Embed Size (px)
Citation preview
Introduction To Introduction To Windows NTWindows NT®® Server And Server And
Internet Information Server Internet Information Server
AgendaAgenda
Basic security principlesBasic security principles Basics of Windows NTBasics of Windows NT®® security security Basics of Internet Information Basics of Internet Information
Server securityServer security How the two relateHow the two relate Top tipsTop tips
Provided byProvided byWindows NTWindows NT
Added byAdded byInternet Internet InformationInformationServerServer
Basic Security PrinciplesBasic Security Principles
Security covers:Security covers: AuthenticationAuthentication Access controlAccess control PrivacyPrivacy Data integrityData integrity Monitoring Monitoring Non-repudiationNon-repudiation
Basics Of Basics Of Windows NT SecurityWindows NT Security
To understand To understand Internet Information Server Security Internet Information Server Security
you you mustmust understand understand Windows NT Security!Windows NT Security!
A Simple FactA Simple Fact
AuthenticationAuthentication
Windows NT requires Windows NT requires “authenticated” users“authenticated” users A user must present A user must present
his/her “credentials”his/her “credentials” User name/passwordUser name/password
No notion of an anonymous userNo notion of an anonymous user InsecureInsecure
Each user has a unique Each user has a unique security ID (SID)security ID (SID)
How Applications WorkHow Applications Work
Windows NT applications must Windows NT applications must run in the “context” of a userrun in the “context” of a user When an application runs, When an application runs,
the user’s security information the user’s security information is tagged onto the applicationis tagged onto the application Called a “token”Called a “token” A token identifies the user A token identifies the user
by their SID and group membershipby their SID and group membership Group SIDsGroup SIDs
How Applications WorkHow Applications Work
When an application attempts When an application attempts to use a resource the token is used to use a resource the token is used to determine if that user has accessto determine if that user has access All secure resources have All secure resources have
“access control lists” (ACLs)“access control lists” (ACLs) ACLs are a list of SIDs ACLs are a list of SIDs
and associated access rightsand associated access rights
Windows NT is very pessimisticWindows NT is very pessimistic Access denies are performed firstAccess denies are performed first Do not set everyone (no access)!Do not set everyone (no access)!
Windows NTWindows NT
Windows NT DomainWindows NT Domain
User ID on User ID on this domainthis domain
A Side BarA Side BarWhat does a SID look like?What does a SID look like?
S-1-5-21S-1-5-21-2127521184-1604012920-1887927527--2127521184-1604012920-1887927527-10011001
Services Are ApplicationsServices Are Applications
Windows NT has special Windows NT has special applications called “services”applications called “services” Start when Windows NT startsStart when Windows NT starts Run in the backgroundRun in the background No UINo UI Similar to UNIX daemonsSimilar to UNIX daemons Examples:Examples:
Internet Information ServerInternet Information Server SQL ServerSQL Server™™
Event logEvent log
Services Are ApplicationsServices Are Applications
Because they are applications, Because they are applications, they must run in a user contextthey must run in a user context
But they run before anyone logs on!But they run before anyone logs on! You can configure a service You can configure a service
to run as an accountto run as an account Usually localsystemUsually localsystem No passwordNo password Limited access beyond Limited access beyond
the current server the current server
Principle Of Least PrivilegePrinciple Of Least Privilege
A process always runs in A process always runs in the context of user accountthe context of user account
If the account is privileged then the If the account is privileged then the application has those privileges tooapplication has those privileges too Always run a process in the lowest-Always run a process in the lowest-
possible user contextpossible user context Remember the famous Remember the famous
unix sendmail bug?unix sendmail bug?
ImpersonationImpersonation
Most services run Most services run as localsystem, hence they as localsystem, hence they access resources as localsystemaccess resources as localsystem Not as the user accountNot as the user account Impersonation lets the service Impersonation lets the service
impersonate the user before impersonate the user before accessing the resourceaccessing the resource
In fact is swaps out the localsystem In fact is swaps out the localsystem token for the user’s tokentoken for the user’s token On a thread-by-thread basisOn a thread-by-thread basis
ImpersonationImpersonation
All servers must impersonate All servers must impersonate before accessing a resourcebefore accessing a resource
Also, impersonation reduces the Also, impersonation reduces the number of times a user needs to number of times a user needs to enter their credentialsenter their credentials
Basics Of Basics Of Internet Information Server Internet Information Server
SecuritySecurity
Internet Information Server Internet Information Server AuthenticationAuthentication
Internet Information Server Internet Information Server is a Windows NT serviceis a Windows NT service Hence it must run as a user accountHence it must run as a user account By default LocalSystemBy default LocalSystem
Don’t change!Don’t change!
Every user request must be Every user request must be authenticated and then impersonatedauthenticated and then impersonated
WWW Service SecurityWWW Service Security
AuthenticationAuthentication AnonymousAnonymous BasicBasic Password Password
authenticated authenticated Windows NT Windows NT user accessuser access
SSL 3.0SSL 3.0Client CertificatesClient Certificates
CustomCustom
Authentication ModelsAuthentication Models
AnonymousAnonymous Map onto IUSR_Map onto IUSR_machinenamemachinename account account Guest accountGuest account
BasicBasic Base64 encoded password/usernameBase64 encoded password/username
NTLMNTLM Uses Windows NT network authenticationUses Windows NT network authentication No passwordNo password
WWW Service SecurityWWW Service Security
Privacy/data Privacy/data integrityintegrity Channel Channel
encryptionencryption Message Message
authentication authentication codescodes
WWW Service SecurityWWW Service Security
Access control restricted by:Access control restricted by: Client TCP/IP address (or range)Client TCP/IP address (or range) Client domain nameClient domain name Mapping Client Mapping Client
Authentication CertificatesAuthentication Certificates Publishing point access permissionsPublishing point access permissions Designated site operatorsDesignated site operators NTFS access controlNTFS access control Custom ISAPI/CGI/ASP/componentCustom ISAPI/CGI/ASP/component
WWW Service SecurityWWW Service Security
WWW Service SecurityWWW Service Security
System integritySystem integrity Process isolationProcess isolation Bandwidth limitingBandwidth limiting Application mappingApplication mapping CGI/script time-outsCGI/script time-outs Connection time-outConnection time-out
Custom SecurityCustom Security
Custom:Custom: AuthenticationAuthentication Access controlAccess control
Implement via:Implement via: ISAPI and CGI ISAPI and CGI ASP and Perl ScriptsASP and Perl Scripts Server-side componentsServer-side components
Requires understanding of:Requires understanding of: HTTP ProtocolHTTP Protocol Authentication methodsAuthentication methods
Using Certificates Using Certificates On The WebOn The Web
Authenticated accessAuthenticated access ServersServers ClientsClients
Secure access using SSL/TLSSecure access using SSL/TLS ExamplesExamples
Departmental access controlDepartmental access control Interenterprise access via InternetInterenterprise access via Internet Certificate authority operationCertificate authority operation
E.g., software publishingE.g., software publishing
Credential Credential ties a nameties a name
or identity to or identity to a public keya public key
Credential Credential expirationexpiration
Subject Name: Subject Name: “Internet, Organization, “Internet, Organization, Jane Doe”Jane Doe”
Expires: 6/18/98Expires: 6/18/98
Signed: CA’s signatureSigned: CA’s signature
Serial #: 29483756Serial #: 29483756Public key:Public key: P
ub
lic
Pu
bli
c
Other data: Other data: 1023628302527310236283025273
Usage-specific Usage-specific attributesattributes
PrivatePrivate
What Is A Certificate?What Is A Certificate?
Signed documentSigned document Signed by a “trusted” certifying authoritySigned by a “trusted” certifying authority Binds subject to a public keyBinds subject to a public key
Using Certificates Using Certificates
On The WebOn The Web Why do it?Why do it? Better security than passwordsBetter security than passwords Better scalability than passwordsBetter scalability than passwords
No need to distribute No need to distribute password databasespassword databases
Use emerging technologiesUse emerging technologies Smart CardsSmart Cards Crypto acceleratorsCrypto accelerators
Top Tips AndTop Tips AndRules Of ThumbRules Of Thumb
Top TipsTop Tips
10.10. NTFS is the last bastionNTFS is the last bastion
9.9. If you must use basicIf you must use basicauthentication then use SSL!authentication then use SSL!
8.8. Seriously consider certificatesSeriously consider certificates
7.7. Create a company security policyCreate a company security policy
6.6. Use the Windows NT Option PackUse the Windows NT Option PackResource Kit (shameless plug!)Resource Kit (shameless plug!)
Top TipsTop Tips
5.5. Lock down your serverLock down your server
4.4. Lock away your server!Lock away your server!
3.3. Restrict components at the serverRestrict components at the server
2.2. Do not allow Execute permission!Do not allow Execute permission!
1.1. Use the Windows NT Audit Log!Use the Windows NT Audit Log!
