Last Articles

Most popular password

Network Information Security: Myths and Realities Omnipotence hackers

Hackers and crackers, or what is good and what is bad?

Chronology of the ARPANET - INTERNET

Protection system in Windows - Fact or Fiction

The basic principles of security

Manager SAM and Active Directory

Administrative boundaries: the forest or domain?

Can you trust a domain that is connected to the Internet?

Идентификаторы защиты (SID)

Why can not I log in as an administrator from any location?

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Fake ARP-server on the Internet

False DNS-server on the Internet

Substitution of one of the subjects TCP-connections on the Internet

Malfunction host on the network

Mythical remote attacks on the Internet

Dedicated channel communication between objects distributed CS

Manager SAM and Active Directory

  After learning the basic principles of security, let's take a closer look at management accounts and passwords in a family of systems Windows NT. On all computers running Windows NT and networked computers running Windows 2000, information about the account names and passwords are contained in the database manager security service (SAM - Security Access Manager). Passwords are stored encrypted and can not be decrypted using known methods (although the encrypted value can be chosen, as will be shown in Chapter 8, "Expanding the sphere of influence").

  The procedure for encryption is called a one-way function (USF) Go hashing algorithms, hash value can not be decrypted. In this book, we are often very detailed and will speak about hash functions. SAM is one of five major sections of the registry and implemented file% syscemroot% sy5tem32 conf ig sam.

  On domain controllers running Windows 2000 (and newer versions of the operating system) account name and password hashes are stored service Active Directory (the default is the file% sysCemroot% ntdsVntds.dit).

  Hashes are stored in the same format, but are accessed in different ways.


    When using the NT password hashes are stored directly in the SAM. Starting with version NT4, Service Pack 3. , Microsoft has provided the possibility of using another layer of encryption of hashed passwords SAM, which is called SYSKEY. SYSKEY (the abbreviated name of SYStem KEY-key system), and calculates a random 128-bit key and that key again encrypts the password hashes (only a hash function, not just the file SAM). To enable encryption SYSKEY in NT4, you must run SYSKEY.

  Clicking the Update button and this window, you will be able to configure other options SYSKEY, namely - to determine how and where will be stored SYSKEY. SYSKEY can be stored in one of three modes.

  Stored in the registry and is provided automatically at boot time (Default setting)

  Stored in the registry, but is blocked by a password which you must enter at boot time.

  Stored on a floppy disk and must be provided during the download.

  The choice of these regimes is shown in the following figure.

 As in Windows 2000 by default in Windows Server 2003 Mode 1 is implemented, so passwords are stored in the SAM database or Active Directory, hashed and encrypted value SYSKEY. No need to set these settings manually in the operating system versions, starting with NT4 SP3 and above. In Chapter 8, "Expansion of sphere of influence" and 14 "physical attack", will describe the methods of key SYSKEY and by hackers to bypass this protection mechanism.

Top 5 most read

The basic rules of safe behavior on the Internet

Manager SAM and Active Directory

You forget your password. What should I do? Part 3

Идентификаторы защиты (SID)

Social engineering as a way of committing crimes in the sphere of computer information

Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта