Computer security Question:
Download Job Interview Questions and Answers PDF
What is a secure channel?
Answer:
There is some confusion on this point when you consult the Microsoft sources on the subject. Ever since MS discovered the Internet, a secure channel is any point-to-point network connection established between a client and a server that "provides privacy, integrity, and authentication" (see $$$: Microsoft Internet Security Framework: Answers to Frequently Asked Questions ).
"Before Internet", a secure channel was (and still is) the magic connection between WNT computers in a domain. This kind of channel is used for transportation of sensitive data, such as user credentials during a domain logon and replication of the account database between DCs.
The secure channel is established as soon as the domain member machine is booted and is based on a shared secret that is used as the key for encrypting the data that travels through the channel. Each domain member has a machine account defined in the domain SAM database that is created when the machine joins the domain. The password of this account is used as the shared secret for encryption of the channel. The member machine stores it in the registry, where it can be retrieved using the lsadump program by Paul Ashton .
A problem with this is that the initial password (on a WS account) is poorly chosen (unicode(machine-name)). This means that anybody that can listen in to the network at the time of a domain join will be able to calculate the session key used to encrypt the channel, and by this can get hold of the user credentials of anybody doing a network logon from that particular machine. The password is changed as soon as the machine is rebooted after joining the domain and then periodically changed every 7:th day, but the new password is communicated through -- guess what -- the now not so secure channel, so as long as the listener keeps his ear on the wire, he will have the session key. No known solution, but the algorithm for encrypting the new password is not published (yet).
"Before Internet", a secure channel was (and still is) the magic connection between WNT computers in a domain. This kind of channel is used for transportation of sensitive data, such as user credentials during a domain logon and replication of the account database between DCs.
The secure channel is established as soon as the domain member machine is booted and is based on a shared secret that is used as the key for encrypting the data that travels through the channel. Each domain member has a machine account defined in the domain SAM database that is created when the machine joins the domain. The password of this account is used as the shared secret for encryption of the channel. The member machine stores it in the registry, where it can be retrieved using the lsadump program by Paul Ashton .
A problem with this is that the initial password (on a WS account) is poorly chosen (unicode(machine-name)). This means that anybody that can listen in to the network at the time of a domain join will be able to calculate the session key used to encrypt the channel, and by this can get hold of the user credentials of anybody doing a network logon from that particular machine. The password is changed as soon as the machine is rebooted after joining the domain and then periodically changed every 7:th day, but the new password is communicated through -- guess what -- the now not so secure channel, so as long as the listener keeps his ear on the wire, he will have the session key. No known solution, but the algorithm for encrypting the new password is not published (yet).
Download Computer security Interview Questions And Answers
PDF
Previous Question | Next Question |
What is LSA (Local Security Authority)? | Host security |