Sistemas de generación ORC

Security principles on Windows 2000 include:

▼ _Users

■ _Groups

▲ _Computers

Let’s discuss each in more detail.

Users

Anyone with even a passing familiarity with Windows has encountered the concept of user accounts. We use accounts to logon to the system and to access resources on the sys- tem and the network. Few have considered what an account really represents, however, which is one of the most common security failings on most networks.

Quite simply, an account is a reference context in which the operating system exe- cutes most of its code. Put another way, all user mode code executes in the context of a user

account. Even some code that runs automatically before anyone logs on (such as services)

runs in the context of an account (the special SYSTEM, or LocalSystem, account). All commands invoked by the user who successfully authenticates using the account credentials are run with the privileges of that user. Thus, the actions performed by exe- cuting code is limited only by the privileges granted to the account that executes it. The goal of the malicious hacker is to run code with the highest possible privileges. Thus, the hacker must “become” the account with the highest possible privileges.

Users, physical human beings, are distinct from user accounts, digital manifestations that are easily spoofed given knowledge of the account name/password pair. Although we may blur these concepts in this book, keep this in mind.

Built-ins

NT/2000 comes out of the box with built-in accounts that have predefined privileges. These default accounts include the local Administrator account, which is the most power- ful user account in Windows 2000 (actually, the SYSTEM account is technically the most privileged, but Administrator can execute commands as SYSTEM quite readily using the Scheduler Service to launch a command shell). Table 2-1 gives a partial list of built-in ac- counts on Windows 2000.

To summarize Windows 2000 groups from the malicious hackers perspective:

The Local Administrator or the SYSTEM account are the juiciest targets on a Windows 2000 system because they are the most powerful accounts. All other accounts have very limited privi- leges relative to the Administrator and SYSTEM. Compromise of the Administrator or SYSTEM account is thus almost always the ultimate goal of an attacker.

Groups

Groups are an administrative convenience—they are logical containers for aggregating user accounts (they can also be used to set up email distribution lists in Windows 2000, which currently have no security implications). Windows 2000 comes with built-in groups, predefined containers for users that also possess varying levels of privilege. Any account placed within a group inherits those privileges. The simplest example of this is the addition of accounts to the local Administrators group, which essentially promotes the added user to all-powerful status on the local machine (you’ll see this attempted many times throughout this book). Table 2-2 lists built-in groups on Windows 2000.

When a Windows 2000 system is promoted to a domain controller, a series of predefined

groups are installed as well. The most powerful predefined groups include the Domain

Admins, who are all-powerful on a domain, and the Enterprise Admins, who are all-powerful throughout a forest. Table 2-3 lists the Windows 2000 predefined groups.

To summarize Windows 2000 groups from the malicious hackers perspective:

The local Administrators group is the juiciest target on a local Windows 2000 system because members of this group inherit Administrator-equivalent privileges. Domain Admins and Enterprise

Account Name Comment

SYSTEM or LocalSystem All-powerful on the local machine

Administrator Essentially all-powerful on the local machine; may be renamed, cannot be deleted

Guest Very limited privileges; disabled by default

IUSR_machinename (abbreviated IUSR)

Used for anonymous access to Internet Information Services (IIS); member of Guests group

IWAM_machinename Out-of-process IIS applications run as this account; member of Guests group

TSInternetUser Used by Terminal Services if installed

krbtgt Kerberos Key Distribution Center Service Account;

only found on domain controllers, disabled by default

Group Name Comment

Administrators Members are all-powerful on the local machine

Users All user accounts on the local machine;

a low-privilege group

Guests Same privileges as Users

Authenticated Users Special hidden group that includes all currently logged-on users

Backup Operators Not quite as powerful as Administrators, but close Replicator Used for file replication in a domain

Server Operators Not quite as powerful as Administrators, but close Account Operators Not quite as powerful as Administrators, but close Print Operators Not quite as powerful as Administrators, but close

Table 2-2. Windows 2000 Built-in Groups

Group Name Comment

Cert Publishers Enterprise certification and renewal agents

Domain Admins All-powerful on the domain

Domain Users All domain users

Domain Computers All computers in the domain

Domain Controllers All domain controllers in the domain

Domain Guests All domain guests

Group Policy Creator Owners Members can modify group policy for the domain Pre-Windows 2000

Compatible Access

Backward compatibility group

RAS and IAS Servers Remote access computers in the domain

DnsAdmins DNS administrators, domain local

Enterprise Admins All-powerful in the forest

Schema Admins Can edit the directory schema, very powerful

Admins are the juiciest targets on a Windows 2000 domain because joining their ranks elevates priv- ileges to all-powerful on the domain. All other groups possess very limited privileges relative to Ad- ministrators, Domain Admins, or Enterprise Admins. Addition of a compromised account to the local Administrators, Domain Admins, or Enterprise Admins is thus almost always the ultimate goal of an attacker.