User Rights

Posted by The Beyand | 3:47 AM | 0 comments »

Recall the main goal of the attacker from the beginning of this chapter:
To execute commands in the most privileged context, in order to gain access to resources
and data.
Weve just described some of the most privileged user mode account contexts, such
as Administrator and LocalSystem. What makes these accounts so powerful? In a word
(two words, actually), user rights. User rights are a finite set of basic capabilities, such as
logging on locally or debugging programs. They are used in the access control model in
addition to the standard comparing of access token SIDs to security descriptors. User
rights are typically assigned to groups, since this makes them easier to manage than
constantly assigning them to individual users. This is why membership in groups is so
s typically the unit of privilege assignment.
importantbecause the group i
Two types of user rights can be granted: logon rights and privileges. This is simply a
semantic classification to differentiate rights that apply before an account is authenticated
andafter, respectively. More than 40 discrete user rights are available in Windows Server
2008 (code name Longhorn), and although each can heavily impact security, we discuss
only those that have traditionally had a large security impact. Table 2-5 outlines some of
the privileges we consider critical, along with our recommended configurations.
Note that the deny rights supersede their corresponding allow rights if an
account is subject to both policies.
Some user rights relevant to security were implemented in Windows Server 2003,
including the following: Allow logon through Terminal Services Deny logon through Terminal Services Impersonate a client after authentication Perform volume maintenance tasks
The Terminal Servicesrelated rights were implemented to address a gap in the Allow/ deny access to this computer from the network rights, which do not apply to
ces. The Impersonate a client after authentication right was added to
Terminal Servi
help mitigate privilege escalation attacks in which lower privileged services impersonated
higher privileged clients.
Last but not least in our discussion of user rights is a reminder always to use the
principle of least privilege. We see too many people logging on as Administrator-
equivalent accounts to perform daily work. By taking the time up front to consider the
appropriate user rights, most of the significant security vulnerabilities discussed in this
book can be alleviated. Log on as a lesser privileged user, and use the runas tool (see
Chapter 12) to escalate privileges when necessary.

0 comments

Post a Comment

Subscribe to: Post Comments (Atom)