دانلود کتاب امنیت داخلی ویندوز – نگاهی عمیق به احراز هویت، مجوزدهی و حسابرسی ویندوز

In each chapter, we’ll cover core security features implemented in modern versions of Windows. We’ll also walk through several worked examples written in PowerShell, which should give you a better understanding of the commands introduced in the chapter. Here’s a brief summary of what each chapter covers. Part I surveys the Windows operating system from a programming perspective. It should provide you with the foundation needed to understand the material in the rest of the book. Chapter 1: Setting Up a PowerShell Testing Environment In this chapter, you’ll set up PowerShell to run the examples included in the subsequent chapters. This includes installing a PowerShell module I’ve written to interact with Windows and its security features. The chapter also provides an overview of the PowerShell scripting language. Chapter 2: The Windows Kernel This chapter covers the basics of the Windows kernel and its system call interface, a topic crucial to developing a solid understanding of Windows security. I also describe the object manager, used to manage resources. Chapter 3: User-Mode Applications Most applications don’t directly use the system call interface from the kernel; instead, they use a set of higher-level programming interfaces. This chapter covers Windows features such as file handling and the registry. Part II covers the most important component of the Windows kernel for security, the Security Reference Monitor. We’ll look at all aspects of access control, from constructing the user’s identity to securing an individual resource, such as a file. Chapter 4: Security Access Tokens Windows assigns every running process an access token, which represents the user’s identity to the system. This chapter describes the various components stored in the token that are used to check access. Chapter 5: Security Descriptors Each securable resource needs a description of who is allowed to access it and what type of access they are granted. This is the purpose of security descriptors. In this chapter, we’ll cover their internal structure and how you can create and manipulate them. Chapter 6: Reading and Assigning Security Descriptors To inspect the security of the system, you need to be able to query the security descriptor of a resource. This chapter explains how this querying happens for different types of resources. It also covers the many complex ways that Windows assigns security descriptors to resources. Chapter 7: The Access Check Process Windows uses the access check to determine what access to grant a user to a resource. This operation takes the token and the security descriptor and follows an algorithm to determine the granted access. This chapter works through a PowerShell implementation of the algorithm to explore its design in depth. Chapter 8: Other Access Checking Use Cases Although Windows primarily uses access checks to grant access to resources, it sometimes uses them to determine other security properties, such as the visibility of resources and whether a process is running with a low level of privilege. This chapter covers these alternative use cases for the access check. Chapter 9: Security Auditing The access check process can also create logs of the resources a user has accessed, and with what level of access. This chapter covers these system auditing policies. Part III contains details of Windows authentication, the mechanisms that verify a user’s identity for the purposes of access control. Chapter 10: Windows Authentication As the topic of authentication is quite complex, this chapter summarizes the authentication structure and services on which the rest of the authentication mechanisms depend. Chapter 11: Active Directory Windows 2000 introduced a new model for networking Windows systems in an enterprise, with all authentication information stored in a network directory that users and administrators could query and modify. This chapter covers how Active Directory stores information and secures it from malicious modification. Chapter 12: Interactive Authentication The most common authentication scenario on Windows occurs when a user enters their username and password into their computer and gains access to the desktop. This chapter covers how the operating system implements this authentication process. Chapter 13: Network Authentication When a user wants to access a network service in a Windows enterprise network, they typically must authenticate to it. Windows provides special network protocols to implement this authentication without disclosing the user’s credentials to a potentially hostile network. This chapter explains the network authentication process, focusing on the New Technology LAN Manager (NTLM) authentication protocol. Chapter 14: Kerberos Along with Active Directory, Windows 2000 also introduced the use of the open Kerberos authentication protocol for enterprise network authentication. This chapter explains how Kerberos works in Windows to authenticate a user interactively and over a network. Chapter 15: Negotiate Authentication and Other Security Packages Over the years, Windows has added other types of network authentication protocols. This chapter covers these new types, including Negotiate, to supplement those discussed in Chapters 13 and 14. Finally, the two appendices provide configuration details and further resources. Appendix A: Building a Windows Domain Network for Testing To run some of the examples in the book, you’ll need a Windows domain network. This appendix provides some steps for using PowerShell to configure a network for testing. Appendix B: SDDL SID Alias Mapping This appendix provides a table of constants referenced in Chapter 5.