Advanced Windows Security Protocols and Auditing Methods

Advanced Windows Security Protocols and Auditing Methods
Slide Note
Embed
Share

The world of advanced Windows security protocols and auditing methods with a focus on logon auditing, granular auditing, account validation events, Kerberos failure codes, and various logon types like interactive and network. Gain insights into techniques used by Certified Ethical Hackers and Computer Hacking Forensic Investigators to enhance enterprise security measures effectively.

  • Windows Security
  • Auditing Methods
  • Logon Events
  • Kerberos Codes
  • Ethical Hacking
stef_446
stef_446 Follow

Uploaded on Mar 01, 2025 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Bezpenost Windows pro pokro il : protokoly a sledov n p ihl en Ing. Ond ej eve ek | GOPAS a.s. | MCM:Directory | MVP:Enterprise Security | CEH: Certified Ethical Hacker | CHFI: Computer Hacking Forensic Investigator ondrej@sevecek.com | www.sevecek.com | GOPAS: info@gopas,cz| www.gopas.cz| www.facebook.com/P.S.GOPAS

  2. Logon auditing Advanced Windows Security

  3. Auditing (2000+)

  4. Granular auditing (2008/Vista+)

  5. Logon auditing Account Logon Event "authentication event" when an account database validates credentials Logon Event "session event" every time an Access Token is created or closed

  6. Auditing (Interactive Logon) SQL FS WFE 2 Logon Client 1 Account Logon DC

  7. Kerberos Failure Codes http://technet.microsoft.com/en-us/library/bb463166.aspx Status Name 0x0 KDC_ERR_NONE 0x1 KDC_ERR_NAME_EXP 0x2 KDC_ERR_SERVICE_EXP 0x3 KDC_ERR_BAD_PVNO 0x4 KDC_ERR_C_OLD_MAST_KVNO 0x5 KDC_ERR_S_OLD_MAST_KVNO 0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN 0x8 KDC_ERR_PRINCIPAL_NOT_UNIQUE 0x9 KDC_ERR_NULL_KEY 0xA KDC_ERR_CANNOT_POSTDATE

  8. Kerberos Failure Codes http://technet.microsoft.com/en-us/library/bb463166.aspx Status Name 0xB KDC_ERR_NEVER_VALID 0xC KDC_ERR_POLICY 0xD KDC_ERR_BADOPTION (delegation not enabled) 0xE KDC_ERR_ETYPE_NOTSUPP (etype not supported) 0xF KDC_ERR_SUMTYPE_NOSUPP 0x10 KDC_ERR_PADATA_TYPE_NOSUPP 0x11 KDC_ERR_TRTYPE_NO_SUPP 0x12 KDC_ERR_CLIENT_REVOKED (disabled) 0x13 KDC_ERR_SERVICE_REVOKED 0x17 KDC_ERR_KEY_EXPIRED (password expired, even when using smart cards) 0x18 KDC_ERR_PREAUTH_FAILED (bad password or invalid certificate) 0x19 KDC_ERR_PREAUTH_REQUIRED 0x25 KRB_AP_ERR_SKEW (clock skew)

  9. Logon types Type Interactive Network Batch Service Unlock NetworkCleartext NewCredentials RemoteInteractive CachedInteractive CachedRemoteInteractive CachedUnlock Value 2 3 4 5 7 8 9 10 11 12 13

  10. Logon sessions gwmi win32_LogonSession | select LogonId, @{ n = 'LogonIdHex' ; e = { '0x{0:X}' -f ([int] $_.LogonId) } }, AuthenticationPackage, LogonType, StartTime, @{ n = 'Login' ; e = { $_.GetRelated('Win32_Account') | select -f 1 | select -Expand Caption } }, @{ n = 'SID' ; e = { $_.GetRelated('Win32_Account') | select -f 1 | select -Expand SID } }

  11. Auditing (Network session) 2 Logon SQL FS WFE Client 1 Account Logon DC

  12. Status codes Status Value STATUS_WRONG_PASSWORD 0xC000006A STATUS_PASSWORD_RESTRICTION 0xC000006C STATUS_LOGON_FAILURE 0xC000006D STATUS_ACCOUNT_RESTRICTION 0xC000006E STATUS_INVALID_LOGON_HOURS 0xC000006F STATUS_INVALID_WORKSTATION 0xC0000070 STATUS_PASSWORD_EXPIRED 0xC0000071 STATUS_ACCOUNT_DISABLED 0xC0000072 STATUS_LOGON_NOT_GRANTED 0xC0000155 STATUS_LOGON_TYPE_NOT_GRANTED 0xC000015B STATUS_ACCOUNT_EXPIRED 0xC0000193 STATUS_PASSWORD_MUST_CHANGE 0xC0000224 STATUS_ACCOUNT_LOCKED_OUT 0xC0000234

  13. Download err.exe version 2008 http://www.microsoft.com/en-us/download/details.aspx?id=985 most up-to-date version SDK for Windows 8.1 http://msdn.microsoft.com/en-us/windows/desktop/bg162891.aspx

  14. Auditing (Interactive logoff) SQL FS WFE 1 Logoff immediately at logoff Client DC

  15. Auditing (Network session logoff) 1 Logoff SQL FS WFE when TCP connection closed Client DC

  16. Dkuji za pozornost Ing. Ond ej eve ek | GOPAS a.s. | MCM:Directory | MVP:Enterprise Security | CEH: Certified Ethical Hacker | CHFI: Computer Hacking Forensic Investigator ondrej@sevecek.com | www.sevecek.com | GOPAS: info@gopas,cz | www.gopas.cz| www.facebook.com/P.S.GOPAS

Related


Importance of Public Sector Auditing in Enhancing Accountability and Governance

Importance of Public Sector Auditing in Enhancing Accountability and Governance

moises
Windows 7 ISO Download Get the Full Version of Windows 7 for Free

Windows 7 ISO Download Get the Full Version of Windows 7 for Free

buyantiviruskey
windows 10 pro OEM kEYS

windows 10 pro OEM kEYS

buyantiviruskey
Unlock the full potential of Windows 10 with a best Genuine Activation Key

Unlock the full potential of Windows 10 with a best Genuine Activation Key

buyantiviruskey
Troubleshooting Windows 10 Pro Store_ Fixing Issues and Getting Your Apps Back on Track

Troubleshooting Windows 10 Pro Store_ Fixing Issues and Getting Your Apps Back on Track

buyantiviruskey
WindowKeys Unlocking the Power of Windows with Genuine License Keys

WindowKeys Unlocking the Power of Windows with Genuine License Keys

buyantiviruskey
If you are searching for Window Cleaner in Redcliffe

If you are searching for Window Cleaner in Redcliffe

Cathleen
One of the Best Conservatories in Langton Green

One of the Best Conservatories in Langton Green

Parker1
Auditing: Meaning, Differences from Accounting, and Qualities of an Auditor

Auditing: Meaning, Differences from Accounting, and Qualities of an Auditor

conall
Comprehensive Energy Conservation and Auditing in Dairy Industry

Comprehensive Energy Conservation and Auditing in Dairy Industry

zander
Doors and Windows in Architecture

Doors and Windows in Architecture

vlad
Enhancing Security with Windows Hello for Business

Enhancing Security with Windows Hello for Business

truett
One of the Best European Windows and Doors in Applewood Hills

One of the Best European Windows and Doors in Applewood Hills

Parker1
Simplifying IT Security with ADAudit Plus - Overview and Features

Simplifying IT Security with ADAudit Plus - Overview and Features

ammi_7
Windows Platforms: A Lucrative Opportunity for Game Publishing

Windows Platforms: A Lucrative Opportunity for Game Publishing

mjeo
User Identity and Access Tokens in Windows Security

User Identity and Access Tokens in Windows Security

lkyi
Auditing: Types, Objects, and Differences Explained

Auditing: Types, Objects, and Differences Explained

khaliyah
Windows 7 User Interface Overview

Windows 7 User Interface Overview

dcobi
GUI in Windows Operating System

GUI in Windows Operating System

nmoul
Setting Up DHIS2.Live on Windows Laptops/Desktops (November 2013)

Setting Up DHIS2.Live on Windows Laptops/Desktops (November 2013)

ward_rey
How to Record Your Voice: A Comprehensive Guide for Windows, Mac, and Smartphones

How to Record Your Voice: A Comprehensive Guide for Windows, Mac, and Smartphones

wear_ck
Containers and Virtualization in Cloud Computing

Containers and Virtualization in Cloud Computing

wanner_a

More Related Content