Windows Based Networks Student.pdf

Full Transcript

 Windows Versions
MS-DOS: created in 1981. COMMAND LINE ONLY
* Early Exploits: Internet Information System(IIS) malware, Buffer overflow,
DNS exploit, DoS attacks

Win 95: Architecture version 3.1.
auto-run feature which allowed Windows Explorer to automatically run or
load disks and USBs

Win 98: Architecture version 4.1
FAT32 and Active Desktop (integrated web browser)

Win 2000: Architecture version 5.0
Active Directory, Azure AD (Cloud based)
 Windows Versions
Win XP: Architecture version 5.1
Windows Firewall, Data Execution Prevention (DEP),
New Technology File System (NTFS) * 1st Supported in Win NT 3.1*

Win Vista: Architecture version 6.0
User Access Control (UAC)
BitLocker Drive Encryption (Allows encryption of entire drives)
Windows Defender
Sessions

Win 7: Architecture version 6.1
Multi-touch support, IE 8, Virtual Hard Disk support, Improved boot performance

Win 10-11: Supported Architectures: x86-64 (64-bit), ARM64 (on select editions i.e. 11)
Microsoft Defender Anti-Virus, Win Update, Secure boot
 Local vs Domain Account
A user account is a profile used by end users in the network for determining access. These accounts exist in either
the SAM or in the Domain Controller (DC).
Three types of user accounts:
Local: an account created on a specific computer that is only accessible on that computer. does not permit access
to network resources, authenticated by the SAM and utilized by work groups
Domain: an account that is managed by Active Directory in a domain environment. Allows access to resources
across multiple computers within the domain.
Built-in: automatically created when the OS, Active Directory, or other applications are loaded. Built-in accounts
can exist in local or domain environments
○Standard: User accounts are for everyday computing.
○Administrator: account that have full access to the computer; different types depending on the scope of the
network
○Guest: provides a user with temporary access; limited privileges with no access to network, but can get on the
internet. It is a best security practice to rename and disable these accounts.
 Local Account
Authentication: Credentials are stored and verified by the local computer

Access: Limited to the local computer where the account is created

Management: Managed locally on each computer

Uses: Home use, small networks

Advantages: Simple setup, no network dependency

Disadvantages: Limited to single-computer access
 Domain Account
Authentication: Credentials are stored and verified by the domain controller

Access: Network-wide resources

Management: Centralized management via Active Directory

Uses: Large organizations, enterprises

Advantages: Centralized control, Single Sign-On (SSO)

Disadvantages: Requires domain infrastructure, more complex
 Service Accounts
Service accounts are special user accounts created to run applications, services, or system
processes. Service accounts are not intended for interactive logins by users. They are used to
facilitate automated tasks and background services within the OS.

Built In Service Accounts:
LocalSystem –
Privileged built-in account used by the OS and core services that has full
control over the system, including all local resources and services.
Runs essential system serviced and has extensive privileges on the local
machine
LocalService –
Account with limited privileges designed to run local services
minimum privileges, and no password associated with the account
NetworkService –
Account with slightly more privileges that Local Service Account
Intended for services that require network access, limited local access
 Security Identifiers (SID)
A Security Identifier (SID) is a unique identifier assigned to each user, group, and computer account
created in the OS. They control access to file, directories, and registry keys.
SIDs are typically presented in a format that looks like this ‘S-1-5-21-3623811015-3361044348-
30300820-1013’. Each part of the SID represents different information about the identity it refers to.

S indicates that this is a SID.
1 represents the revision level (value has not changed from 1)
5 represents the authority identifier, typically will be seen as 5, but can be designated as something
else
Groups represent the identifier values:
(a) Local or Domain Identifier: represents the security authority that created the SID
(b) Relative Identifier (RID): identifies the type of user accounts (1013)
 Security Identifiers (SID)
User SID: Assigned to individual user accounts.

Group SID: Assigned to group accounts.

Computer SID: Assigned to computers within a domain or workgroup.

Well-Known SIDs: Predefined SIDs that represent generic users or groups
‘S-1-5-18’ : Local System
‘S-1-5-19’ : Local Service
‘S-1-5-20’ : Network Service
 Service Identifiers (SID)
Some Well-Known SIDS
 Security Identifiers (SID)
Functions and Usage

Access Control: SIDs are used in Access Control Lists (ACLs) to define
permissions for users and groups on objects like files, folders, and registry keys.

Authentication and Authorization: During logon, Windows verifies the SID of
the user account and assigns it to the user's security token, which is used for
access checks.

Uniqueness: SIDs ensure that each user, group, and computer can be uniquely
identified across the network, even if names are duplicated.
 Access Tokens
An access token is a data structure in the Win OS that contains security
information about a logged-in user or a process. It contains the user's identity,
group memberships and privileges. It helps to control access to resources and
enforces security policies.
Creation of an Access Token:

User Logon – user enters credentials, credentials authenticated
against database (SAM or AD)

Authentication- if successful, a token is generated

Assignment – token assigned to logon session. Follows user
through entire session
What Are
Your
Question
s