Vindows安全:NT是分水岭 NT设计目标:TCSEC标准的C2级 >在用户级实现自主访问控制 >提供对客体的访问的审计机制 >实现客体重用 Windows NT 4.0 1958 >1999年11月通过美国国防部TCSEC C2级安全认证 >Windows NT安全子系统 ●提供身份鉴别、自主访问控制、客体共享和安全审计等安全 特性。 ● 主要由本地安全授权(LSA)、安全账户管理(SAM)和安 全参考监视器(SRM)等组成 嵌入式系统实验室 7190 EMBEDDED SYSTEM LABORATORY 5uE料DUN0 ITUTE FOR AOVANCED5 UOY DF U百TC
7/90 Windows安全:NT是分水岭 ❖NT设计目标:TCSEC标准的C2级 ➢在用户级实现自主访问控制 ➢提供对客体的访问的审计机制 ➢实现客体重用 ❖Windows NT 4.0 ➢1999年11月通过美国国防部TCSEC C2级安全认证 ➢Windows NT安全子系统 ⚫提供身份鉴别、自主访问控制、客体共享和安全审计等安全 特性。 ⚫主要由本地安全授权(LSA)、安全账户管理(SAM)和安 全参考监视器(SRM)等组成
"[security]...really is a journey rather than a destination." 1958 From:Hacking Exposed Windows:Windows Security Secrets Solutions Bill Gates,"Trustworthy Computing",January 2002 Refer:http://www.microsoft.com/mscorp/execmail/2002/07-18twc.mspx 嵌入式系统实验室 8/90 EMBEDDED SYSTEM LABORATORY 5uE料DUAN0 ITUTE FOR AOVANCED5 FUOY OF U百TC
8/90 From:Hacking Exposed Windows: Windows Security Secrets & Solutions Bill Gates,“Trustworthy Computing”,January 2002 Refer:http://www.microsoft.com/mscorp/execmail/2002/07-18twc.mspx “[security]… really is a journey rather than a destination
security wheel What asset am I trying to secure? What are the asset's security requirements? What are the risks unique to that asset's security requirements? How do I prioritize and most efficiently address those risks(especially those with heavy impact such as industry and regulatory compliance requirements)? Plan Incident response(IR) Education and training ●Remediation Communications ●Audit resolution Respond Prevent Security operations ●Recovery Rinse and Repeat Security architecture Detect Automated vulnerability scanning Security event and information management(SEIM) Intrusion detection systems (IDS) Anomaly detection systems(ADS) Security audits (including penetration testing) 、嵌入式系统实验室 From:Hacking Exposed Windows:Windows Security Secrets Solutions
9/90 security wheel From:Hacking Exposed Windows: Windows Security Secrets & Solutions
Kernel User 物理逻辑 Security context Connect As.. ☒ By defaut,you ml connect to the network foider as RIOUoel To connect as anocher user,enter their user name and password below. User name: user Eassword: 88088●0年 Attacking Windows security using both kernel and user mode approaches
10/90 The Windows Security Architecture from the Hacker’s Perspective Attacking Windows security using both kernel and user mode approaches 物理/逻辑
Vindows安全技术 Vindows NT/2000/XP中的常用安全技术 >Windows!身份验证与访问控制 >Windows审核机制 >Windows注册表 >Windows加密文件系统 >Windowsz基准安全注意事项 Windows2003中的新安全技术简介 of Science and Technol 嵌入式系统实验室 11/90 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
11/90 Windows安全技术 ❖Windows NT/2000/XP中的常用安全技术 ➢Windows身份验证与访问控制 ➢Windows审核机制 ➢Windows注册表 ➢Windows加密文件系统 ➢Windows基准安全注意事项 ❖Windows 2003中的新安全技术简介