain key parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is monitored for specific
defining characteristics, then incoming information is compared to these characteristics.
If the comparison yields a reasonable match, the information is allowed through.
Otherwise it is discarded.
MS Powershell:
o Future of windows scripting
o Can run binaries and Scripts
o Can create COM objects
Difference Between CMD and PowerShell:
PowerShell Cmd.exe
Cmd co mmands wor ks in Power Shell PowerShell cmdlets wo n’t work in Cmd.exe
System Ad ministratio n tasks for managing the registry to System Ad ministratio n tasks for managing the
WMI (Windo ws Management Instr umentatio n) are registry to WMI (Windo ws Management
accessible via Po werShell Instrumentatio n) are not accessible via cmd
It’s a po werful scripting environment that can be used to It is more difficult to compose co mp lex scripts
create co mplex scripts for managing Windo ws sys tems with cmd
much more easily than you could with the Co mmand
Prompt.
Equivalent co mmo n Co mmands For Ch ange a Directory : Equivalent co mmo n Co mmands For Change a
Set-Location For Rename a fille : Rename -Item Directory : cd For rename a file : rename