Security subsystem in Windows NT.

Security subsystem in Windows NT.

Security subsystem in Windows NT

What happens if confidential information from your computer falls into the hands of competitors? And what if an offended or simply dissatisfied with his salary employee uses access to important data and destroys it? Will this harm your business? The answer is obvious. Therefore, if you really care about the safety of the information contained in your computer, you should consider installing the multi-user operating system (OS) Windows New Technology (NT) from Microsoft Corporation.

In terms of its external design, Windows NT is not very different from Windows 95, another popular operating system for personal computers. In addition, all programs that work correctly under Windows 95 can also be used in the Windows NT environment. And yet, these are two completely different operating systems. Instead of trying to execute any user command, Windows NT itself decides (taking into account information about who exactly is sending a particular command) whether it is justified to perform the corresponding actions. For this purpose, it has a powerful security subsystem built into it.

Windows NT places a great deal of emphasis on security. Microsoft experts claim that this is precisely why it has a significant advantage in cases where confidential information needs to be kept secret.

The idea of ​​creating such an OS arose almost ten years ago. Windows NT was conceived as an OS that would meet the needs of the American military industry, and its developers tried to meet all the requirements necessary for certification at the C2 security level of the US federal government.

The Windows NT functionality is based on an object protection model. Any system resource can be a protection object — a file, a device, a user program or a process. For each of them, there is always a corresponding protection object containing information about who is allowed to do what with this resource. This information is transferred simultaneously with the movement or copying of resources.

In order to fully implement an object-oriented approach to protecting computer resources, a multi-user OS must first determine whose request is being serviced at a given time. Windows NT uses two keys to identify users: a name and a password. The name determines the user's capabilities when working with the system, and the password corresponding to the name confirms the presence of these capabilities and should be known only to the user.

Before starting work, each user must go through the registration procedure in the system. After turning on the computer and loading the OS, a window appears on the display with the inscription «To log on to the system, press Ctrl + Alt + Delete». Pressing these keys simultaneously launches the Windows NT security subsystem, which prompts the user to enter their name and password. As you type, the password characters on the screen are replaced with asterisks so that outsiders cannot spy on it. After you finish entering, the security subsystem checks the correctness of the entered data. If the name and password are specified correctly, you can start working in the system.

When the user leaves the computer, he informs the system about this by pressing the same keys Ctrl + Alt + Del. Another dialog box of the security subsystem appears on the screen, containing the name of the registered user and several buttons:
«— ««Log off the system»…» terminates all programs launched by the user and puts Windows NT into the mode of waiting for the next registration attempt;
— «Shutdown…» prepares the system for power-off in addition to stopping all user programs;
—«Lock» hides the contents of the display screen; to unlock the screen again, you must enter the appropriate password;
— «Change Password…» of the security subsystem dialog box allows you to change the user password.

So, any registered user can work in Windows NT. For successful registration, he needs a so-called budget, which includes all the information that allows distinguishing this user of the system from others. The budget is a small database containing the name and password, as well as a description of the user's capabilities.

During the installation of Windows NT, two user accounts are automatically created — with the names «Administrator» and «Guest». «Administrator» is the absolute master of Windows NT. Among the users of the system, he has the broadest powers. For example, the administrator can gain access himself, as well as restrict the access rights of other users to any object protected by Windows NT. However, the system prohibits even the administrator from doing something. For example, the administrator cannot find out someone else's password, which means he is unable to do something on behalf of another user without the latter's knowledge.

«Guest» is intended for temporary users — «guests» of Windows NT. During installation, the «Disable account» flag is set for it, meaning that this account is blocked and cannot be used during registration. After the administrator removes this flag, any user will be given the opportunity to register in Windows NT under the name «Guest». However, in this case, he will be given minimal opportunities to work in the system.

Creating new budgets and changing existing ones is the exclusive right of the administrator. He can make corrections to the user name (from 1 to 20 characters, case insensitive) and to his password (up to 14 characters, case sensitive), and also reset a number of flags, having previously launched the application «User Manager».

If the «Require password change at next logon» check box is selected, then the first time this user registers, the system will require him to change the password to a new one, created by him. This check box is necessary in order to hide the user password from the administrator. «Prohibit user from changing password» serves the opposite purpose: in this case, the password is always known to the administrator. «Permanent password (without expiration date)» allows you to disable the password aging mechanism for this user, which forces everyone else to change their passwords regularly (for example, once a week). «Disable account» is used to temporarily block a user's access to the system.

Windows NT has certain rules for working with accounts, compliance with which increases the security of work in the system. To stipulate these rules, the administrator can use the «Accounts» command. in the «Policy» menu of the »User Manager» application window. The «Account Policy» dialog box appears with the following options:
—«Maximum expiration period». You can require the user to change their password as often as specified in the «Expiration period (days)» field. To maintain a balance between ease of use and maintaining proper password privacy, it is best to set the password change period to 30-45 days.
— «Minimum validity period». The number of days in the «Cannot be changed (days)» field sets the minimum period after which the password can be changed. Using this option, the administrator can force all users to have the same password for a certain period of time.
— «Minimum password length». The shorter the password, the easier it is to remember. However, in this case, it will be easier for an intruder to pick the right password to register in the system by simply trying all possible combinations. Longer passwords provide greater system security, but then users forget their passwords more often, which causes a lot of trouble for the administrator. To specify the minimum password length, you need to put the desired number in zero «Not less than… characters».
—«Password uniqueness». The number in zero «Store passwords» specifies the number of passwords to store in the retrospective list containing user passwords. No combination from this list can be used as a new password when it is time to change the password.
— «Account Lockout». The «Lockout after … unsuccessful login attempts» field specifies the maximum number of unsuccessful registration attempts. This value is linked to another number, which is specified in the «Reset counter after … min» field and determines for how long the unsuccessful attempts should be counted. If the number of unsuccessful attempts within the specified period exceeds the limit, the budget will be locked. In the «Lockout duration» group, there is a field «Lock for… min», which contains the time the user's budget will be locked. If the «Permanent (until administrator unlocks)» checkbox is selected, the budget will be locked until the administrator unlocks it.

The last option ('User must log in to change password') in the 'Account Policy' dialog requires the user to log in before changing their password (to prevent an attempt to enter an expired password to log in under a spoofed budget).

The administrator can assign certain rights to users using the User Manager application in the User Rights Policy dialog box, which is called from the Policy menu by the User Rights command. Such rights, which apply to the system as a whole, allow certain actions to be performed in the system, namely, logging on to this computer, creating new user accounts, changing the system time, and also performing certain other operations listed in the User Rights Policy dialog box.

It is often useful to monitor the use of the rights assigned to users — to monitor user registration in order to detect unsuccessful attempts to register (meaning an intention to bypass the Windows NT security subsystem), to record changes made to budgets, to monitor file access operations, etc. To do this, the administrator must run the User Manager application and set the appropriate flags opposite the operations whose success or failure should be monitored in the Audit Policy dialog box, which is called from the Policy menu using the Audit command. The audit results are recorded in a special log.

Protection of individual resources (files, directories, hard disk partitions, or printers) in Windows NT is based on the principle of discretionary access control. According to it, each resource has an owner who controls access to this resource from other users. The owner of a file or directory is considered to be its creator, a disk partition is «owned» by the person who divided the disk space into partitions, and a printer is controlled by the person who installed it in the system.

Windows NT has two methods of managing access to resources: file-level permissions and directory-level permissions. Permissions here are rules that govern user access to any OS resource.

To define file-level permissions, right-click the appropriate resource in the Explorer application and select the Properties option. In the dialog box that appears, select the Security tab and click the Permissions button. In the Permissions dialog box, you can assign users different levels of permissions: Read, View, Full Control, and others. For a disk partition or directory, permissions are defined down to each file or subdirectory located on that disk partition or in that directory.

Defining access to a resource at the directory level does not affect access to other resources included in it (for example, access to a directory in this case does not affect access to files and subdirectories contained in it). This method of granting access to a resource is usually used to control remote access to network devices.

Directory-level permissions are created as follows. Using the Explorer application, find the resource that you want to share. Right-click on it and select the Access option. In the dialog box that appears, click the Permissions button. Then, in the Permissions: Shared Resource dialog box, select the desired level of permissions for this resource — Read, Modify, or Full Control.

Remote Access Service (RAS) for Windows NT allows you to connect to a computer running this OS from any corner of the globe where there is a power outlet for the computer and a telephone jack for the modem. RAS provides the ability to work with all the resources of a remote computer in the same way as in the case of a direct connection to the local computer network to which this computer belongs. As a result, the computer network becomes more open, which, however, does not mean a rejection of security measures.

First, a client wishing to use the capabilities of RAS must first obtain an account that allows remote access in the Windows NT that is installed on the remote computer.

Secondly, this client is required to register using RAS, similar to registration in Windows NT. RAS has two user authentication systems — Password Authorization Protocol (PAP) and Challenge Handshake Authorization Protocol (CHAP).

PAP is a simple, standardized protocol for implementing a password system. The user's identity and password are transmitted over the line at the beginning of a connection request, and are then checked by the receiving device for authentication against a special registration database. This database is stored in encrypted form, but the identity and password are not encrypted when transmitted over the line.

CHAP is a standardized user registration scheme using a very complex messaging protocol. According to the CHAP protocol, the user is first authenticated during registration. The administrator can then specify the number of times the user can re-register. Re-registrations are used to reduce the time a potential attacker has to try to penetrate the system. When using CHAP, all transmissions over the communication line are encrypted. Thus, CHAP provides a higher level of security than PAP. However, the CHAP registration database is more accessible because it is stored in the open.

Before using RAS, it must be properly configured at both ends of the telephone line connecting the two computers. The user can then choose the authentication method.

The «Unencrypted passwords (plain text)» option means that the user agrees to any method, and access is allowed even if no method is used. This option is selected if there is no need to worry about the security of the data being transmitted.

The 'Encrypt passwords required' option indicates that any authentication methods other than PAP may be used. This option is used to prevent the user name and password from being transmitted over the telephone line in unencrypted form.

When selecting the option «Require Microsoft encryption for passwords», user authentication is performed using a modification of CHAP developed by Microsoft. In this case, you can also set the option «Data encryption required». Then not only the user name and password will be encrypted, but also all other information transmitted over the telephone line. The RC4 algorithm from the American company RSA Data Security is used for its encryption.

Regardless of how complex the security subsystem of your OS is, any computer that an intruder can directly access (using the keyboard or via a modem) is vulnerable. In this sense, a computer running Windows NT is no exception.

However, the presence in Windows NT of powerful and reliable systems of user registration, user account management, distribution of rights and permissions, as well as additional protective means turns this operating system into a reliable fortress, capable of withstanding persistent attempts to illegally penetrate it from the outside. In addition, Microsoft promises the appearance in 1999 of a new, fifth version of the Windows NT OS, equipped with even more advanced protective means.