您好,欢迎访问三七文档
••cui_bj@sina.com.cn13611330827•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows••Windows•1.administratorguestsyskey••Windows•1.Guestadministrator••Windows•1.815123••AccountIdentifier:Securityidentifier(SID)•(useraccounts)WindowsID(SID)…universalgroupsglobalgroupslocalgroups•AccountIdentifier:Securityidentifier(SID),48S-1-5-21-1507001333-1204550764-1011284298-500SIDS(1)(Windows20005)4(213)(RelativeIdentifierRID500)••RID•RIDRID500AdministratorRID501Guest•1000RID(RID101514)•Windows2000()RID500••SID•C:\user2sidAdministratorS-1-5-21-1507001333-1204550764-1011284298-500Numberofsubauthoritiesis5DomainisCORP•C:\sid2user521150700133312045507641011284298500NameisAdministratorDomainisCORPTypeofSIDisSidTypeUser••SAM(SecurityAccountsManager)•Windows•()•SAM5%systemroot%\system32\config\sam•Windows2000(%systemroot%\ntds\ntds.dit)••.WindowsWinlogonGINALSASecurityAccountManagementNetlogonAuthenticationPackagesSecuritySupportProviderSSPIGINA••.WindowsWinlogonGINALSAAuthenticationPackagesNetlogonSAM••LanManNTLM•Windows•WindowsNTLMNTLM20002000KerberosKerberosNTLMNTLMNT4/2000NT4/2000NT4+SP4NT4+SP420002000NTLMv2NTLMv2LANManLANManNT4NT420002000NTLMNTLMWFWWFWWin9xWin9xLANManLANMan•••LanManager--LMwin9X•NTLM--NTwinNTSP3•NTLMv2–winNTSP4•KerberosV5–win2K••LM•LM14014778DESKEY8DESKEY6464128••LanMan•8-1377•••NTLM•NTLMWindowsNT4.0•Windows3.11Windows95/98WindowsNT4.0Windows2000NTLM•WindowsNT4.0NT4.0Windows2000NTLM••NTLM-NT•NTLM(NT)unicodeMD4LANmanagerNTLMNTLMv2••NTLM128hash1SAM(SecurityAccountManager)hashchallenge2challengechallenge••Windows•1.815123••Windows•1.administratoradministratorguest12••Windows•1.guestguestguest••Windows•1.syskeySAMSAM:SecurityAccountsManager,samsam••Windows•1.WinternalslocksmithElcomsoftadancedntsecurityexplorerL0phtcrack5OffineNTpassword®istryeditorWindowsXP/2000/NTkeyJohntheripper••Windows•1.syskeysyskey••128bitHASHsam••SYSKEYNT4sp3128syskeySAMSAM•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows••Windows•2.NTFSEFSNTFSNTFSEveryone••Windows•2.NTFSEFSNTFSSpecialNTFSeveryonecacls.exeprogramfilescmd.exe••Windows•2.NTFSEFSEFSNTFS••WindowsCryptoAPICryptoAPII/OI/OEFSDriverEFSDriverNTFSNTFSKernelKernelWin32Win32EFSEFSEFSEFSNTFSNTFSEFSEFSEFSEFSEFS••Windows•2.NTFSEFSEFScipher.exe•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows••Windows•3.DWORD••Windows•3.HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIG••Windows•3.FileMon/RegMonActiveRegistryMonitor•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows••Windows•4.••Windows•4.EventCombMT••Windows•/•/•••R/W•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows••.Windows•5.••.Windows•5.IANA(internetassignednumbersauthority)1~10231024491514915265535FTP21telnet23Smtp25http80Pop31103NNTP119SNMP161HTTPS443HTTPRDP3389Pcanywhere5631/5632PCanywhere7.52••.Windows•5.tasklisttasklist/svctasklist/vtasklist/mdllTlistTlist–sTlist–tTlistpidTlist–mdllnetstat–aon••.Windows•5.TCP/IP//InternetConnectionFirewallIPSecurity••.Windows•5.Services.mscClipbooksever,..Computerbrowser,..NetworkDDEandDDEDSDEddeTelephonyTAPILANIPIndexingservicerpc,,telnetTCP/IPNetBIOSHelper“TCP/IPNetBIOS(NetBT)”NetBIOSTaskSchedulerRemoteRegistryPrintSpoolerMessengerNETSENDAlerter•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows•••6.Web(1)(2)Web(3)Web•••(2)WEBWebWebNiktoWhisker•••(2)WebaspIISFTPIISIIS••IISWeb.idq.ida,.htwHTML.shtml.shtm.stmssiinc.dllWeb.IdcURL.htrASP.printerIISIISSamples\IISSamplesIISDocumentation\IISHelpDataAccess\MSADC404.dllC:\WINNT\system32\inetsrv\filename.dll••IISWebWeb,“Everyone”(“IISMetaBase.binAdministratorsLocalSystemEveryone///IISIISACLeveryoneGuestAdministratorIUSR_ComputerNameIUSR_ComputerNameInternetIISComputerNameIISNetBIOS(TCP)SMBNetBIOS(hostenumeration)WebInternetUrlScanISAPIUrlScanInternet(ISAPI)HTTPWebC:\WINNT\system32\inetsrv\urlscan\UrlScan.ini•••(3)WEBWebSQLHTTP•••(3)WEBWebAchillesParosProxyWebSleuthSPIKEProxyWebProxyFormScalpelFSMaxWASAT•••(3)WEBWebSPIDynamicsWebInspectSPITookitSanctum/WatchfireAppSec/WebMX•••1.•2.NTFSEFS•3.•4.•5.•6.Web•7.Windows••.Windows•MBSAMBSA(MicrosoftBaselineSecurityAnalyzer)•Windows2000WindowsXP•,WindowsInternetInformationServer4.0andInternetInformationServer5.0SQL7.0andSQL2000InternetExplorerOfficeOutlook™••.Windows•MBSAMBSA••.Windows•MBSAMBSAMBSA••.Windows•SUS(softwareupdateservices)••ADMIIS••••••Antigen•Exchange/sharepoint/instantmessaging/SMTP•••••SMS2003••••MOM2005•••••Q&A
本文标题:3 系统安全
链接地址:https://www.777doc.com/doc-1247466 .html