5.7. Security Policy Management

One of the most important administrative tasks is protection policy management. It includes: interactive user authentication, user access control to network resources, auditing.

Interactive user authentication is performed by pressing Ctrl + Alt + Del, which leads to the launch of the WINLOGIN utility, which opens the Login window.

When a user enters a workgroup, his account is created and stored in the SAM (computer's RAM) of his workstation and the local authentication software is accessed to verify the entered registration parameters in the workstation SAM database. If a user is registered in the domain, then a call is made to verify the registration parameters entered to the SAM database of the domain to which his machine belongs.

Managing user access to network resources is done through the application of the user's budget, user rules or a group of users, access rights to objects, etc.

The user's budget is generated by the administrator after creating an account. The budget includes network time, the OP area that is provided to the user, and other user rights in the system.

The rules that establish actions that are available for use are called user or group rights. The rights and restrictions granted to an individual user or group of users determine the user's ability to access network resources.

The user may have ordinary and extended rights. Usually, extended rights are granted only to programmers and sometimes administrators of workstations, but are not granted to groups of users.

The system policy editor is used to adjust and install new user rights for some user administrator.

In Windows NT, administrative functions are most often performed using a user manager, server manager , etc.

User rights are set by the administrator when creating a user account. System elements in Windows NT are objects, and each object is defined by a type, set of services and attributes.

Object types in Windows NT are directories, files, printers, processes, devices, windows, and so on; they affect valid sets of services and attributes.

The set of actions performed by an object or with an object is a set of services.

The object name, data, and access control list are part of the attributes. An access control list is a must-have item. This list contains the following information: a list of object services, a list of users and groups that have permission to perform each action.

If necessary, some user rights can be protected: access rights to objects are determined by a security descriptor.

NTFS file system permissions (write, read, execute, delete, change permissions) are subject to local rights.

Control over. remote rights are shared resources, which, in turn, are controlled by a network resource that allows users of remote computers to access objects on the network.

Audit is used to record all events that occur in the local network; it informs the administrator about all prohibited actions of the user, provides an opportunity to get information about the frequency of calls to those or other resources, to establish the sequence of actions that users conducted.

There are three levels of audit management:

1) enable and disable auditing;

2) listening to any of the seven possible types of events;

3) verification of specific objects.