9A.
A.1 Windows.
Microsoft Windows . 9.1.
.9.1. Windows
(ID , , SID , AT , SD , R ).
(Local Security Authority LSA), lsass.exe. (winlogon.exe), .
Ctrl+Alt+ +Delete ( DLL) (ID ) (). msgina.dll (Graphical Identification and Authentication dynamic-link library GINA) , -.
HKEY_LOCAL_MACHINE\Software\Microsoft\ WindowsNT\CurrentVersion \WinLogon GinaDLL.
Windows (Graphic User Interface GUI) . , Ctrl+Alt+ +Delete.
Ctrl+Alt+Delete , .
, .
LSA, ( ) .
MSV10 ( msvl_0.dll).
- () (Security Account Manager SAM) .
SAM ( SAM) .
HKEY_LOCAL_MACHINE\SAM ( Windows\System32\ Config\SAM).
SAM ( ). SAM Windows API ( ).
|
|
SAM -, 128 . - Windows NT:
1. 14 ( ) Unicode, .
2. - {) 128 ( MD4).
3. - DES , , ERW(H{P)).
4. SAM.
- LAN Manager:
1. ( ) .
2. , 14 , 1 2.
3. 1 2 DES = KGS!@#$%, 64 :
1 = 1() 2 = 2 ().
4. DES , , 1 2:
ERID ( 1 || 2).
5. SAM.
- LAN Manager ( , , ). ( 500).
SAM Windows , .
Windows - SAM syskey. syskey - 128 , .
syskey 128 , :
- ( , );
- startup.key ( 16 ) ( );
|
|
- , 12 .
, ( , ), MSV1_0 - NetLogon ( ). - LM, NTLM NTLM v2.
Windows Kerberos SSP/AP (Security Support Provider/Authentication Packages, / ), Kerberos.
- LSA , .
SID (security identifier), b LSA.
, .
SID :
- (48 ), (RID) (32 );
- ;
- .
SID :
S-R-I-S-S... ( S SID, R , I , S ). SID ,:
S-1-0-0 ( -), S-1-1-0 (, ), S-1-2-0 (, , ), S-1-5-2 (, , ), S-1-5-18 ( ).
, LSA AT (access token), .
:
- SID ;
- ;
- () ;
- , ;
- ;
- ;
- ( ) (impersonation);
- .
, :
- ;
- ;
- ;
- ;
- .
LSA AT , , (userinit.exe) AT. AT Windows Windows (explorer.exe), . .
|
|
, .
, , . .
Windows Vista . .
A.2. Windows.
Windows . SD (security descriptor), :
- (SID) ;
- ( Windows );
- (discretionary access control list DACL);
- (system access control list - SACL).
SACL .
DACL , . , , .
DACL (access control entry ) .
:
- SID , ;
- (access mask AM), ;
- ;
- , .
DACL :
- , (Access-allowed );
- , (Access-denied ).
, , .
() . Windows :
- ;
- ();
- (generic) .
, , , .
, , , DACL , .
|
|
.
, DACL, 32 . 16 , 16 23 , 24 - ACCESS_SYSTEM_SECURITY, 25 - MAXIMUM_ALLOWED, 26 27 28 31 , .
, , LSA. LSA (security reference monitor SRM), DACL SD R . SRM R, LSA , .
(desired access mask granted access mask).
, . .
:
1. DACL, . .
2. , , .
, DACL , , . DACL .
( , FAT), .
Windows :
1. ( CreateFile CreateDirectory , RegCreateKeyEx );
2. ( );
3. , ( ).
Windows :
- NTFS;
- ;
- ;
- (, threads);
- ;
- (services);
- .
Windows. , . . . 4 , - , , , .
Windows , , . , , , .