Recommended
More Related Content
What's hot
What's hot (20)
Similar to Windows Security in Operating System
Similar to Windows Security in Operating System (20)
More from Meghaj Mallick
More from Meghaj Mallick (20)
Recently uploaded
Recently uploaded (20)
Windows Security in Operating System
- 1. Birla Institute Of Technology Mesra, Jaipur Topic: Windows Security PRESENTED BY: YASH SOGANI MCA/25025/18
- 2. Security Context One of the basic tenets of Windows Security is that each process runs on behalf of a user. So, each process running is associated with a security context. security context is a bit of cached data about a user, including his/her SID, group SIDs, privileges.
- 3. Security Identifier: (SID) Users reference their accounts by usernames but the Operating system, internally, references accounts by their security identifier. SID’s are unique in their scope (domain or local) and are never reused. So, they are used to uniquely identify user and group account in Windows. By default the operating system SID contains various parts S <revision> <identifier authority> <subauthorities> <relative identifiers>
- 4. Revision: This value indicates the version of the SID structure used in a particular SID. Identifier authority: This value identifies the authority that can issue SID for this particular type of security principal.
- 5. Subauthority: The most important information in a SID is contained in a series of one or more subauthority values. All values except the last one collectively identify the Domain and are called Domain Identifier and the last value represents the Relative Identifier (RID).
- 6. Where is the SID located? When a users logs in for the first time, the system makes chuckling sounds. And explorer.exe starts running after some time. This is because, the operating system is creating a user profile. The operating system dynamically loads the under HKEY_USERS as users log on and off interactively.
- 7. To see this, open registry (type “regedit” at start menu-run),type “run as /u: user- account cmd” at the command prompt, give the password. Now, a new window will open. Refresh the registry(F5) at HKEY_USERS to see the dynamically loaded SID’s. The files NTUSER.DAT and NTUSER.DAT.LOG (which are present in the account profile c:/Documents and settings/your-account) , make up the registry hive for the user profile.
- 8. Access Token A token is a kernel object that caches part of a user's security profile, including the user SID, group SIDs, and privileges. A token is created when ever a user successfully logs on the network. And a copy of this token is assigned to every process and thread that executes on the user’s behalf. A token consists of the following components. accountID, groupID, Rights, Owner, Primary group, Type, Impersonation level, statistics, Restricted SID’s, SessionID
- 9. Account Security User accounts are core unit of Network security. Domain accounts are stored in Active Directory directories databases, where as in local accounts, they are stored in Security Accounts Manager database. The passwords for the accounts are stored and maintained by System Key. Though the accounts are secured by default, we can secure them even further.
- 10. Passwords storage The system stores the passwords at machine’s password strash, i.e., under HKLM/Secuirty/Policy/Secretes. Type at 9:23am /interactive regedit.exe, substituting whatever time is appropriate: Make it one minute in the future.) Once regedit fires up, carefully look at the subkeys under HKLM/Security/Policy/Secrets. You're looking at the machine's password stash, more formally known as the LSA private data store The operating system also,by default ,caches (store locally), the last 10 passwords.
- 11. Account Lock out policies: Account lockout duration: Locks out the account after a particular duration.( 1- 99,999 minutes). Account lockout threshold: Locks out the account after a particular number of failure attempts.( 1- attempts). Resent account lockout countdown after: reset account lockout countdown after certain period (1- 99,999 minutes) ).
- 12. Password Policies: Enforce password History: Enforces password history(0-24) Maximum password age: Set max password age(0-999) Minimum password age: Set min password age(0 to 999) Minimum password length: Set min password length(0 to 14) Password must meet complexity requirements: forces user to set complex alpha numeric passwords.
- 13. Storing password using reversible encryption for users in the domain: We enable this if we want the password to be decrypted and compared to pain text using methods like Challenge Handshake Authentication Protocol (CHAP) or Shiva password Authentication Protocol (SPAP)
- 14. Rights: Rights are actions or operations that an account can or cannot perform. User Rights are of two types: Privileges: A right assigned to an account and specifying allowable actions on the network. Ex: Right backup files and directories.. LOGON rights : A right assigned to an account and specifying the ways in which the account can log on to a system locally. Ex: Acess this computer From Network.
- 15. Permissions: define which resources accounts can access and the level of they have. Right click on any file, under properties, go to security tab and set permissions.
- 16. Latest securities Windows 10 provides the latest antivirus protection with Windows Security. Your device will be actively protected from the moment you start Windows 10. Windows Security continually scans for malware (malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protect it from threats. Windows Security continually scans for malware (malicious software), viruses, and security threats. If you have another antivirus app installed, Windows Security will turn off automatically. In previous versions of Windows 10, Windows Security is called Windows Defender Security Center.
- 17. Run a scan manually When you're concerned about risks to a specific file or folder, you can right-click the file or folder in File Explorer, then select Scan with Windows Defender. If you suspect there's malware or a virus on your device, you should immediately run a quick scan. This is much faster than running a full scan on all your files and folders.
- 18. To run a quick scan in Windows Security: Select Virus & threat protection. Under Current threats, select Quick scan (or in previous versions of Windows 10, under Threat history, select Scan now). If you don't find any urgent issues, you may want to check your device more thoroughly.
- 19. To run an advanced scan in Windows Security: Select Virus & threat protection. Under Current threats, select Scan options (or in previous versions of Windows 10, under Threat history, select Run a new advanced scan). Select one of the scan options: Full scan (check files and programs currently running on your device), Custom scan (scan specific files or folders), or Windows Defender Offline scan (run this scan if your device has been, or could potentially be, infected by a virus or malware). Click Scan now.
- 20. Turn Windows Defender Antivirus real-time protection on or off Sometimes you may need to briefly stop running real-time protection. While real-time protection is off, files you open or download won't be scanned for threats. However, real-time protection will soon turn on automatically again to protect your device.
- 21. To turn real-time protection off temporarily: Select the Start button, then select Settings > Update & Security > Windows Security > Virus & threat protection > Manage settings. (In previous versions of Windows 10, select Virus & threat protection > Virus & threat protection settings.) Switch the Real-time protection setting to Off and choose Yes to verify.
- 22. References http://www.windowsnetworking.com/nt/registry/rtips320.shtml http://www.windowsecurity.com/articles/Group-Policy-Changes- Vista.html https://support.microsoft.com/en-in/help/4013263/windows-10-stay- protected-with-windows-security
- 23. THANK YOU