Basics of Windows Security

Показать описание

What's in this video
This video will look at the core parts of Windows security which are as follows: "Security Principal", "Security Identifier", "Access Control Entry/Access Control List" and "Access Tokens". This will give you a better understanding of how security in Windows works which will assist you later on when you work on configuring security.

What is a Security Principal
A security principal is essentially the name given to an entity. For example a user, computer or process. This security principal is generally a friendly name to make it easier to identify the entity. For example, it is easier to identify a user by a name rather than a long number. A security principal will always map to one entity, but it is possible to have to entities with the same name. For example two users with the same name. Perhaps one has been deleted and replaced by the other. In order for an entity to always be able to be uniquely identified, it needs a unique value assigned to it.

Security Identifier (SID)
Every object in Windows has a SID assigned to it. A SID is a unique number like a serial number. They always start with S. The short SID's are local SID's and are only used on the local computer. The longer SID's are domain SID's and are issued by a Domain Controller.
The list of profiles currently in use can be found in Regedit at the following location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
The containers in this location are called after the SID of that user. This means that if the username of that user were to change, this would not affect Windows being able to find the profile for that user as the SID for that user has not changed.

SID Example
Whenever a user is created, a unique SID is assigned to them. This SID is then used with objects to give the user access. Since a unique SID is assigned to every user that is created, it is possible to have multiple users with the same SID at different times or in different domains. It should be remembered that once a user is deleted the SID associated with that user is lost. For this reason, many administrators will disable a user rather than deleting them and thus keeping the SID. If later on the access that was given to that user is required, the user can be re-enabled and the access reused.

ACE/ACL
In order to determine who can access an entity, ACE's and ACL's are used. An ACL or Access Control List is a list of permissions. For example who can read the entity, those that can write to the entity. An ACE or Access Control Entry is simply an entry in that list. For example, if you had a document on the file system, this document would have an Access Control List associated with it. This Access Control List would contain Access Control Entries which determine who has access. For example, it is common for files to be allowed access by administrators and the system user. If additional access is required, it is just a matter of adding an ACE to the ACL with the required permissions and the entity that requires access. The access is determined by using the entities SID. Thus to determine if someone is allowed access, the SID of that user is looked at and then checked against the ACL to see if there is a match. If there is a match the user is allowed access.

Description to long for YouTube. Please see the following link for the rest of the description.

References
"Installing and Configuring Windows Server 2012 Exam Ref 70-410" pg 83

Рекомендации по теме

Комментарии

Your playlist has been a life saver. Coming from a Linux background, you have made it easy for me to learn these concepts.
Thank you

peshutanpavri

School of Information Technology where I'm student don't provide to us so much details like ITFreeTraining, big BRAVO and greetings from Serbia, God bless !

nemanjajovic

your channel is the best to learn for my IT degree

gopinath

Most well composed, concise, and helpful Windows Security video I have seen! Thank you.

j.loiacano

Hey. I just want to thank you and your team for making these videos. I learned so much from them

jaybala

once again thank you and still going with the course, trust me am here to stay.

gadgetproblemnoproblem

This is the most fantastic video from you guys. I have watched every video from this channel. God Bless you all and keep up the good work. Nice graphics by the way and the style of teaching is out of this world. Great Work!!!

kettle

I love your videos! They are easy to understand, very explanatory, and complete.

jonhovdal

Another excellent training video. Thank you so much for these. Very well presented and very informative. Thanks again!

timknowles

Really great video and I found the PDF handout very helpful. Thank you.

kieranthart

Team,

I have watched hundreds of videos either paid or free on windows/vmware/cloud as am IT professional worked in IBM, HP and CTS etc..However i have special love for this voice and minute details and very intuitive way of explaining very complex things in very simple manner.

Again thanks for this voice/this person and his team.

I am ready to pay for this site, if site coverts to paid services...as it is not only explains in very very simple way but complex subjects..

Note: i would like to know if there are any paid services which covers more subjects in details.

Regards
Raj Navalgund

BRNavalgund

very helpful - succinct and with good examples.

jonspink

I enjoyed the video. But I wish it would have covered how to remove the SIDs from an ACL.

anibalosorio

Thanks, great video. Especially the examples were very helpful

frymc

Thanks for the short but nice introduction to Win security concepts.
One thing I have to add: Crafting access tokens is not computational feasible for an attacker but stealing them from the memory is unfortunately the reality and known as "Pass the Hash" attack.
I thought it would be worth to mention this fact.

hammingdistance