{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Windows 7-Note2

Windows 7-Note2 - Windows security infrastructure In the...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Windows security infrastructure In the Architecture unit of BTO130 (after the study week), we’ll learn more about the security infrastructure, but for now we’ll introduce some concepts. You know that you must logon to use Windows. What you also need to know is that there is a Windows component which constantly evaluates whether you are authorized to perform the actions you want on objects like files and folders. Terminology Your job: Find out (and write down and memorize if necessary) what the following terms mean: Authentication - Authentication is any process by which you verify that someone is who they claim they are. Credentials – proving a person’s identity Authorization -Authorization is finding out if the person, once identified, is permitted to have the resource. Access rights (access privileges; sometimes called logon rights) Permission User account – a security object that represents the user of the computer Account, User account, Group Access control – a system which allows an authority to access to areas and resources in a computer Authentication (Windows Vista, and Windows 7) The logon process was changed to improve a number of authentication features, and to support User Account Control. Here’s a brief description of the logon process/sequence. Steps 2 and 5 are different in Vista/7 compared to XP: 1. A process (a program that is running) called "winlogon" manages the whole logon procedure (note: try to find this process in Task Manager) 2. Another process called "logonui" collects credentials (name, password) 3. These credentials are passed to the local security authority subsystem (LSASS) (note: try to find this process in Task Manager) 4. The local security authority looks up the credentials in the credential store (database of local users, or a domain controller, or an LDAP store) (note: on standalone or workgroup computers, the credential store is located on the computer) 5. If the user is valid, an access token (which includes identification and security info) is created (note: an access token is valid until logout; it is like a token or ticket that you use in many other areas of human society); users who are administrator-equivalent get two tokens – one is a standard user token, which is used by default, and the other is a token that has all the user’s security identifiers
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}