Ah Well here another one for the big pile
Printable View
Ah Well here another one for the big pile
can i eat the pope
Hi,
Just contributing to the thread.. that's all.
:p
Lets get this thing over..here's my contribution
Microsoft Windows 2000 Security Handbook
by Alexander Kachur, Dave Bixler, Travis Davis, Theresa Hadden, Jeff Schmidt
PART I
Windows 2000 System Basics
1 Architecture 7
2 Processes and Threads 31
3 Security Model 45
4 NTFS 5.0 77
5 Services 91
6 Drivers 111
CHAPTER 1
Architecture
In this chapter
A New Windows 8
The Windows 2000 Operating System Model 9
Memory 20
Kernel Objects 26
Exceptions and Interrupts 28
I am of the opinion that to be able to effectively secure anything, you must first completely understand it. When I hired a security firm to secure my home, the consultants spent a fair amount of time talking with me trying to gain an understanding of how the house was “used.” Did all occupants have day jobs such that the house is empty during most daytime hours? Are there children coming and going during all hours of the night? Are there pets that are free to roam the house? Am I out of town for extended periods often? Do I hire pet or house sitters during those times? What is the threat? How safe is the neighborhood? How valuable are the contents we are protecting? Are we concerned more with protecting the human occupants or preventing material loss? What about protection from fire?
Computer security is no different. You must strive to completely understand how the systems that you are securing function. Most importantly, you must understand how they are used in everyday life. This is one reason that good security is so difficult (and rare): Few administrators and programmers are willing put forward the significant time and effort required to gain all this background knowledge. This is unfortunate.
I hope that I have convinced you of the importance of having a thorough understanding of the system in question before jumping into the complex task of securing it. This first section is dedicated to a moderately technical discussion of the inner workings of Windows 2000. Unless you already have a thorough understanding of Windows 2000 under-the-hood, I strongly encourage you to read and understand the material in the following pages before continuing. There are some key differences between Windows 2000 and the previous versions of Windows NT that you’ll want to be sure to note. Also, you’ll want to refer back to this chapter occasionally while reading the rest of the book.
A New Windows
It’s been seven long years since the introduction of Microsoft Windows NT 3.1. I remember sitting in a presentation in Cleveland, Ohio, ooh-ing and aah-ing with the rest of the crowd as we watched Microsoft engineers demo the “new Windows.” There were lots of things to be happy about—things that the Windows community had never seen before, such as true preemptive multitasking, built-in networking, and, most importantly, security. NT had user accounts. NT had resource-based permissions. NT had auditing.
This was a key milestone in the evolution of the Windows operating system. Before this point, even such basics as user accounts were just plain not available in Microsoft Windows. Novell and the various flavors of UNIX were your only alternatives for network operating systems. Windows NT offered the following:
• A true 32-bit addressable virtual memory space
• Preemptive multitasking
• Isolated process memory space for increased stability and robustness
• Real user-level security that met government and industry standards
• Support for multiple hardware platforms
• Symmetric multiprocessor support
• POSIX 1003.1 support
• Support for OS/2 1.x text-mode applications
• Support for most 16-bit applications
• Easy localization for International distribution
Since its inception, Windows NT was traditionally geared toward the business user, not the casual home user. Windows NT Workstation was meant to be deployed into businesses, labs, and other places where robustness, powerful multitasking, and security were needed. Windows NT Advanced Server was designed to sit in server rooms where few mere mortals are allowed to roam. But, when people went home from their jobs at night, most of them still had a Windows 3.1 (and later Windows 9x) computer waiting for them.
However, in November of 1998, all that changed. Microsoft announced that Windows NT 5.0 would be renamed to Windows 2000. When the Windows 9x line finally converges with the Windows NT line after the upcoming Millennium edition, Windows NT technology will be on everyone’s desktops—at home, in the office, and in the server rooms. The time is right for the product lines to come together. The hardware has sped up to a point where the extra overhead of Windows NT can perform satisfactorily in a home environment.
--------------------------------------------------------------------------------
NOTE: Microsoft initially planned to have Windows 98 be the final version in the consumer (non-NT) line—thus the name change from Windows NT 5.0 to Windows 2000 in 1998. However, since then, Microsoft announced that there will be one more product in the Windows 9x line before it completely goes away.
--------------------------------------------------------------------------------
In the following pages, you’ll look at the internal architecture of Windows 2000. As I stated earlier, understanding how Windows 2000 functions under the hood is key in formulating a plan to secure it and write secure applications for it.
The Windows 2000 Operating System Model
There are many approaches to building an operating system. Microsoft’s design combines the best features of client/server, layered, and microkernel architectures into Windows 2000. First, take a look at Figure 1.1 to see a graphical representation of the system architecture.
Kernel Mode and User Mode
A key security and stability feature in all modern multiuser operating systems (and supported in all modern CPUs) is the capability to separate the kernel’s execution environment from the user’s. This is accomplished by using different processor operating modes. Note that some processors support many operating modes (also known as rings); however, Windows NT only uses two of them: user mode and kernel mode.
FIGURE 1.1 Windows 2000 architecture.
--------------------------------------------------------------------------------
NOTE: Intel x86 processors support 4 operating modes, or rings. Namely: Ring 0 (most privileged) through Ring 3 (least privileged). Windows 2000 only uses Ring 0 (kernel mode) and Ring 3 (user mode).
--------------------------------------------------------------------------------
While running in kernel mode, the CPU makes all commands and all memory addresses available to the running thread. Greater degrees of restriction are applied as you move toward more restrictive (lower numbered) rings.
Every page of virtual memory is tagged as to which mode the processor must be in to read and/or write to it. The most important implication here is that the kernel is protected from user mode code. Whether it is due to bugs or malicious intent, processes in user mode can not access any memory owned by any kernel process. Furthermore, each user mode process has its own private (virtual) memory space. This prevents errant or malicious processes from disturbing other processes.
However, all kernel mode processes share (and have full access to) one address space. It is assumed that those who are writing kernel mode code know what they are doing and don’t need to be isolated to their own address space. It is also assumed that code running in kernel mode was put there by Microsoft (or by a system administrator by way of a device driver) and can be trusted not to be malicious. Any code that runs in kernel mode is fully expected and trusted to play nice. This is an important item to understand.
I’ll talk in detail about memory in just a bit.
--------------------------------------------------------------------------------
NOTE: If you write user mode code, chances are that you’ve had a program or two crash with an access violation. This means that your program tried to access memory that it doesn’t have appropriate permissions for. More formally, the processor was running in user mode and your program tried to access a virtual memory address that lived on a page that was either tagged non-writeable or tagged for use in kernel mode only.
--------------------------------------------------------------------------------
In the following sections, start from the bottom and talk about each component as you work your way up.
anyone want to get rid of that annoying dialing noise when their modem dials up? it goes like this in windows
- control panel
- dial up networking
- get properties on your dial up connection
- in the general tab, click "configure"
- the go to the connection tab
- click on "advanced"
- in the extra settings box type "m0" that is m zero
- voila
965
We are almost 1,000 come on everyone put some more replies on!
"I tried so hard and got so far
but in the end, it doesn't even matter
I had to fall and loose it all
but in the end it doesn't even matter"
:) I love that song
Greg
...huffing and puffing towards 1000....
:( it seems this thread is running out of steam and so close to 1000 posts thats a shame.
Try this page it's history
so they wanna close this thread down
Go Go Go!
Quite senseless posting ;)
It's slowly dying...and yes, it should - cos people have lost interest, but let us reach the 4 digits, there's less then 30 posts needed before the 1000th post!!
Greg
Thanks Greg,
My Australian sweetie!!
Just a few more posts and we can let this thread die.
DIE!
PHP Code:What do you mean die?
O that this too sullied flesh would melt,
Thaw and resolve itself into a dew...
- Flip
- Feck
- *****
- Oh
:mad:
:confused:
:rolleyes:
:eek:
Cute Noble Hamlet.
Can't this thread ever die!?!?!?!?!?!?!
:confused: :confused: :confused: :confused: :confused: :confused:
Things amuse us will live on and on... it's all about the small things...
Anywayz... HAPPY NEW YEAR and many more... 2002 may all your wishes come true... even all you freaks out there with weird funky wishes.... i geuss i hope they come true to...
Later people ...
I am :cold:
Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die! Die!
If you notice this notice,
You will notice,
That this notice,
Is not worth noticing.
Long live the thread :eek:
Ett till litet bidrag.
Come on people, almost @ 1000 !!!!!!!!!!!!!!!!!
:borg:
:o I'm tired...off to bed - hopefully when I wake up this thread will the past the 1000 mark!!
Greg
yoyo
how about some dark humour...
checkthis out the unique the original, ever changing and never ending
www.darwinawards.com
Oh yeah. Almost 1000.
BAM!! BACK TO THE TOP!!!!!
Here's a funny for your Monday.....
A priest is in a church on Saturday afternoon, hearing confessions.
A man walks in and kneels down and begins his confession - "Father, it
has been two weeks since my last confession these are my sins. Last night I
had sex with Nookie Green."
"That is your sin?"
"Yes, Father."
"You are forgiven. Go out and say one "Our Father."" and the man leaves.
Soon, another enters and kneels. "Father, it has been one month since my
last confession. These are my sins. I have had sex with Nookie Green
every week for the last month."
The priest thinks to himself that this Nookie Green woman is fairly
popular with his male parishioners... "Those are your sins?"
"Yes, Father."
"You are forgiven. Go out and say three "Hail Mary's."" The man leaves.
Soon, another enters and kneels down. "Father, it has been six months
since my last confession. These are my sins, I have had sex with Nookie Green
twice a week for the last six months."
This time, the priest has to ask - "Who is this Nookie Green?"
"Just a woman I know, Father."
"Very well-you are forgiven. Go out and say ten "Hail Mary's."
The priest closes the church for the evening and leaves wondering who
this Nookie Green woman is . . .
The next morning, the priest is up in front of his congregation saying
mass.
The doors fly open in the back of the church and in walks this woman, a
tall redhead with long gorgeous hair, a green sequin dress, green
sequined heels and a green hat with a long green feather coming from it. She walks
straight up the aisle and sits down right in front of the priest, her
knees apart.
The priest cannot help but stop and stare. He finally catches himself
and leans over to ask the altar boy "Pssssst..
Is that Nookie Green?"
The altar boy has a look and says, "No, Father, I think it's just the
reflection off her shoes!"
almost there
1000 here we come
Back to the top :).
Damn, I missed 990!!!
I want to get 999 and/or 1000...
Lets see who gets that!!!!!
Tension mounts....
Come on guys your almost there.
Just adding some more
Should I start a count down?
5
4........4.....4......4
not much left to say.
I've browsed to the edge of the internet, now it's time to see what's really out there!!!
3 more
here is something to entertain you
one more
1000 BABY