Presentation17
Download
Report
Transcript Presentation17
COMP1321
Digital Infrastructure
Richard Henson
February 2016
Week 17: Network Operating
Systems and Active Directory
Objectives:
» Explain a (network) operating system
architecture in terms of a multi-layered model
» Explain how platforms provide client-end
stability for apps (or otherwise…)
» Explain how Active Directory is used to control
login and access to network resources
» Explain how Active directory can provide trust
across multiple domains
Reminder: Software Layers
and Operating Systems (OS)
Applications
os functions & user interface
os kernel
CPU, motherboard
What if the Operating System
has software faults?
The platform becomes “unstable”!!
Could be errors in…
» hardware control?
» user interface?
» utilities?
On a client-server network?
Client platform unstable?
What would happen to:
applications running on a poorly designed
platform?
the rest of the local network?
businesses depending on such apps?
Software Faults & CWE
Lot of recent interest in why software (even
some operating systems…) is so unreliable
Mitre Corporation (US) with govt backing…
tested software very thoroughly!
classified software fault types into a Common
Weakness Enumeration (CWE)
» community developed, formal list of software
weakness types
6
[TSI/2012/183]
© Copyright 2003-2012
What is CWE?
Essentially… a list!
CWE provides:
standard measuring stick for software tools
targeting software weaknesses
common baseline standard for efforts to
identify, mitigate, and prevent software
weaknesses
More about Mitre
and the CWE list
Currently (12/2015) 998 distinct CWE
entries identified by Mitre!! (version 2.9)
http://cwe.mitre.org/data
more commonly encountered weaknesses
usually “repeat offenders”
New vulnerabilities found on a regular
basis
Example of an
operating system flaw
Apple:
“dangerous flaw revealed in iOS 7 and X”
(21/2/14)
http://gizmodo.com/why-apples-hugesecurity-flaw-is-so-scary1529041062?utm_campaign=socialflow_gi
zmodo_facebook&utm_source=gizmodo_f
acebook&utm_medium=socialflow
CWE Top 25 faults (part 1)
Rank
ID
Name
1
CWE-79
2
CWE-89
3
CWE-120
4
5
6
7
CWE-352
CWE-285
CWE-807
CWE-22
8
9
CWE-434
CWE-78
10
11
12
13
CWE-311
CWE-798
CWE-805
CWE-98
Failure to Preserve Web Page Structure ('Cross-site
Scripting')
Improper Sanitization of Special Elements used in an
SQL Command ('SQL Injection')
Buffer Copy without Checking Size of Input ('Classic
Buffer Overflow')
Cross-Site Request Forgery (CSRF)
Improper Access Control (Authorization)
Reliance on Untrusted Inputs in a Security Decision
Improper Limitation of a Pathname to a Restricted
Directory ('Path Traversal')
Unrestricted Upload of File with Dangerous Type
Improper Sanitization of Special Elements used in an OS
Command ('OS Command Injection')
Missing Encryption of Sensitive Data
Use of Hard-coded Credentials
Buffer Access with Incorrect Length Value
Improper Control of Filename for Include/Require
Statement in PHP Program ('PHP File Inclusion') [TSI/2012/183]
© Copyright 2003-2012
CWE Top 25 faults (part 2)
Rank
ID
14
15
CWE-129 Improper Validation of Array Index
CWE-754 Improper Check for Unusual or Exceptional
Conditions
CWE-209 Information Exposure Through an Error Message
CWE-190 Integer Overflow or Wraparound
CWE-131 Incorrect Calculation of Buffer Size
CWE-306 Missing Authentication for Critical Function
CWE-494 Download of Code Without Integrity Check
CWE-732 Incorrect Permission Assignment for Critical
Resource
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-362 Race Condition
16
17
18
19
20
21
22
23
24
25
Name
[TSI/2012/183]
© Copyright 2003-2012
TSI
Logo
Susceptibilities
The confirmed presence of one or more
vulnerabilities within an implemented system,
such as the presence of an operating system with
a buffer overflow defect
Susceptibilities in systems stem from:
a. initial implementation
b. changes to software, such as from adding new
facilities or the correction of detected errors
(‘patching’)
c. use of utility programs, which may be capable of
circumventing security measures in the controlling or
application software
[TSI/2013/306 | Draft 0.B | 2014-02-10]
TSI
Logo
Vulnerabilities
Vulnerabilities can be:
The existence of a generic weakness in a particular
platform, such as a buffer overflow occurring in a
specific operating system or application
Interactions between multiple software elements that
bypass intended controls
Accidental actions of software developers that result
in defects and deviations
Deliberate actions of software developers that bypass
intended controls, such as trap doors that permit
unauthorised access to the system
[TSI/2013/306 | Draft 0.B | 2014-02-10]
Vulnerabilities from
Major Vendors (2011 figures)
[TSI/2012/183]
© Copyright 2003-2012
Software Weakness
Mitigation
What to do about all these faults….?
Many concepts and practices
needed for Trustworthy development
of software have existed for many
years…
“Due Diligence”
Pareto 80:20
15
[TSI/2012/183]
© Copyright 2003-2012
Due Diligence
Implies software should be
reasonably trustworthy….
»what does “reasonably” mean?
Implementations vary with Audiences
and Assurance Requirements
Pareto 80:20
(favoured by TSI)
Practice improved iteratively using
existing experience
Example:
»switching on and acting on Compiler
Warning Flags…
would obviates many common “repeat offender”
weaknesses
If only this was normal practice!!! It
could be….
Apps and Operating Systems
Applications need a platform…
better designed platform…?
» easier to design trustworthy apps
Mobile phone app vulnerabilities by malware
for platform (F-Secure, 2012):
http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q3%202012.pdf
Apple iOS: 1.1
Symbian: 29.8
Android: 62.8
Windows mobile: 0.6
Why the differences?
Apps written to use operating system
(os) platform appropriately…
well designed os restricts/prevents
inappropriate use
poorly designed os allows sloppy habits
» but may have performance advantages… (!)
» e.g. Android top 25 vulnerabilities (CWE):
http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id19997/Google-Android.html
Logon
& protecting the client end
When a networked client is turned on…
operating system loaded…
user logon screen presented
Rapid local boot is fine…
but most organisational computers are on
networks…
» why?
why does network logon take so long?
“Policies”: Controlling User
and System Settings
The Windows user’s desktop is controlled with
policies
user policies
system policies
Configuring and using policies - essential part
of any network administrator’s job!
could be 100s or 1000s of systems, & users
Storage of User/System
Settings: Windows Registry
Early Windows extended DOS text files of
system & user settings:
SYSTEM.INI enhanced CONFIG.SYS
WIN.INI enhanced AUTOEXEC.BAT
Windows 95: two dimensional
structure… known as The Registry
principles later extended in Windows NT v4 to
allow system and user settings to be downloaded
to local registry across the network
Viewing/Editing the Registry
REGEDT32 from command prompt…
look but don’t touch!
contents should not be changed manually unless
you really know what you are doing!!!
Registry data that is loaded into
memory can also be overwritten by
data:
from local profiles
downloaded across the network…
System Settings
For
configuration of hardware and
software
different types of system need different
settings
system settings for a given computer may
need to be changed for particular users
e.g. to change screen refresh rate for
epileptics
User Settings
More a matter of convenience for the user
mandatory profiles
» users all get the same desktop settings!
» anything added is lost during logoff!
roaming profiles - desktop settings preserved
between user sessions
» saved across the network…
What is The Registry?
A hierarchical store of system and user
settings
Five basic subtrees:
HKEY_LOCAL_MACHINE : local computer info.
Does not change no matter which user is logged on
HKEY_USERS : default user settings
HKEY_CURRENT_USER : current user settings
HKEY_CLASSES_ROOT : software config data
HKEY_CURRENT_CONFIG : “active” hardware
profile
Each subtree contains one or more subkeys…
Location of the Windows Registry
In XP…
c:\windows\system32\config folder
Six files (no extensions):
Software
System – hardware settings
Sam, Security
» not viewable through regedt32
Default – default user
Sysdiff – HKEY USERS subkeys
Also to be considered: ntuser.dat
» user settings that override default user
Registry Files in Windows 7
HKEY_LOCAL_MACHINE \SYSTEM:
\system32\config\system
HKEY_LOCAL_MACHINE \SAM:
\system32\config\sam
HKEY_LOCAL_MACHINE \SECURITY
\system32\config\security
HKEY_LOCAL_MACHINE \SOFTWARE
\system32\config\software
HKEY_USERS \UserProfile
\winnt\profiles\username
HKEY_USERS.DEFAULT
\system32\config\default
Emergency Recovery if
Registry lost or badly damaged
Backup registry files created during text-based
part of windows installation
also stored in:
» c:\windows\system32\config
» have .sav suffix
only updated if “R” option is chosen during a
windows recovery/reinstall
NEVER UPDATED backup is saved to
C:\windows\repair folder
no user and software settings
reboots back to “Windows is now setting up”
Backing up the Registry
Much forgotten… an oversight that may later
be much regretted!!!
can copy to tape, USB stick CD/DVD, or disk
rarely more than 100 Mb
Two options;
Use third-party backup tool
» e.g http://www.acronis.co.uk
Use windows “backup”
» not recommended by experts!
» but already there & does work!
» to copy the registry if this tool is chosen, a “system state”
backup option should be selected
System Policy File
A collection of registry settings downloaded
from the domain controller during logon
Can apply different system settings to a
computer, depending on the user or group
logging on
Can overwrite:
local machine registry settings
current user registry settings
Should therefore only be used by those who
know what they are doing!!!
System Policy File
Saved as NTCONFIG.POL
Normally held on Domain Controllers
read by local machine during logon procedure
provides desktop settings, and therefore used to
control aspects of appearance of the desktop
Different NTCONFIG.POL settings can be
applied according to:
User
Group
Computer
Users with roaming profiles additionally save
desktop settings to their profile folders
Active Directory
Microsoft equivalent of Novell’s NDS (Network
Directory Structure)
An LDAP network-wide directory service for
providing paths to files and services
Available from Windows 2000 onwards
of limited use on earlier Windows networks
Windows
Workgroups and Domains...
Workgroup = peer-peer
Domain = client-server
Client machines can logon
Locally (i.e. peer-peer)
To domain (client in a client-server network
Servers and Domain
Controllers
Client server networks use clients only
for users
clients need to log on to the domain to
access network resources
domain access managed by domain
controllers
Member servers used to provide and
manage services
What is Active Directory?
A object-oriented database (Internetapproved x500 standard)
a hierarchy of data objects (& their
properties)
» domain controllers
» computers
» users & groups of users
» network resources
Domain Controllers and
Active Directory
Good practice to have backups
domain controller should have a backup….
managed as part of the Active Directory
system
data on network resources, services & users all
stored in a single file
» ntds.dit
tools available for AD system management
» e.g. ntdsutil
Backing up the Database
Goes without saying that the loss of
Active Directory will be very bad for
the network (!)
people won’t even be able to log on/off!
AD should be backed up…
regularly!
preferably on another computer…
In another location…
Microsoft approach to
“Scalable” Networks
Domain = Unit of a Microsoft LAN
data store needed that will cover all network
users and resources
replicated across domain controllers
Criticised for not being “scalable” beyond
a local LAN…
Next week: how Microsoft addressed this