Windows Based Networks Student PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document discusses various aspects of Windows-based networks, including different versions of Windows, account types (local, domain, service), and security identifiers (SIDs). It provides a general overview of these concepts.
Full Transcript
Windows Versions MS-DOS: created in 1981. COMMAND LINE ONLY * Early Exploits: Internet Information System(IIS) malware, Buffer overflow, DNS exploit, DoS attacks Win 95: Architecture version 3.1. auto-run feature which allowed Windows Explorer to automatically run or load disks and US...
Windows Versions MS-DOS: created in 1981. COMMAND LINE ONLY * Early Exploits: Internet Information System(IIS) malware, Buffer overflow, DNS exploit, DoS attacks Win 95: Architecture version 3.1. auto-run feature which allowed Windows Explorer to automatically run or load disks and USBs Win 98: Architecture version 4.1 FAT32 and Active Desktop (integrated web browser) Win 2000: Architecture version 5.0 Active Directory, Azure AD (Cloud based) Windows Versions Win XP: Architecture version 5.1 Windows Firewall, Data Execution Prevention (DEP), New Technology File System (NTFS) * 1st Supported in Win NT 3.1* Win Vista: Architecture version 6.0 User Access Control (UAC) BitLocker Drive Encryption (Allows encryption of entire drives) Windows Defender Sessions Win 7: Architecture version 6.1 Multi-touch support, IE 8, Virtual Hard Disk support, Improved boot performance Win 10-11: Supported Architectures: x86-64 (64-bit), ARM64 (on select editions i.e. 11) Microsoft Defender Anti-Virus, Win Update, Secure boot Local vs Domain Account A user account is a profile used by end users in the network for determining access. These accounts exist in either the SAM or in the Domain Controller (DC). Three types of user accounts: Local: an account created on a specific computer that is only accessible on that computer. does not permit access to network resources, authenticated by the SAM and utilized by work groups Domain: an account that is managed by Active Directory in a domain environment. Allows access to resources across multiple computers within the domain. Built-in: automatically created when the OS, Active Directory, or other applications are loaded. Built-in accounts can exist in local or domain environments ○Standard: User accounts are for everyday computing. ○Administrator: account that have full access to the computer; different types depending on the scope of the network ○Guest: provides a user with temporary access; limited privileges with no access to network, but can get on the internet. It is a best security practice to rename and disable these accounts. Local Account Authentication: Credentials are stored and verified by the local computer Access: Limited to the local computer where the account is created Management: Managed locally on each computer Uses: Home use, small networks Advantages: Simple setup, no network dependency Disadvantages: Limited to single-computer access Domain Account Authentication: Credentials are stored and verified by the domain controller Access: Network-wide resources Management: Centralized management via Active Directory Uses: Large organizations, enterprises Advantages: Centralized control, Single Sign-On (SSO) Disadvantages: Requires domain infrastructure, more complex Service Accounts Service accounts are special user accounts created to run applications, services, or system processes. Service accounts are not intended for interactive logins by users. They are used to facilitate automated tasks and background services within the OS. Built In Service Accounts: LocalSystem – Privileged built-in account used by the OS and core services that has full control over the system, including all local resources and services. Runs essential system serviced and has extensive privileges on the local machine LocalService – Account with limited privileges designed to run local services minimum privileges, and no password associated with the account NetworkService – Account with slightly more privileges that Local Service Account Intended for services that require network access, limited local access Security Identifiers (SID) A Security Identifier (SID) is a unique identifier assigned to each user, group, and computer account created in the OS. They control access to file, directories, and registry keys. SIDs are typically presented in a format that looks like this ‘S-1-5-21-3623811015-3361044348- 30300820-1013’. Each part of the SID represents different information about the identity it refers to. S indicates that this is a SID. 1 represents the revision level (value has not changed from 1) 5 represents the authority identifier, typically will be seen as 5, but can be designated as something else Groups represent the identifier values: (a) Local or Domain Identifier: represents the security authority that created the SID (b) Relative Identifier (RID): identifies the type of user accounts (1013) Security Identifiers (SID) User SID: Assigned to individual user accounts. Group SID: Assigned to group accounts. Computer SID: Assigned to computers within a domain or workgroup. Well-Known SIDs: Predefined SIDs that represent generic users or groups ‘S-1-5-18’ : Local System ‘S-1-5-19’ : Local Service ‘S-1-5-20’ : Network Service Service Identifiers (SID) Some Well-Known SIDS Security Identifiers (SID) Functions and Usage Access Control: SIDs are used in Access Control Lists (ACLs) to define permissions for users and groups on objects like files, folders, and registry keys. Authentication and Authorization: During logon, Windows verifies the SID of the user account and assigns it to the user's security token, which is used for access checks. Uniqueness: SIDs ensure that each user, group, and computer can be uniquely identified across the network, even if names are duplicated. Access Tokens An access token is a data structure in the Win OS that contains security information about a logged-in user or a process. It contains the user's identity, group memberships and privileges. It helps to control access to resources and enforces security policies. Creation of an Access Token: User Logon – user enters credentials, credentials authenticated against database (SAM or AD) Authentication- if successful, a token is generated Assignment – token assigned to logon session. Follows user through entire session What Are Your Question s