60791
Description
Computer
Security U8 -
Windows 2000
Security
- Introduction
- Memory &
Privilege
levels
- linear 32-bit
(4GB)
address
space
- linear 32-bit
(4GB)
address
space
- Object-based
security
- Securable
objects
- Active
Directory
- objects
with
attributes
- objects
with
attributes
- Securable
objects
- programs
- processes
- threads
- threads
- processes
- Memory &
Privilege
levels
- Basic concepts
- Principals
- Security
principals
- Security
Identifiers
(SIDs)
- Security
Identifiers
(SIDs)
- groups
- security
- e-mail
distribution
- security
- Security
principals
- Objects
- instance
of a class
- instance
of a class
- Classes
- Object
Handler
- controls objects
- kernel objects
- executive obejcts
- kernel objects
- controls objects
- Principals
- Active Directory
- secure, distributed, scalable &
replicated hierarchical directory service
- integrates DNS
- single point of admin (incl. security)
- Objects
- GUID
- schema
- container
- can hold
other objects
- e.g. directory
- e.g. directory
- can hold
other objects
- leaf
- GUID
- Names
- security
principal
- SIDs
- LDAP
Distinguished
Name (DN)
- Relative DN (RDN)
- canonical
- GUID
- GUID
- Relative DN (RDN)
- LDAP
Distinguished
Name (DN)
- SIDs
- security
principal
- secure, distributed, scalable &
replicated hierarchical directory service
- Domains &
Organizational Units
- domain controller
- member server
- organizational unit
- organize and
contain AD
objects
- organize and
contain AD
objects
- Trust
relationships
- domain
tree
- domains with common
schema/configuration
- domains with common
schema/configuration
- domain
forest
- trees with common schema
- not a contiguous namespace in AD
- trees with common schema
- managed
domains
- domain
tree
- Domain models
- single
- master
- multiple master
- complete trust
- single
- domain controller
- Authentication
- ID
verification
- interactive
logon
- network
authentication
- network
authentication
- SAS
- GINA DLL
- Local Security
Authority (LSA)
- Local Security
Authority (LSA)
- Kerberos
- Key Dist.
Centre (KDC)
- ticket-granting
ticket (TGT)
- ticket-granting
service (TGS)
- ticket-granting
service (TGS)
- ticket-granting
ticket (TGT)
- Single
Sign-On (SSO)
- Key Dist.
Centre (KDC)
- ID
verification
- Access Control
- DACL
- object handles
- handle table
- 28-bit pointer
to object
header
- 32-bit access mask
- handle file
entries
- access
control
entires
- access
requests
- access
requests
- access
control
entires
- generic access
rights
- (R)ead
- (W)rite
- (X)ecute
- (A)ll
- (A)ll
- (X)ecute
- (W)rite
- (R)ead
- handle file
entries
- 4 flags:
(L)ock
(A)udit
(P)rotect
(I)nherit
- 28-bit pointer
to object
header
- handle table
- Control Access
Rights
- extended
- property sets
- validated writes
- extended
- privilege
- take-ownership
- take-ownership
- Impersonation
- Principle of
Least Privilege
- Principle of
Least Privilege
- Access Tokns
- primary
- LSA
- primary
- Security
Descriptor
- control
flags
- owner
- primary
group
- DACL
- SACL
- SACL
- DACL
- primary
group
- owner
- control
flags
- AC
Entries
- Access-denied
- Access-allowed
- System-audit
- System-audit
- Access-allowed
- Access-denied
- DACL
- Security
Management &
Audit
- Security
Configuration
Tool Set (SCTS)
- Group Policy
Objects
(GPOs)
- Audit
- detect
behaviour that
violates policy
- analyse
security
breaches
- provide
evidence for
prosecution
- detect
behaviour that
violates policy
- Security
Configuration
Tool Set (SCTS)
0 comments
Want to create your own Mind Maps for free with GoConqr? Learn more.