SlideShare a Scribd company logo

Windows security context

Download as PPTX, PDF
InGuen Hwang
InGuen Hwang

[메모] 윈도우 OS의 기본적인 권한 객체에 대한 메모이다.

Software
1 of 8
Windows Security Context 로그온, 권한접근 체크, UAC 2015. 06. 11 기술지원팀 황인균
황인균 로그온 & 접근권한 체크 사용자 Windows LSASS*( Lsass.exe) Login Session - Access Token( SID포함) Winlogon Userinit.exe 프로세스 - Access Token 프로세스 - Access Token create 로그온 Create Securable Object( 예, file ) - Security Descriptor( ACL  SID 포함 ) Duplicate Access Token Security Subsystem 1) Check permissions 2) Token 정보,ACL 정보 비교 1) 세션 생성 2) 사용자의 초기화 프로세스 생성 1) 사용자 Token을 갖는 최상위 부모 프로세스 2) 사용자의 동일 Session에서 실행되는 모든 프로세스들은 이 프로세스에서 Token의 복사본을 상속받는다. create 3) 접근 허용Process Manager * LASS – Local Security Authority Subsystem Service
황인균 SID( Security Identifier ) 란? ■ SID In Windows, Security Identifiers(SIDs) uniquely identify users, groups, computers, and other entities. SIDs are what are stored in access tokens and in security descriptors, and they are what are used in access checks. SID =( revision number, authority value, subauthority value, RID( relative identifier ) Authority value : the agent that issued the SID( Windows local System 또는 domain ) Subauthority value : trustees relative to the issuing authority. RID : a way for windows to create unique SIDs based on a common base SID S-1-5-21-211353117-160xx-83xx - 1 : revision, 5 : authority, 21~83xxx : subauthority values S-1-1-0 - everyone 그룹( 고정된 SID – 모든 Windows에서 동일한 값을 가짐) ■ SID name The names that are associated with SIDs are only for userinterface purposes, and because of localization they can change from system to system. US English systems - Administrators group with the SID S-1-5-32-544 German systems – Administratoren, Italian systems - Gruppo Administrators, Finnish systems - Järjestelmänvalvojat ■ Local SID( Machine SID ) Each Windows computer has a local SID, also known as a machine SID, which is created during setup. Each local group and user account on the computer has a SID based on the machine SID with a relative ID (RID) appended to it. ■ Domain SID Likewise, each Active Directory domain has a SID, and entities within the domain (including domain groups, user accounts, and member computers) have SIDs based on that SID with a RID appended. In addition to these machine-specific and domain-specific SIDs, Windows defines a set of well-known SIDs in the NT AUTHORITY and BUILTIN domains. Windows Sysinternals Adminitrator’s Reference 저자 : Mark Russinovich - p. 185 각 엔터티의 SID = Base SID ( local SID, domain SID ) + RID( Relative ID ) p.390 In Windows Vista and newer, services are assigned security identifiers(SIDs), and it becomes possible to grant or deny access to specific services.
황인균 SID( Security Identifier ) 란? ※ PsGetSid - SID  SID 명령 psgetsid S-1-5-21-1699876237-… 출력결과 Account for 로컬컴퓨터명S-1-5-21-1699876237-…: User: 도메인명dalbong2
황인균 권한 객체 #1 Logon Session Access Token SID includehas Process Access Token has duplicate LUID System : 0x3e7( 999 ) Local Service : 0x3e5( 997) Network Service : 0x3e4( 996 ) has LSASS( Lsass.exe) Security Descriptor ACL * SID includeincludeinclude Access Securable Object 예) file ACE * Permissions 다음 슬라이드 >> create Process Manager * ACL, ACE – 다음 슬라이드
황인균 권한 객체 #2 • Logon Session • Security Descriptor ACL DACL( Discretionary Access Control List) SACL( System Access Control List ≒ system AUDIT control list ) LSA Logon Session TS Session is is contains • ACE( Access Control Entries) SID permissions • ACL - http://clintboessen.blogspot.kr/2011/04/whats-difference-between-acl-ace-dacl.html Windows Sysinternals Adminitrator’s Reference - 저자 : Mark Russinovich - 출판사 : Microsoft SID : p.185~186, 390 LSA Logon Session : p.18, 30, 280 Process : p.21 * ACE( Access Control Entries ) - An entry in an access control list (ACL) - files, folders, registry keys, process , Windows object manager에서 정의한 객체들( directory, sections, semaphores) - An ACE contains a set of access rights and a security identifier (SID) that identifies a trustee access rights : allowed, denied, or audited. - https://msdn.microsoft.com/en-us/library/windows/desktop/aa374868(v=vs.85).aspx
황인균 UAC UAC on Two LSA Logon Session create Standard User Session Administrator Session OTS( Over The Shoulder) elevation – Account Credentials 입력 창 출력 AAM (Admin Approval Mode) elevation – Approval 창 출력 Standard User Session : contains FILTERED TOKEN with powerful groups disabled and powerful privileges removed Administrator Session : contains TOKEN representing the user’s full rights.
황인균 Security Context Security Context object Configuration manager Key object, … Memory manager Section object( Shared memory), …. Executive Semaphore, Mutant, … I/O manager File, … Process manager Thread, process, …

Recommended

CoreTrace Whitepaper: Protecting PCI Systems And Data
CoreTrace Whitepaper: Protecting PCI Systems And DataCoreTrace Whitepaper: Protecting PCI Systems And Data
CoreTrace Whitepaper: Protecting PCI Systems And DataCoreTrace Corporation
 
Network Security 2016
Network Security 2016 Network Security 2016
Network Security 2016 Mukesh Pathak
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Data base security
Data base securityData base security
Data base securitySara Nazir
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
ISSA Web Conference - Biometric Information Security Management
ISSA Web Conference - Biometric Information Security ManagementISSA Web Conference - Biometric Information Security Management
ISSA Web Conference - Biometric Information Security ManagementPhil Griffin
 

Recommended

CoreTrace Whitepaper: Protecting PCI Systems And Data
CoreTrace Whitepaper: Protecting PCI Systems And DataCoreTrace Whitepaper: Protecting PCI Systems And Data
CoreTrace Whitepaper: Protecting PCI Systems And DataCoreTrace Corporation
 
Network Security 2016
Network Security 2016 Network Security 2016
Network Security 2016 Mukesh Pathak
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Data base security
Data base securityData base security
Data base securitySara Nazir
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
ISSA Web Conference - Biometric Information Security Management
ISSA Web Conference - Biometric Information Security ManagementISSA Web Conference - Biometric Information Security Management
ISSA Web Conference - Biometric Information Security ManagementPhil Griffin
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance EvolvedSafeNet
 
марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012Валерий Коржов
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
Guardium
GuardiumGuardium
Guardiumgigamon
 
6 8-1 sasia information system control for system reliability
6 8-1 sasia information system control for system reliability6 8-1 sasia information system control for system reliability
6 8-1 sasia information system control for system reliabilitydianpipit
 
Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Sang Yoo
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dssSarahLamusu
 
Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayCertification Europe
 
Windows Security
Windows Security Windows Security
Windows Security Pooja Talreja
 
Security in windows azure
Security in windows azureSecurity in windows azure
Security in windows azurePatriek van Dorp
 
Glaucoma secundario
Glaucoma secundarioGlaucoma secundario
Glaucoma secundarioUAC
 
12 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 201712 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 2017Paula Januszkiewicz
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
Active directory ds ws2008 r2
Active directory ds ws2008 r2Active directory ds ws2008 r2
Active directory ds ws2008 r2MICTT Palma
 

More Related Content

What's hot

PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance EvolvedSafeNet
 
марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012Валерий Коржов
 
Guardium
GuardiumGuardium
Guardiumgigamon
 
6 8-1 sasia information system control for system reliability
6 8-1 sasia information system control for system reliability6 8-1 sasia information system control for system reliability
6 8-1 sasia information system control for system reliabilitydianpipit
 
Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Sang Yoo
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dssSarahLamusu
 
Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayCertification Europe
 

What's hot (10)

PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance Evolved
 
марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012
 
Database security
Database securityDatabase security
Database security
 
Guardium
GuardiumGuardium
Guardium
 
6 8-1 sasia information system control for system reliability
6 8-1 sasia information system control for system reliability6 8-1 sasia information system control for system reliability
6 8-1 sasia information system control for system reliability
 
Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files? Why ClouDoc to protect CAD files?
Why ClouDoc to protect CAD files?
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Event log monitoring for the pci dss
Event log monitoring for the pci dssEvent log monitoring for the pci dss
Event log monitoring for the pci dss
 
Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective Way
 

Viewers also liked

Glaucoma secundario
Glaucoma secundarioGlaucoma secundario
Glaucoma secundarioUAC
 
12 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 201712 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 2017Paula Januszkiewicz
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 

Viewers also liked (11)

Windows Security
Windows Security Windows Security
Windows Security
 
Security in windows azure
Security in windows azureSecurity in windows azure
Security in windows azure
 
Glaucoma secundario
Glaucoma secundarioGlaucoma secundario
Glaucoma secundario
 
12 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 201712 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 2017
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity Predictions
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Network security
Network securityNetwork security
Network security
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
 

Similar to Windows security context

Active directory ds ws2008 r2
Active directory ds ws2008 r2Active directory ds ws2008 r2
Active directory ds ws2008 r2MICTT Palma
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkKapil Soni
 
Understanding Windows Lateral Movements
Understanding Windows Lateral MovementsUnderstanding Windows Lateral Movements
Understanding Windows Lateral MovementsDaniel López Jiménez
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSIONFORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSIONIJNSA Journal
 
Colocation server 17 july 17
Colocation server 17 july 17Colocation server 17 july 17
Colocation server 17 july 17Yabibo
 
Colocation server 14 july 17
Colocation server 14 july 17Colocation server 14 july 17
Colocation server 14 july 17Yabibo
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts MD SAQUIB KHAN
 
Configuration Auditing
Configuration AuditingConfiguration Auditing
Configuration AuditingAlbert Campa
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon
 
Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)JSantanderQ
 
A Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection SolutionsA Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection SolutionsJohn Rhoton
 

Similar to Windows security context (20)

Active directory ds ws2008 r2
Active directory ds ws2008 r2Active directory ds ws2008 r2
Active directory ds ws2008 r2
 
Ad ds ws2008 r2
Ad ds ws2008 r2Ad ds ws2008 r2
Ad ds ws2008 r2
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
 
Understanding Windows Lateral Movements
Understanding Windows Lateral MovementsUnderstanding Windows Lateral Movements
Understanding Windows Lateral Movements
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSIONFORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
 
Colocation server 17 july 17
Colocation server 17 july 17Colocation server 17 july 17
Colocation server 17 july 17
 
Colocation server 14 july 17
Colocation server 14 july 17Colocation server 14 july 17
Colocation server 14 july 17
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts
 
Configuration Auditing
Configuration AuditingConfiguration Auditing
Configuration Auditing
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
 
Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)Material modulo02 asf6501(6425-b_01)
Material modulo02 asf6501(6425-b_01)
 
A Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection SolutionsA Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection Solutions
 
Enumerating Windows Users
Enumerating Windows UsersEnumerating Windows Users
Enumerating Windows Users
 

More from InGuen Hwang

01. 워크샵 행복과 아이교육 01
01. 워크샵 행복과 아이교육 0101. 워크샵 행복과 아이교육 01
01. 워크샵 행복과 아이교육 01InGuen Hwang
 
02. 워크샵 아이 교육 big picture 01
02. 워크샵 아이 교육 big picture 0102. 워크샵 아이 교육 big picture 01
02. 워크샵 아이 교육 big picture 01InGuen Hwang
 
행복과 자녀 교육
행복과 자녀 교육행복과 자녀 교육
행복과 자녀 교육InGuen Hwang
 
네트워크와 보안
네트워크와 보안네트워크와 보안
네트워크와 보안InGuen Hwang
 
01. kpi기반의 정량적 성능 평가 체계 구축
01. kpi기반의 정량적 성능 평가 체계 구축01. kpi기반의 정량적 성능 평가 체계 구축
01. kpi기반의 정량적 성능 평가 체계 구축InGuen Hwang
 
01.windows 보안(접근제어모델 리뷰) 2016.05.25
01.windows 보안(접근제어모델 리뷰) 2016.05.2501.windows 보안(접근제어모델 리뷰) 2016.05.25
01.windows 보안(접근제어모델 리뷰) 2016.05.25InGuen Hwang
 
윈도우 클라이언트 자동 업데이트 설정
윈도우 클라이언트 자동 업데이트 설정윈도우 클라이언트 자동 업데이트 설정
윈도우 클라이언트 자동 업데이트 설정InGuen Hwang
 
노트북 응답 속도 문제 덤프 추출테스트 이력
노트북 응답 속도 문제 덤프 추출테스트 이력노트북 응답 속도 문제 덤프 추출테스트 이력
노트북 응답 속도 문제 덤프 추출테스트 이력InGuen Hwang
 
.net 웹어플리케이션 예외정보 노출 방지
.net 웹어플리케이션 예외정보 노출 방지.net 웹어플리케이션 예외정보 노출 방지
.net 웹어플리케이션 예외정보 노출 방지InGuen Hwang
 
05. it정보화전략-어플리케이션 프레임워크
05. it정보화전략-어플리케이션 프레임워크05. it정보화전략-어플리케이션 프레임워크
05. it정보화전략-어플리케이션 프레임워크InGuen Hwang
 
04. it정보화전략-어플리케이션 아키텍처
04. it정보화전략-어플리케이션 아키텍처04. it정보화전략-어플리케이션 아키텍처
04. it정보화전략-어플리케이션 아키텍처InGuen Hwang
 
03. it정보화전략-솔루션 도입
03. it정보화전략-솔루션 도입03. it정보화전략-솔루션 도입
03. it정보화전략-솔루션 도입InGuen Hwang
 
02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입InGuen Hwang
 
01. it정보화전략-it 기술기반 도입 계획
01. it정보화전략-it 기술기반 도입 계획01. it정보화전략-it 기술기반 도입 계획
01. it정보화전략-it 기술기반 도입 계획InGuen Hwang
 
00. it정보화전략-들어가기
00. it정보화전략-들어가기00. it정보화전략-들어가기
00. it정보화전략-들어가기InGuen Hwang
 
Sha 2 기반 인증서 업그레이드 이해
Sha 2 기반 인증서 업그레이드 이해Sha 2 기반 인증서 업그레이드 이해
Sha 2 기반 인증서 업그레이드 이해InGuen Hwang
 
IT전략계획-04.보안 아키텍처
IT전략계획-04.보안 아키텍처IT전략계획-04.보안 아키텍처
IT전략계획-04.보안 아키텍처InGuen Hwang
 
IT전략계획- 03.IT 도입계획
IT전략계획- 03.IT 도입계획IT전략계획- 03.IT 도입계획
IT전략계획- 03.IT 도입계획InGuen Hwang
 
IT전략계획- 02.정보전략계획(isp)
IT전략계획- 02.정보전략계획(isp)IT전략계획- 02.정보전략계획(isp)
IT전략계획- 02.정보전략계획(isp)InGuen Hwang
 

More from InGuen Hwang (20)

01. 워크샵 행복과 아이교육 01
01. 워크샵 행복과 아이교육 0101. 워크샵 행복과 아이교육 01
01. 워크샵 행복과 아이교육 01
 
02. 워크샵 아이 교육 big picture 01
02. 워크샵 아이 교육 big picture 0102. 워크샵 아이 교육 big picture 01
02. 워크샵 아이 교육 big picture 01
 
행복과 자녀 교육
행복과 자녀 교육행복과 자녀 교육
행복과 자녀 교육
 
암호화
암호화암호화
암호화
 
네트워크와 보안
네트워크와 보안네트워크와 보안
네트워크와 보안
 
01. kpi기반의 정량적 성능 평가 체계 구축
01. kpi기반의 정량적 성능 평가 체계 구축01. kpi기반의 정량적 성능 평가 체계 구축
01. kpi기반의 정량적 성능 평가 체계 구축
 
01.windows 보안(접근제어모델 리뷰) 2016.05.25
01.windows 보안(접근제어모델 리뷰) 2016.05.2501.windows 보안(접근제어모델 리뷰) 2016.05.25
01.windows 보안(접근제어모델 리뷰) 2016.05.25
 
윈도우 클라이언트 자동 업데이트 설정
윈도우 클라이언트 자동 업데이트 설정윈도우 클라이언트 자동 업데이트 설정
윈도우 클라이언트 자동 업데이트 설정
 
노트북 응답 속도 문제 덤프 추출테스트 이력
노트북 응답 속도 문제 덤프 추출테스트 이력노트북 응답 속도 문제 덤프 추출테스트 이력
노트북 응답 속도 문제 덤프 추출테스트 이력
 
.net 웹어플리케이션 예외정보 노출 방지
.net 웹어플리케이션 예외정보 노출 방지.net 웹어플리케이션 예외정보 노출 방지
.net 웹어플리케이션 예외정보 노출 방지
 
05. it정보화전략-어플리케이션 프레임워크
05. it정보화전략-어플리케이션 프레임워크05. it정보화전략-어플리케이션 프레임워크
05. it정보화전략-어플리케이션 프레임워크
 
04. it정보화전략-어플리케이션 아키텍처
04. it정보화전략-어플리케이션 아키텍처04. it정보화전략-어플리케이션 아키텍처
04. it정보화전략-어플리케이션 아키텍처
 
03. it정보화전략-솔루션 도입
03. it정보화전략-솔루션 도입03. it정보화전략-솔루션 도입
03. it정보화전략-솔루션 도입
 
02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입02. it정보화전략-보안 아키텍처 도입
02. it정보화전략-보안 아키텍처 도입
 
01. it정보화전략-it 기술기반 도입 계획
01. it정보화전략-it 기술기반 도입 계획01. it정보화전략-it 기술기반 도입 계획
01. it정보화전략-it 기술기반 도입 계획
 
00. it정보화전략-들어가기
00. it정보화전략-들어가기00. it정보화전략-들어가기
00. it정보화전략-들어가기
 
Sha 2 기반 인증서 업그레이드 이해
Sha 2 기반 인증서 업그레이드 이해Sha 2 기반 인증서 업그레이드 이해
Sha 2 기반 인증서 업그레이드 이해
 
IT전략계획-04.보안 아키텍처
IT전략계획-04.보안 아키텍처IT전략계획-04.보안 아키텍처
IT전략계획-04.보안 아키텍처
 
IT전략계획- 03.IT 도입계획
IT전략계획- 03.IT 도입계획IT전략계획- 03.IT 도입계획
IT전략계획- 03.IT 도입계획
 
IT전략계획- 02.정보전략계획(isp)
IT전략계획- 02.정보전략계획(isp)IT전략계획- 02.정보전략계획(isp)
IT전략계획- 02.정보전략계획(isp)
 

Recently uploaded

Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 

Recently uploaded (20)

Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 

Windows security context

  • 1. Windows Security Context 로그온, 권한접근 체크, UAC 2015. 06. 11 기술지원팀 황인균
  • 2. 황인균 로그온 & 접근권한 체크 사용자 Windows LSASS*( Lsass.exe) Login Session - Access Token( SID포함) Winlogon Userinit.exe 프로세스 - Access Token 프로세스 - Access Token create 로그온 Create Securable Object( 예, file ) - Security Descriptor( ACL  SID 포함 ) Duplicate Access Token Security Subsystem 1) Check permissions 2) Token 정보,ACL 정보 비교 1) 세션 생성 2) 사용자의 초기화 프로세스 생성 1) 사용자 Token을 갖는 최상위 부모 프로세스 2) 사용자의 동일 Session에서 실행되는 모든 프로세스들은 이 프로세스에서 Token의 복사본을 상속받는다. create 3) 접근 허용Process Manager * LASS – Local Security Authority Subsystem Service
  • 3. 황인균 SID( Security Identifier ) 란? ■ SID In Windows, Security Identifiers(SIDs) uniquely identify users, groups, computers, and other entities. SIDs are what are stored in access tokens and in security descriptors, and they are what are used in access checks. SID =( revision number, authority value, subauthority value, RID( relative identifier ) Authority value : the agent that issued the SID( Windows local System 또는 domain ) Subauthority value : trustees relative to the issuing authority. RID : a way for windows to create unique SIDs based on a common base SID S-1-5-21-211353117-160xx-83xx - 1 : revision, 5 : authority, 21~83xxx : subauthority values S-1-1-0 - everyone 그룹( 고정된 SID – 모든 Windows에서 동일한 값을 가짐) ■ SID name The names that are associated with SIDs are only for userinterface purposes, and because of localization they can change from system to system. US English systems - Administrators group with the SID S-1-5-32-544 German systems – Administratoren, Italian systems - Gruppo Administrators, Finnish systems - Järjestelmänvalvojat ■ Local SID( Machine SID ) Each Windows computer has a local SID, also known as a machine SID, which is created during setup. Each local group and user account on the computer has a SID based on the machine SID with a relative ID (RID) appended to it. ■ Domain SID Likewise, each Active Directory domain has a SID, and entities within the domain (including domain groups, user accounts, and member computers) have SIDs based on that SID with a RID appended. In addition to these machine-specific and domain-specific SIDs, Windows defines a set of well-known SIDs in the NT AUTHORITY and BUILTIN domains. Windows Sysinternals Adminitrator’s Reference 저자 : Mark Russinovich - p. 185 각 엔터티의 SID = Base SID ( local SID, domain SID ) + RID( Relative ID ) p.390 In Windows Vista and newer, services are assigned security identifiers(SIDs), and it becomes possible to grant or deny access to specific services.
  • 4. 황인균 SID( Security Identifier ) 란? ※ PsGetSid - SID  SID 명령 psgetsid S-1-5-21-1699876237-… 출력결과 Account for 로컬컴퓨터명S-1-5-21-1699876237-…: User: 도메인명dalbong2
  • 5. 황인균 권한 객체 #1 Logon Session Access Token SID includehas Process Access Token has duplicate LUID System : 0x3e7( 999 ) Local Service : 0x3e5( 997) Network Service : 0x3e4( 996 ) has LSASS( Lsass.exe) Security Descriptor ACL * SID includeincludeinclude Access Securable Object 예) file ACE * Permissions 다음 슬라이드 >> create Process Manager * ACL, ACE – 다음 슬라이드
  • 6. 황인균 권한 객체 #2 • Logon Session • Security Descriptor ACL DACL( Discretionary Access Control List) SACL( System Access Control List ≒ system AUDIT control list ) LSA Logon Session TS Session is is contains • ACE( Access Control Entries) SID permissions • ACL - http://clintboessen.blogspot.kr/2011/04/whats-difference-between-acl-ace-dacl.html Windows Sysinternals Adminitrator’s Reference - 저자 : Mark Russinovich - 출판사 : Microsoft SID : p.185~186, 390 LSA Logon Session : p.18, 30, 280 Process : p.21 * ACE( Access Control Entries ) - An entry in an access control list (ACL) - files, folders, registry keys, process , Windows object manager에서 정의한 객체들( directory, sections, semaphores) - An ACE contains a set of access rights and a security identifier (SID) that identifies a trustee access rights : allowed, denied, or audited. - https://msdn.microsoft.com/en-us/library/windows/desktop/aa374868(v=vs.85).aspx
  • 7. 황인균 UAC UAC on Two LSA Logon Session create Standard User Session Administrator Session OTS( Over The Shoulder) elevation – Account Credentials 입력 창 출력 AAM (Admin Approval Mode) elevation – Approval 창 출력 Standard User Session : contains FILTERED TOKEN with powerful groups disabled and powerful privileges removed Administrator Session : contains TOKEN representing the user’s full rights.
  • 8. 황인균 Security Context Security Context object Configuration manager Key object, … Memory manager Section object( Shared memory), …. Executive Semaphore, Mutant, … I/O manager File, … Process manager Thread, process, …