The Security Model
Chapter 5, "Windows NT Workstation Architecture," describes the overall architecture of Windows NT. As shown in Figure 6.1, the Windows NT security model includes the following components:
- Logon processes, which accept logon requests from users. These include the initial interactive logon, which displays the initial logon dialog box to the user, and remote logon processes, which allow access by remote users to a Windows NT server process.
- Local Security Authority, which ensures that the user has permission to access the system.
This component is the center of the Windows NT security subsystem. It generates access tokens (described later in this chapter), manages the local security policy, and provides interactive user authentication services. The Local Security Authority also controls audit policy and logs the audit messages generated by the Security Reference Monitor.
- Security Account Manager (SAM), which maintains the user accounts database. This database contains information for all user and group accounts. SAM provides user validation services, which are used by the Local Security Authority. SAM is also known as the Directory database.
- Security Reference Monitor, which checks to see if the user has permission to access an object and perform whatever action the user is attempting. This component enforces the access validation and audit generation policy defined by the Local Security Authority. It provides services to both kernel and user mode to ensure the users and processes attempting access to an object have the necessary permissions. This component also generates audit messages when appropriate.
Figure 6.1 Windows NT Security Components
Together, these components are known as the security subsystem. (Note that because it affects the entire Windows NT operating system, this is considered an integral subsystem rather than an environmental subsystem.)
The Windows NT security model is designed for C2-level security as defined by the U.S. Department of Defense. For more information about C2-level security, see "C2 Security" later in this chapter.