We are working at the different areas of System Security including
developing a low-access control
software for improving a security of Windows NT based network
Please, have a look at a short Demo - "Netowner" with several functions,
which exploit the Security possibilities of Windows OS.
Netowner is a kind of system security enhancement software which destination
is to improve a security of Windows NT based network. This Demo consists from several modules,
which realize access control and audit functions to exploit security possibilities of the Windows NT (2000, XP)
operational system. For testing purposes the Demo is implemented as VC++ client - server application,
but at the real projects implementation as a system service is more useful.
Demo illustrates implementing of the following functions:
1. File Ownership.
This function changes ownership of a new file from any User, who has created this file, to Administrator group.
In Windows NT OS any User, being object's owner implicitly has WRITE access to the object.
This means that the owner can modify the object, and thus, can control access to the object.
It is not usually allowed at the protected directories for restricted Users and this function
takes away the file ownership from User and assigns it to Administrator. As well as ownership
may be assigned to other user's groups, to SYSTEM or even to single User. This Demo transfers the ownership
to BUILT-IN Administrator group (Active Directory control is supposed).
2. User and Group SID.
This function is rather for auditing and allows viewing SID for any User at the network or user Group.
Extension of this module may be to grant some rights or privileges separately to selected User or Group.
3. Program Integrity.
This function traces the integrity of installed programs. It allows preventing inadmissible modifying software
environment on the given workstation by restricted User or Administrator. In the case of the Demo,
only the programs from the folder with common programs (account "All Users") are under control, but basically
any desirable set of software or single files may be traced in respect to its integrity.
This function is especially actual to protect from wildcat access or modification of security enhancement software
themselves as well as system files and libraries.
Workable program with detailed description can be found at the downloadable ZIP file.
|
