Winders NT Security NT was introduced in 1993 and quickly became a popular platform for client-server environments. NT is based on 32-bit architecture so it provides many features like multi-tasking, resource sharing and high availability of resources. NT provides increased security over older operating systems like Windows 9 x and UNIX. NT has both server and client versions. The client version of NT does not have as many features or capability. The Server version can handle 256 connections while client version can only do one.
Global security management functions are not supported by client version either. NT gives an administrator the ability to control user accounts and groups. Domains are used to contain machines in groups. This can be used as an administrative tool to control users privileges and access to system resources and data. It can also be useful for updating and stuff like that.
One machine in a domain is set as the controlling system and from that machine a security policy can be created and enforced on the entire domain. Backup domain controllers are recommended. Machines on a domain share a user database which allows a user to have a single ID and easily sign on to any machine as long as its in the domain. NT uses the ideal of trusted domains. If a user authenticates to his primary domain, he is free to access any other sub domains as long as that domain trusts the primary domain.
(Pass through validation) Domain trusting allows for a user who does not have an ID on a given domain to still gain access to it as long as the user is validated on the primary domain, however, what permissions the user has is dictated by the Admin of the domain he is a guest in. Domains make it easier to control users, machines, and what goes on. It is useful in enforcing policies on groups and restricting the rights of users. Security issues are minimized in remoter applications because there is no need for someone at each site to be in charge of security and policy enforcement. One Admin can group remote sites into their individual domains and provide increased security from his desk.
User accounts come in both local and Domain flavors. This means a user can be restricted to using only the local machine or any machine on the domain. NT has a guest account, recommended password protecting it. (I would disable). User privileges are set by the system Admin for either an individual user or can be gained simply by being added to a group. One difference in UNIX and NT is that the "superuser" access is given to the Admin because all permissions are granted.
If those permissions were removed from the Admin account and given to Bob, the Admin would be restricted like a normal user. UNIX does not allow this. CTRL+ALT+DELETE during login is thought to prevent Trojans. NT user Ids are not case sensitive and may be up to 20 characters long.
The LSA (local security authority) runs on the local machine and is responsible for identifying the user, creating access tokens and making audit trails to keep track of a users activity. The LSA checks the entered ID and password against a security registry called the SAM. The SAM contains the users ID and password information as well as account permissions. Access tokens are used instead of the used ID. When access to a resource is requested the token is checked against the security reference of that resource and if requirements are met access is granted. Access Control Lists are used in NT to limit users access to system resources.
NT supports C 2 auditing as defined by the DOD Orange book. This provides for trails of successful or failed attempts at system resources. The events may include logging on or off, changing files, changes to security policies, etc. Each machine stores its audit trails locally and if admin privileges can be obtained through poor security the trails can be tampered with.