PPT – PowerPoint presentation | free to download

About This Presentation

Title:

Description:

Title: Session One VeriSign Enterprise Overview Author: Last modified by: user Created Date: 11/30/1999 2:11:20 AM Document presentation format – PowerPoint PPT presentation

Number of Views:42

Avg rating:3.0/5.0

Slides: 177

Provided by: 6648

Category:

more less

Transcript and Presenter's Notes

Title:

1
??????

????????
? ? ?
xiaomj_at_ustc.edu.cn

2
???????------???????
??????????????,???????
????
????
????
?????
????

?????????
???????
???????
?????

3
???????????
???????
???????
4
????????
5
??????????
CPU
??
??
???????????????
??I
?????
????
??II
????
???
???
???
???
??III
6
Windows ???????
???
???
???
???
7
???????----????
??,????????
???????????

?????????????????????????????????,?????????
???(??????)
???????????
?????????????
???(??????)
?????????????????????????????????????,????????????
??????,????????????????????,??????????????????????
?????????????(??? ?,???,??????????????)?????(?????
????)?

8
??????
Windows????
Linux????
FreeBSD????
BeOS????

Windows ?????????????
Linux / Unix ????????????,???????????
BeOS ?????BeOS???????????????BeOS?????????????,??
??????????????????

9
Windows 2000??????
Professional
Server
Advanced Server
Datacenter Server

Professional ???????,????????,???Windows NT4.0
Workstation
Server ?????????Windows NT4.0 server?????????????
????????,????????????????????????Server?NT4???????
????,??????????????
Advanced Server ?????????Windows
NT4.0?????Server?????,Advanced Server?????????????
??SMP(??????)?????Server??,????????????
Datacenter Server ???????????WIN2000???,?????????
??????,????32?SMP???64GB??????????????????????????
??????????,????????????

???WINDOWS 2000??????????????
10
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

11
Windows 2000????
????(2GB 4GB)
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
????(0GB 2GB)
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
12
I/O????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
????????????,???????????,????????,????????????????
?????????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
13
??????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
?????????????????????????????????????????????????

WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
14
????????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
????????????(Security Reference
Monitor)??????????????????????????????(Access
Control List,ACL)???,?????????????????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
15
?????????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
???????????????????????????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
16
??????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
???????,????????API?
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
17
????????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
?????????????????????????,??????????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
18
????????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
??????????????????????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
19
????????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
?????????Windows 2000????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
20
??????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
????????????,Windows 2000?????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
21
??????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
?????????API???
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
22
??????????
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??
????????????????(VMM)??????????????
WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
23
???????

??????????????????????????????,??????????
WIN32????????????,???????,???????
??????????-??????(GDI),?????????WIN32K.SYS???
??????(CSRSS.EXE)
????????????.DLL
POSIX???
OS/2???

24
???

????
??????
???????????
??????????
????????
??????????(????????)
???????
?????????????(ISR)?,??????????
???????????????????RAM??
??????(??????????????????)???
??????C\WINNT\SYSTEM32\NTOSKRNL.EXE???
????????????
???????????,???????????????????

25
Windows???????
?? ???????? ?? ?????/??? ????
HAL.DLL ????? N/A ????? SYSTEM
NTOSKRNL.EXE ?????? ?? ????? SYSTEM
KERNEL32.DLL WIN32???.DLL N/A ????? SYSTEM
GDI32.DLL WIN32???.DLL N/A ????? SYSTEM
USER32.DLL WIN32???.DLL N/A ????? SYSTEM
ADVAPI32.DLL WIN32???.DLL N/A ????? SYSTEM
SMSS.EXE ????? ?? ????? SYSTEM
WIN32K.SYS WIN32??????? ?? ????? SMSS.EXE
CSRSS.EXE ?????? ?? ????? SMSS.EXE
WINLOGON.EXE Windows???? ?? ????? SMSS.EXE
LSASS.EXE ?????????? ?? ????? WINLOGON.EXE
MSGINA.DLL ??GINA N/A ????? WINLOGON.EXE
SERVICES.EXE ????? ?? ????? WINLOGON.EXE
NTDLL.DLL ???????????? N\A ????? SMSS.EXE
OS2SS.EXE OS/2????? ?? ???? SMSS.EXE
PSXDLL.DLL POSIX???.DLL N\A ???? SMSS.EXE
PSXSS.DLL POSIX????? ?? ???? SMSS.EXE
26
Windows ???????????
???? (Winlogon)
???? (Posix,RAS)
Win32 ??
Win16 ??
DOS ??
KERNEL32.DLL
ADVAPI32.DLL
WOW
USER32.DLL
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
WIN32K.SYS
PSXSS.DLL
LSASS.EXE
GDI32.DLL
PSXDLL.DLL
I/O ???
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
???? NTOSKRNL.EXE
?????(HAL)
????HAL.DLL
??
27
WINDOWS 2000 ?????
????(2GB 4GB)
???? (Winlogon)
???? (Posix,RAS)
DOS ??
Win32 ??
Win16 ??

Intel x86?????4?????,?????(ring)
Ring 0?????
Ring 1
Ring 2
Ring 3?????
Win2K?????????
Ring 0????
????????????????
Ring 3????
?????????????????????

WOW
Win32 ???
????? (Posix,RAS)
????? (LSA)
VDM
I/O ???
????(0GB 2GB)
?? ???
???? ???
???? ????
?? ???
???? ???
???? ???
???? ???
?? ???
?? ???
?? ???
? ? ?
?????(HAL)
??
28
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

29
Windows ???????
???? ------ ???? ------- ???????? -------
?????? ------- ????????????????????????
Windows 2k??????????services.msc???????
30
Windows ?????????
?????????????????????? - Windows
2000??????????? ?? - Windows 2000????????????,???
??????? ??? - Windows 2000????????????,??????????
??????????,?????????????? ???????????,???????????
?
31
Windows ?????????

?HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv
ice ??????????????? Start ??, ??????????????????
???????Start ??????????????????????????
????? Start ?????? 0?1?2?3?4 ?????, 0?1?2 ????
Boot(???????????????)? System(????????????????
)?Auto Load ??????? Start ????? 3 ??????????
?????????(Load on demand), 4 ?????????, ??????

32
Windows ???????

???????
smss.exe Session Manager
csrss.exe ????????
winlogon.exe ??????
services.exe ????????
lsass.exe ?? IP ???????? ISAKMP/Oakley (IKE) ? IP
???????(????)
svchost.exe ????????
spoolsv.exe ????????????????(????)
explorer.exe ?????
internat.exe ???

33
Windows ??????? I

???????(?????????)
mstask.exe ????????????(????)
regsvc.exe ??????????(????)
winmgmt.exe ????????(????)?
inetinfo.exe ?? Internet ??????????? FTP
??????(????)
tlntsvr.exe ??????????????????????????(????)
termsrv.exe ??????????????????? Windows 2000
Professional ???????????????? Windows
????(????)
dns.exe ???????(DNS)???????????(????)

34
Windows ??????? II

???????(?????????)
tcpsvcs.exe ??? PXE ??????????????? Windows 2000
Professional ????(????)
ismserv.exe ??? Windows Advanced Server
???????????(????)
ups.exe ??????????????(UPS)?(????)
wins.exe ?????? NetBIOS ???? TCP/IP ???? NetBIOS
?????(????)
llssrv.exe License Logging Service(system
service)
ntfrs.exe ?????????????????????(????)
RsSub.exe ??????????????(????)
locator.exe ?? RPC ????????(????)

35
Windows ??????? III

???????(?????????)
lserver.exe ?????????(????)
dfssvc.exe ?????????????????(????)
clipsrv.exe ????????,?????????????????(????)
msdtc.exe ????,????????????,????,????,????????????
?(????)
faxsvc.exe ???????????(????)
cisvc.exe Indexing Service(system service)
dmadmin.exe ??????????????(????)
mnmsrvc.exe ?????????? NetMeeting ???? Windows
???(????)
netdde.exe ???????? (DDE) ???????????(????)
smlogsvc.exe ??????????(????)
rsvp.exe ???????(QoS)????????????????????????????(
????)
RsEng.exe ????????????????????(????)
RsFsa.exe ?????????????(????)

36
Windows ??????? VI

???????(?????????)
grovel.exe ???????(SIS)???????,????????????????,??
??????(????)
SCardSvr.exe ????????????????????????????(????)
snmp.exe ???????????????????????????????(????)
snmptrap.exe ???????? SNMP ???????????,???????????
?????? SNMP ?????(????)
UtilMan.exe ????????????????(????)
msiexec.exe ?? .MSI ?????????????????????(????)

37
Windows??????????

?????(SMSS.EXE)
Win2K??????????????????
?????????
?????????
????
??????
????????/???????
??/????????
??????
??????????
WINLOGON(.EXE)
???????(SCM),?SERVICES.EXE??
??????????(LSASS.EXE)
????????(Graphical Identification and
Authentication-GINA)??????????

38
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

39
WINDOWS ?????????

NT/Win2000??????
Ntldr------???????,???????,????????
Boot.ini------???????????,?????Intel x86??????????
????????????
Bootsect.dos------??????????,????????????,??Ntldr?
?????
Ntdetect.com------??????,??????,??????????????????
Ntbootddd.sys------???????SCSI??????????
NT/Win2000??????????
Ntoskrnl.exe------Windows NT ???
System------???????????????
Device drivers------???????????????
Hal.dll------???????

40
WINDOWS ???????

NT/Win2000??????
??????????
??????????,????????
??????????????
Ntldr????????????
??????????32???????
Ntldr??????????????????????????????NTLDR???,???FAT
?NTFS?
Ntldr?boot.ini??
Ntldr??????????WindowsNT???,Ntldr??Ntdetect.com
?????????,Ntldr?????Bootsect.dos????????.
windows NT????.
Ntdetect.com ??????????????Ntldr,?????????HKE
Y_LOCAL_MACHINE\HARDWARE?.
??Ntldr??Ntoskrnl.exe,Hal.dll???????
Ntldr????????,?????????????????????
Ntldr??????Ntoskrnl.exe,??,??????,??????

41
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

42
???????????
?????????? ?????????? ?????????? ????????? ???
???????
???????????GB 17859-1999?????????????????

????????????????????????????TCSEC(Trusted
Computer System Evaluation Criteria(1985)),??????
????
??????(Policy)???
??????????(Accountability)
????????????????(Assurance)
?????????????(D1?C1?C2?B1?B2?B3?A1?A2),??D1???????
??,????????????????????
???????????????????C1?
????????????????????????????????????,?????????????
?

43
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

44
Windows ???????

Windows NT/2K?????6????????
??Audit,
??Administration
??Encryption
????Access Control
????User Authentication
????Corporate Security Policy?
Windows NT/2K ??????????????????????

?? Audit
?? Administration
????Corporate Security Policy
45
Windows ???????

Windows ? C2 ???????,??????C2????????????????
??????(Discretion access control)
??C2?????,Windows ????????????????????????????????
????????????????
????(Object reuse)
???(??????)???????,Windows ??????????????,???????W
indows NT??undelete????????????
????(Mandatory log on)
?Windows for Workgroups,Windwows 95,Windows
98??,Windows2K/ NT???????????,????????????????????
??????,??Windows ??C2???????????????
??(Auditing)
Windows NT ????????????,????????????????
???????(Control of access to object)
Windows NT??????????????????????????,?????????????
???????

46
Windows ?????

???????????,Windows2K/ NT?????????????????
??????????,Windows2K/ NT????????????????????????,?
????Windows2K/ NT????????????
Microsoft????????????
??????????
??Windows2K/ NT??????????
??????????????
?????????Windows 2K/NT????????????
?????????,????????????????????
Windows ?????????
?? ??? ??? I/O?? ?? ?? ?? ??
??????????????????????????,???????????????????,???
??????????

47
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

48
Windows 2000 ???????
KerberosWindows 2000??????????????Windows
2000?????????Kerberos?????????????????
??Windows 2000????????????????????(LDAP)????????
Kerberos
??????
??????(LSA)
????????????????,????????????????????????????????
?
Windows 2000 ??????
MSV1_0??Windows NT??????????????????Kerberos?????
Windows????????
Windows NT ??????
?? ??
MSV1_0
Netlogon
???????????????,???????????????????????????????,?
??????????
?????????????????????,???????????????????????????
?????
SAM
49
Windows 2000 ??????

????????????????
???????????(ACL)
??????????ACL??????
?????(??????????????)????
? ?
? ?
? ?
????
? ?
? ? ? ?
LSA
LSA
SRM
50
Windows 2000 ??????????
???? ?????
???? ?(LSA)
???? ???
????? ????? ??????
???? ??? ???
??Kerberos? ?NTLM?? ????
????? ????? ???ACL
????? ??(LSA)
????? ??(SRM)
?? SID zhangsan
????????? ????????????????????IC????
??????? ????ACL ??????
???? ?ACL
????? ??(LSA)
SID ?? ?? ??
51
Windows ??????????

Windows NT/2K ??????????????
?????(Security Identifiers)
????????SID,??????????????????,???????????????SID,
??????Windows NT?,?????????SID?
SID???????,???????????????????CPU?????????????????
?????? S-1-5-21-1763234323-3212657521-123432132
1-500
????(Access tokens)
???????,??????????????,?????????????????,?????????
???,????????Windows NT,??Windows
NT???????????????????
????????????,Windows NT???????????????
????????????????????????,??????????????????,??????
???
?????(Security descriptors)
Windows NT???????????????????????????????
??????(Access control lists)
?????????????????(Discretionary
ACL)?????????(System ACL)?
??????????????????,???????,???????????????????????
????????????????????????,????????????
??????????????(Access control entries)?
?????(Access Control Entries)
????????SID??????????????????????????????????????
??
??????????????????,?????????????,????????????????
?,???????????,???????????????
?????SID?GSID(??????)????(????????)?

52
Windows ??????????
Win logon

???????????
Winlogon
Graphical Identification and Authentication
DLL (GINA)
Local Security Authority (LSA)
Security Support Provider Interface (SSPI)
Authentication Packages
Security support providers
Netlogon Service
Security Account Manager (SAM)
Winlogon? Local Security Authority
??Netlogon ??????????????,????DLL??????????

GINA
Local Security Authority
SSPI
Authentication Packages
Security Support Providers
Security Account Manager
Net logon
53
Windows ????? -------Winlogon Gina and LSA

Winlogon and Gina
Winlogon??GINA DLL,???????????GINA
DLL??????????????????????GINA DLL???????????,?????
???????????????(??????)?????GINA DLL?
Winlogon???????\HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon ,????GinaDLL?,Winlogon?
????DLL,???????,Winlogon??????MSGINA.DLL

??????(Local Security Authority)??????????,??????
?
????????,??????\HKLM\SYSTEM\CurrentControlSet\Cont
rol\LSA?AuthenticationPAckages???,????DLL????(MSV_
1.DLL)??4.0??,Windows NT???\HKLM\SYSTEM\CurrentCon
trolSet\Control\LSA ??????SecurityPackages????
????????SIDs??????
?????????
?????????????????
?????????
??????????
???????

54
Windows ????? -------SSPI and SSP

??????????(Security Support Provide Interface)
???Security Support Provide Interface??????RFC
2743?RFC 2744???,?????????API,????????????????????
???
???(Authentication Package)
?????????????????GINA DLL??????,????????SIDs?LSA,
???????????????

???????(Security Support Provider)
?????????????????,?????????????,?????,Windows
NT???????
Msnsspc.dll??????/??????
Msapsspc.dll?????????/????,??????????????
Schannel.dll?????????????????????????,?????????Ve
risign????????????SSL(Secure Sockets
Layer)?PCT(Private Communication
Technology)??????????

55
Windows ????? -------Netlogon and SAM

????(Netlogon)
???????????????????????????????,?????????
???????????,??,???????????????,?????????????,?????
??SIDs??????
???????(Security Account Manager)
???????,??????????SAM,????????????????????
?????\HKLM\Security\Sam????????????????Sam,???????
?,Sam???????

56
Windows 2000??????

??Windows 2000 Professional or Server???,Windows
2000 ???????????. Windows 2000???? Kerberos
????????. ????? Key Distribution Center (KDC) ??,
Windows ???Windows NT LanManager(NTLM)
??????????SAM ???? ?
??????????
??????????????. Graphical Identification and
Authentication (GINA) ???????.
GINA ?????????Local Security Authority (LSA)
?????.
The LSA ???????Security Support Provider
Interface (SSPI). SSPI ????Kerberos ? NTLM?????
??.
SSPI ?????????Kerberos SSP. Kerberos SSP ??
???????????. ?????, Kerberos ??????? SSPI.
?????KDC, ????????????????.
???????? SSPI ??GINA. GINA ???????????LSA. LSA
???????????SSPI.
??, SSPI ?????????NTLM driver MSV1-0 SSP. NTLM
driver ?Netlogon ?????SAM?????.
??NTLM?Kerberos?????????, ????????????????????????
.

57
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

58
????????
????windows 2000????????Administrator ? Guest

?????
59
?????

???????

Windows 2000 ?????????,???
???
????
????
???

60
Windows ??????
SAM

windows NT?win2000?????????????????????(security
account manager)???
???????????????????????,???????????????,???????,??
????????
????????,?????????,???????????????????????,???????
??,????????????,?????????????,????????????,???????
???

61
???????SAM

??????????????SystemRoot\system32\config\sam???
sam???windows NT????????,??2K/NT??????????????????
???????
sam?????????unix????passwd??,???????????passwd????
??????????,????linux passwd???????
root 8L7v6 0 0 root /root
/bin/bash
msql !! 502 504 /home/msql
/bin/bash
unix??passwd???????????????,??????????
??,??????? "??????
???? ?? uid gid ???? ????
shell
??????????(?????????shadow?)?????????
??
?Windows??????,?????????????,????????
??????NT?sam??,?????????????NT?????????????????,??
??????????????????????
HKEY_LOCAL_MACHINE\SAM\SAM
HKEY_LOCAL_MACHINE\SECURITY\SAM
?????SAM?????,????????system??????

62
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

63
????
?????,????????
64
??????
Winlogon

????????(Secure Attention Sequence,SAS),??????GINA
????
???????????????
????????
????????
????????
????(?????)??

GINA
65
??WINDOWS?????
????
????
????
????
66
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

67
????????????

??????????????????
???????????????,???????????,???????????????????
??????????????????
?????????????????

68
Windows ???????

??????????????????????,??????????????????????
??????????????,??????????????????
????????????
Access this computer from network
???????????????
Add workstation to a domain ??????????????
Backup files and directories
???????????????????
Change the system time ???????????????
Load and unload device drive ???????????????????
??
Restore files and directories ?????????????????
Shutdown the system ?????????

69
Windows ???????
? ?
? ?
???
??
? ?
??
???
I/O??
?? ??

????????????????(????NTFS?)???,
????????????????,??????(??????????????????)?
?????????????,????????????????????????,?????
Read(R)?Execute(X)?Write(W)?Delete(D)?Set
Permission(P)? Take Ownership(O)??????????????????
? ??????

70
Windows ?????------ ????
????
??????Execute (X) ??,????????,?????
???? RXWDPO ???????
No Access ?????????
List RX ???????????????,?????????
Read RX ??List??,????????????? ??????????
Add XW ???????????
Add and Read RXW ??Read?Add???
Change RXWD ?Add?Read???, ????????????,????????
Full control RXWDPO ?Change???,???????????????????
71
Windows ?????------ ????
????
???? RXWDPO ???????
No Access ?????????
Read RX ?????????,???????????
Change RXWD ?Read???,?????????
Full control RXWDPO ??Change???,???????????????
72
Windows ?????------ ????

?????????(??),??????????,???????????????,????????
??????????? ????????????????????,?????????? ?NT
Server??????????,???????????
????????????????????????

????
???????????????????
?????? ???????
No Access(????) ????????????????????????????????,????
Read(?) ??????,?????????? ???????
Change(??) ???????????,????????????????,?????,????????
Full control(????) ????????????,?????????(????NTFS?)?????(????NTFS?)
??????????????????????????, ?????????????????????
??????????
73
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

74
Windows ???????

Windows??????????
????
???????????,??????????????????????????
??????
???????????,????????????DLL(?????)?????????
????
????
??????????????????????????????????????????
???

75
Windows ?????????

?????????
SYSTEMROOT\system32\config\SysEvent.Evt
SYSTEMROOT\system32\config\SecEvent.Evt
SYSTEMROOT\system32\config\AppEvent.Evt
LOG??????????
HKEY_LOCAL_MACHINE\System\Current Control
Set\Services\Eventlog

76
Windows ???????

Internet????FTP?????? systemrootsystem32logf
ilesmsftpsvc1,????????
Internet????WWW??????systemrootsystem32logfiles
w3svc1,????????
FTP???WWW????????ex(??)(??)(??),??ex001023,??2000
?10?23??????,??????????
Scheduler????????
systemrootschedlgu.txt

77
FTP ????
FTP????,??? Software Microsoft Internet
Information Services 5.0 (??IIS5.0) Version
1.0 (??1.0) Date 20001023 031155
(????????) 031155 127.0.0.1 1USER
administator 331 (IP???127.0.0.1????administator??
??) 031158 127.0.0.1 1PASS 530 (????)
031204 127.0.0.1 1USER nt 331
(IP???127.0.0.1????nt???????) 031206
127.0.0.1 1PASS 530 (????) 031232
127.0.0.1 1USER administrator 331
(IP???127.0.0.1????administrator????)
031234 127.0.0.1 1PASS 230 (????)
031241 127.0.0.1 1MKD nt 550 (??????)
031245 127.0.0.1 1QUIT 550 (??FTP??)
????????IP???127.0.0.1???????????,??3?????????
?,??????????????????IP???????????
78
HTTP ????

HTTP????,???
Software Microsoft Internet Information
Services 5.0
Version 1.0
Date 20001023 030931
Fields date time cip csusername sip sport
csmethod csuristem csuriquery scstatus
cs(UserAgent)
20001023 030931 192.168.1.26 192.168.1.37 80
GET /iisstart.asp 200 Mozilla/4.0(compatibleMSI
E5.0Windows98DigExt)
20001023 030934 192.168.1.26 192.168.1.37 80
GET /pagerror.gif 200 Mozilla/4.0(compatibleMSI
E5.0Windows98DigExt)
???????,????2000?10?23?,IP???192.168.1.26???????IP
???192.168.1.37???80??,???????iisstart.asp,???????
??compatibleMSIE5.0Windows98DigExt,????????
????????FTP???WWW?????????IP????????

79
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

80
????

????
????????????????????????????,?????????????????????
?????????????
??????????????????????(??????????)?
?????????????????????????????????????????
Kerberos ?????????????? Kerberos
?????(????????????)??????????? Kerberos ???
?????,????????????????????????,?????????????????
?????????????????????,??????????????????????????
????,????(??????)???????????????????????????????,?
???????????????,??,????????????????????
?????????????????????????
???????? SID/NAME ??
???????????????

81
????
82
????

? ? ? ? ? ?
???????????????
??????????????????????????????????????????????????
????(??,? Internet ???? (IPSec) ??????)?????
??????????? (CTL)????????? ??????
(CA)????????,???????????????????,?????????????????
?,?????????????? IPSec ??????,?????????????,??????
??????????????
?????????????????????????????????????????????(????
????????????)???????????????????,?????????????????
???????????????????????????????????
??????????,??????????????

83
IP ????
84
???

???(Group Policy)?????????????????????????????????
??????????????????????????????????????????????????
?????????????,??????????????,?????????????????????
????,?????????,??????????????????????????,??????
??????????????,????????????????,??????????????????
,??????????????,????????
?Windows 2000/XP/2003???,??????????????,??????,?
?????,??????????gpedit. msc???,???????????????
,???????????????,??????????????????,????????????MM
C??????

85
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

86
Windows ??????EFS ------??

Windows2000 ??????????????????????????????????????
?????????????????????????????EFS,???????????
??EFS????????? http//www.microsoft.com/windows200
0/techinfo/howitworks/security/encrypt.asp
??????(EFS) ????????????,??????
NTFS?????????????????????????,????????????????????
???????????,??????????????????????????????????????
?????,????????????????????????????????????????????
???????????,???????????

87
Windows ??????EFS ------??

EFS??
?EFS??
EFS??
EFS???????(FSRTL)
Win32 API
EFS??
????????????,??Windows 2000??????????
??CryptoAPI???????DDF?DRF,
EFS?????NTFS????,???EFS??????,DDF?DRF???????,
??EFS??????EFS FSRTL,????EFS???????NTFS??????????
EFS??
???????????????????,????????????????????????????,?
?????????????????????,????????????????
EFS??????????(DESX)??????(RSA)???,????????????(???
???FEK???),?????????????
?????????????,?????????????????
EFS???????,??????????????????????,??,??????????EFS
??????????????
Windows 2000 ?CryptoAPI??????????????????,????????
?????????,??????????????

88
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

89
?? Windows ??

?????????
??????NTFS???
????????????????
????????,??????,????????,?????IIS????????/?????,??
????IIS???????????????????????????ADMIN?
???????(????IIS?????)????????
NT??SP6a,??????????Hotfix
WIN2K??SP3????Hotfix
??????
??????????????
???????????,????????
????????????????????
????????

90
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

91
?? Windows ??

????????????????????????
???????
????????NTLast?????????????????
???????NTFS
??????,?????????? ??????????????
(??????????????). ??????????????? (???????)
,???????????????????????????
????? ??????????????????????????????,????NTFS????
???????????????
??Service Pack/Hot Fixes????

92
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

93
Windows ??????
?Windows ????????????????????,????????????????????
?????????????????????????????

????????????????????WINDOWS??????Microsoft???????
(Remote Access Service)???. ??,?????????????????,
????????????????. ?????,RAS????????
?????????? ?????????????Windows NT
??????????????????????????,???????BIOS??????
????????? ??????? (?Windows NT ??????Linux
??????) ????NT??????????,??Linux
?????????,??Linux ?????????????mount NTFS ?????
???????? ??????????????????,?????????

94
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

95
Windows ????????

?????????????????NT???????????????????
????????????????????????????.
????????,????????????????????180??????????????8???
,??????????????, ????????(????????)???????????????
????????
????????? ????????????????????,????????
???????????? ???????????????Administrator
?Guest??????
????????????????????NT???????????????????5?????
?
????????????
???????????????????????.
?? ??-------????------??????------??----
--??

96
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

97
Windows ???????

Administrator ????????????,??NT/2K
?????????????????????????????
???????? ?Administrator ?????????????????????????
??????,?????????????????
?????????NTLAST ????????????????????????????????
??????
????????????????????????????????????????????????
?,????,????????????????,?14???????

98
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

99
Windows ??????????

?????????
?TCP/IP?????????????????,??????????????????
??snmp??
??????????????
??terminal server??
????????????
Alerter ClipBook Computer Browser

100
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

101
Windows ?????? ------ WFP

WFP??????Windows File Protection,?Windows?????????
????????????????????????????????,????????????dll(?
????)???????????????
???Windows 2000????????dll?exe?fon?ocx?sys??tff
??????????)
???SYSTEMROOT/system32/dllcache ?????
?WFP?????????????????????????
??????????????,?????????????????????,WFP???SYSTE
MROOT/system32/dllcache???????????
??????????,????????Windows 2000???????????

102
Windows ?????? ------ ????WFP

??WFP?
1????? --gt ??,??regedt32???
2??? HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Window
s NT/CurrentVersion/Winlogon
3??????????????New--gtDWORD Value,?????SFCDisable
4?? Hexadecimal ??????? ffffff9d ???WFP
5????????????????
????????????????--gt??--gt???????Administrative
Tools--gtEvent Viewer????????????????Windows
2000????????WFP???????

103
Windows ?????? ------ ???????

???????
??????????????,?????????????????,?????????????????
??
???????,???????(????????)?????(Everyone???)??????(
Full Control),????????????????
????????,?????????
???????????????????,??????????????????
?????????????(????????)?????????????????????,????
????????????????,?????????????????????????,???????
????????????????
???????????
???????????,????????????????

104
Windows ?????? ------ ???????

?????????????????D\arrow?
cmd.exe (???? shell.exe)
ping.exe
ftp.exe
route.exe net.exe wscript.exe
cscript.exe arp.exe cacls.exe
netstat.exe regedit.exe regedt32.exe
nslookup.exe tracert.exe ipconfig.exe
syskey.exe
issync.exe tskill.exe poledit.exe
regsvr32.exe telnet.exe at.exe
??????????
?????????????
runas.exe xcopy.exe tftp.exe
telnet.exe at.exe
nbtstat.exe rsh.exe rcp.exe
debug.exe rexec.exe
edit.com finger.exe edlin.exe
runonce.exe netsh.exe regini.exe
find.exe

105
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

106
Windows ?????? ------ WINDOWS 2000

Windows?????????????
Windows2000?
??????-gt????????????,??????
???? ?? ??
???? ?? ??
???? ??
???? ?? ??
???? ??
???? ?? ??
?????? ??
?????? ?? ??

107
Windows ?????? ------ WINDOWS NT

WindowsNT?
?? ? ????? ?????? ? ?? ? ??
????????,??????????????????
??????????????????????????

108
? ?
? ? ?
? ? ?

WINDOWS ????
??????
???????
??????
???????
WINDOWS ??????
??????
?????
????
????
????
????
????
??

WINDOWS ??????
????
????
????
??????
?????
????????
???????
????
??????
WINDOWS ???????????
WINDOWS ??????????
WINDOWS NT??????
WINDOWS 2000??????

109
Windows ???? ------ ??????

???????????
HKEY_LOCAL_MACHINE
\System\CurrentControlSet\Services\LanmanServer\Pa
rameters
?? AutoShareServer
?? REG_DWORD
?? 0
???????????
HKEY_LOCAL_MACHINE\SOFTWARE
\Microsoft\Windows NT\CurrentVersion\Winlogon
???? DontDisplayLastUserName
?? REG_SZ
?? 1

110
Windows ???? ------ ????1

FPORT????
Pid Process Port Proto Path
400 svchost -gt 135 TCP
C\WINNT\system32\svchost.exe
8 System -gt 139 TCP
8 System -gt 445 TCP
8 System -gt 1028 TCP
872 rsvp -gt 1047 TCP
C\WINNT\System32\rsvp.exe
624 WinMgmt -gt 1048 TCP
C\WINNT\System32\WBEM\WinMgmt.exe
624 WinMgmt -gt 1049 TCP
C\WINNT\System32\WBEM\WinMgmt.exe
540 inetinfo -gt 1054 TCP
C\WINNT\System32\inetsrv\inetinfo.exe
1616 msdtc -gt 2692 TCP
C\WINNT\System32\msdtc.exe
1616 msdtc -gt 3372 TCP
C\WINNT\System32\msdtc.exe
8 System -gt 3778 TCP
400 svchost -gt 135 UDP
C\WINNT\system32\svchost.exe
8 System -gt 137 UDP
8 System -gt 138 UDP
8 System -gt 445 UDP
256 lsass -gt 500 UDP
C\WINNT\system32\lsass.exe
244 services -gt 1029 UDP
C\WINNT\system32\services.exe

FPORT
???? netstat ?????????,??????????????????,????????
??????,netstat ??????????????????,????????????????
?????,????????????????svchost.exe?dllhost.exe,????
?????????,???????????web??????????,?????????????RP
C???,????????????,FPORT????netstat?taskbar???
???????????????????????,????????????????????,?????
?????,???Task Manager???,????FPort?????????
????http//www.foundstone.com/knowledge/proddesc/
fport.html

111
Windows ???? ------ ????2
????Pslist ???? http//www.sysinternals.com/
????Pskill ???? http//www.sysinternals.com/
????????Process Explorer ????
http//www.sysinternals.com/
112
Windows ????

Write a Comment

User Comments (0)