Windows Networking Flashcards
RPC
Remote Procedure Call
Will RPC work cross networks?
It can if not configured to be blocked
Mailslots
One-way Interprocess Communication Implemented in Kernel32.dll and msfs.sys Acts as a file kept in memory Useful for a single process sending broadcases to multiple processes Max single message size of 424 bytes
RPC - Description
Applications load a DLL containing stub procedures for remote functions
The stub then calls RPC run-time procedures to locate where the remote procedure resides
The stub negotiates a transport mechanism
It then calls the procedure on the remote system with the parmeters
Reverse happens to return data
SMB
Server Message Block
CIFS
Common Internet File System
SMB - Description
Primary remote file-access protocol on Windows Clients and Servers
CIFS v1
cleartext
CIFS v2
Encrypted
CIFS v3
Encrypted with AES
SMB/CIFS CMD command
nbtstat
NetBIOS
Network Basic Input/Output System
RDN
Relative Distinguished Name
SMB Port
445
NetBIOS Ports
137-139
Port 139
SMB over NetBIOS
Port 137
NetBIOS Naming Service
Port 138
NetBIOS Datagram Service
SRM
Security Reference Monitor
ntoskrnl
Security Reference Monitor Kernel Mode
LSASS
Local Security Authority Subsystem
SAM
Security Accounts Manager
SAM database registry path
HKLM\SAM
Winlogon
Interactive Logon Service
CP
Credential Providers
Netlogon
Network Logon Service
Kernel Security Device Driver
KSecDD
Security Reference Monitor (SRM): Kernel Mode (ntoskrnl) Description
defines access token structure, performs object security access checks, generate security audit messages
Local Security Authority Subsystem (LSASS): User-mode (lsass.exe) description
local system security policy, user authentication, sending security audit messages to Event Log. Loads Local Security Authority service (LSA, lsasrv.dll)
LSASS policy database
registry area under HKLM\Security that stores security policy settings
Security Accounts Manager (SAM): Loaded in LSASS (samsrv.dll) description
manages users and groups on local machine
SAM database: HKLM\SAM description
local users and groups along with passwords (encrypted)
Active Directory: Loaded in LSASS (ntdsa.dll) description
Contains a database with information about domain objects
Authentication Packages description
DLLs that run through LSASS that verify user account credentials and respond to LSASS which generates a token
Interactive Logon Mangaer (Winlogon): Winlogon.exe - description
Grabs secure attention sequence (SAS), manages interactive logon, creates first process
Logon User Interface (LogonUI): LogonUI.exe - description
Provides user interface to authenticate to system
Credential Providers (CP): COM objects running inside LogonUI - Description
Obtains different logon credentials, smartcard, user/pass, biometrics
Network Logon Service (Netlogon): (Netlogon.dd) - Description
Secures channel to domain controller passes logon
Kernel Security Device Driver (KSecDD): (Ksecdd.sys) - description
implements Advanced Local Procedure CAll (ALPC) interfaces which kernel components user to communicated with user-mode LSASS
AppLocker: Driver (AppId.sys) Service (AppIdSvc.dll) - Description
Specifies which files, DLLs, scripts can be run by whom
When does the machine Security Indentifier (SID) get generated
At Install
SIDs are issued to what?
User Accounts, Groups, Domains, and Services
SID-500
Admin Account
SID-501
Guest Account
User Accounts SIDs start where?
1000
Where do you find the RID
Appended to the end of the SID
How are local account SIDs generated
The Local Machine SID appended with a RID
How are fomain account SIDs generated
The Active Directory SID appended with a RID
Local logon uses what to verify username/password credentials by default
LAN Manager (LM) (msv1_0.dll), Includes LM, NTLM, and NTLMv2 hashing methods
Domain logon uses what protocol for authentication by default
Kerberos (kerberos.dll) Port 88
As of Windows Vista, what is used to add extensible logon methods?
Credential Providers
Active Directory Schema
defines objects that can be stored in Active Directory. Is a list of definitions that determine the kinds of objects and types of information about those objects can be stored in Active Directory.
Objects can be administered in the same manner as the rest of the objects in AD.
Active Directory Schema 2 Object Types
Class object (schema class) Attribute object (schema attribute)
Global Catalog - description
The AD Domain relies on a global catalog database which contains a global listing of all objects in the forest.
Global Catalog is held on DCs configured as what?
global catalog servers
Global Catalog contains what subset of information?
User’s First and Last name
Distinguished name of the object so your client can contact the proper domain controller if you need more information
Distinguished Name
The full address of an object in the directory
AD Feature - Centralized Data Storage
All data in AD resides in a single, distributed data repository, allowing users easy access to the information from any location.
A single distributed data store requires less administration and duplication and improves the availability and organization of the data.
AD Features - Scalability
AD enables you to scale the directory to meet business and network requirements through the configuration of domains and tress and the placement of domain controllers
AD allows millions of objects per domain and uses indexing technology and advanced replication techniques to speed performance.
AD Features - Extensibility
The structure of the AD database (the schema) can be expanded to allow customized types of information
AD Features - Manageability
Based on hierarchical organizational structures.
These organizational structures make it easier to control administrative privileges and other security settings, and to make it easier to locate network resources, such as files and printers.
AD Features - Integration with DNS
AD uses DNS, an internet standard service that translates easily readable host names to numeric Internet Protocol (IP) addresses
Although separate and implemented differntly for different purposes, AD and DNS have the same hierarchical structure.
AD clients use DNS to locate domain controllers.
Primary DNS zones are stored in AD, enabling replication to other AD Domain Controllers.
AD Features - Client Configuration Management
AD provides new technologies for managing client configuration issues, such as user mobility and hard disk failures, with a minimum of administration and user downtime.
AD Features - Policy-Based Administration
In AD, policies are used to define the permitted actions and settings for user and computers across a given domain, or organizational unit.
Policy-based management simplifies tasks such as operating system updates, application installation, user profiles, and desktop-system lock down.
AD Features - Replication of Information
AD provides multi-master replication technology to ensure information availability, fault tolerance, load balancing, and other performance benefits.
Multi-Master replication allows you to update the directory at any domain controller and replicates directory changes to any other domain controller.
Because multiple domain controllers are employed, replication continues, even if any single domain controller stops working.
AD Features - Flexible, Secure Authentication and Authorization
AD authentication and authorization services provide protection for data while minimizing barriers to doing business over the internet.
AD supports multiple authentication protocols, such as Kerberos version 5 protocol, Secure Sockets Layer (SSL) version 3, and Transport Layer Security (TLS) using x.509 version 3 certificates.
AD provides security groups that span domains.
Domains
A domain is a collection of computers and their associated security groups that are managed as a single entity.
The domain is the core unit of logical structure in Active Directory It can be used to store millions of objects (these objects are considered vital to the network)
Microsoft recommends:
using as few domains as possible
relying on Organizational Units (OUs) for structure
Domains can contain multiple nested OUs.
Organizational Units
An Organizational Unit (OU) is a container which gives a domain hierarchy and structure.
It is used for ease of administration and to create an AD structure in the company’s geographic or organizational terms.
An OU can contain OUs, allowing for the creating of a multi-level structure
Trees
A tree is a grouping or hierarchical arrangement of one or more domains.
Trees are created by adding one or child domains to a parent domain.
In a tree, all domains share the same contiguous namespace and naming structure.
By adding domains to a tree, you can retain the security configuration through the tree (domain), and allow for administration to be delegated to a single OU or a single domain.
The tree structure easily accommodates organizational changes.
Forest
Are at the top of the Active Directory Structure.
A forest holds all objects, organizational units (OUs), domains, and attributes in its hierarchy
A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees.
Under a forest are one or more trees which hold domains, OUs, objects, and attributes.
Forests have the following characteristics:
All domains in a forest share a common schema.
All domains in a forest share a common global catalog.
All domains in a forest are linked by implicit two-way transitive trust.
Trees in a forest have different naming structures, according to their domains.
Domains in a forest operate independently, but the forest enables communication across the entire organization.
Sites
An Active Directory site object represents a collection of IP subnets, usually constituting a physical Local Area Network (LAN).
Multiple sites are connected for replication by site links.
Typically, sites are used for:
Physical Location Determination: Enables clients to find local resources such as printers, shares, or domain controllers.
Replication: You can optimize replication between domain controllers by creating links.
By default, Active Directory uses automatic site coverage, though you can purposefully setup sites and resources.
AD Structure - Domain Controllers
In Active Directory, You have multiple Domain Controllers which are equal peers.
Each DC in the Active Directory domain contains a copy of the AD database and synchronizes changes with all other DCs by multi-master replication.
Replication occurs frequently and on a pull basis instead of a push one.
A server requests updates from a fellow domain controller.
If information on one DC changes (e.g. a user changes their password), it sends signal to the other domain controllers to begin a pull replication of the data to ensure they are all up to date.
Servers not serving as DCs, but in the Active Directory domain, are called ‘member servers.’
Active Directory requires at least one Domain Controller, but you can install as many as you want (and it’s recommended you install at least two domain controllers in case one fails).
DSADD
Add specific types of objects to the directory
DSGET
display the selected properties of a specific object in the directory
DSMOD
modify existing objects in the directory
DSQUERY
query the directory according to specific criteria
Describe GPO
GPO is divided into two major Nodes types, User and Computer. Computer node object relate to policies that affect the computer system, ie. startup scripts, firewall configuration, Name Resolution Policy. User nodes relate to user policies and are relevant to only the currently logged on user.
