ࡱ> %` Jbjbj"x"x 9|@@AAttttttt***8+LT+t ++(+++,,,~~~~~~~$hMv~t-,,--~tt++~Y0Y0Y0-Xt+t+~Y0-~Y0Y0&utt|++ @*.6y>}~0 tyVÄ.HÄ||Ät|,0-"Y0)-E-d---,,,~~0X,,, ----$*$*tttttt Operating Systems Security - Chapter 4 Account-Based Security Chapter Overview This chapter begins with the considerations that go into creating formal policies about account naming and security. You will learn how to set up accounts in different operating systems, and how to configure those accounts to implement an organizations policies. You will also learn about user rights and role-based security. Finally, you will learn how to work with group policies and security templates. Learning Objectives After reading this chapter and completing the exercises, students will be able to: Discuss how to develop account naming and security policies Explain and configure user accounts Discuss and configure account policies and logon security techniques Discuss and implement global access privileges Use group policies and security templates in Windows Server 2000/2003/2008 Lecture Notes Account Naming and Security Policies Before establishing accounts, organizations need to establish policies for naming accounts and for protecting them. The first step in developing an account policy in a company is usually to establish conventions for account names. Typical conventions include basing the user account name on the account users actual name, Windows 2000 Server limits user account names to 20 characters that include letters, numbers, and some symbols. Some conventions for account names based on the users actual name are as follows: Last name followed by the first name initial (e.g., BrownJ) First name initial followed by the last name (e.g., Jbrown) First name initial, middle initial, and last name (e.g., JRBrown) The advantage of having accounts based on the users name is that, for the sake of security, it is easier to know who is logged on to a server. Account policies are security measures that apply to all accounts, or to all accounts in a particular directory service container, such as a domain in Active Directory or NDS. The account policy options affect elements such as password security, account lockout, and the authentication method Kerberos. Server operating systems, such as Windows Server 2000/2003/2008, NetWare 6.x, and Linux, have built in capabilities to help users become more conscious of maintaining passwords. One approach is to set a password expiration period, requiring users to change passwords at regular intervals. Some operating systems, such as Windows Server 2003/2008 and NetWare 6.x, are capable of monitoring unsuccessful logon attempts, in case an attacker attempts to break into an account by trying various password combinations or employing a brute force attack. These operating systems use account lockout to lock anyone out of an account after a number of unsuccessful logon tries. Creating User Accounts For any system, and particularly for a system connected to a network or to the Internet, you should set up one or more user accounts to protect that system. Some operating systems, such as Windows XP Professional and Mac OS X, may come already configured to automatically boot into an account without an account or password screen enabled. Windows 2000 Professional and Windows XP Professional A computer running Windows 2000 Professional or Windows XP Professional may be shared by several people, with people either logging on physically from the computers, logging on over a network, or logging on from a remote connection. An account can be configured for each employee to house private information, and a sixth account might be jointly held for general inventory database access. Windows 2000 Professional is typically installed with an Administrator account and a Guest account. Windows XP Professional is installed with an account that usually consists of the users name, an Administrator account, a Guest account, a Help Assistant account for remote desktop help, and support accounts for Microsoft and the manufacturer of the computer. Windows Server 2000/2003/2008/2008 Two basic accounts, Administrator and Guest, are set up when you install Windows Server 2000/2003/2008. Other accounts are also set up automatically, depending on what services are installed on the server, such as accounts for DNS or Internet Information Services (IIS) management. Quick ReferenceDiscuss the procedures for creating a local user account on a server that is not part of a domain, and not an account in the Active Directory as listed on pages 146 and 147 of the text. The account properties that you can set up are the following: General tab: Enables you to enter or modify personal information about the account holder. Address tab: Used to provide information about the account holders street address, Post Office box, city, state or province, postal code, and country or region. Account tab: Provides information about the logon name, domain name, account and account expiration data. Profile tab: Enables you to associate a particular profile with a user or set of users, such as a common desktop that has built-in security features. A home folder is a default location, such as a specific folder on the server, in which users can store their files. A logon script is a set of commands that automatically run each time the user logs on to the server or domain. The remainder of this list of properties can be found on pages 150 and 151 of the text. Red Hat Linux 9.x Each user account in UNIX and Linux systems, including Red Hat Linux 9.x, is associated with a user identification number (UID). Also, users who have common access needs can be assigned to a group via a group identification number (GID), which allows permissions to access resources to be assigned to the group, instead of to each user. In UNIX/Linux systems, the password file (/etc/passwd) contains the following kinds of information: The username An encrypted password or a reference to the shadow file The UID, which can be a number as large as 60,000 A GID with which the username is associated Information about the user, such as a description or the users job The location of the users home directory The command executed as the user logs on, such as which shell (user interface) to use The shadow file (/etc/shadow) is normally available only to the system administrator. It contains password restriction information that includes the following: The minimum and the maximum number of days between password changes Information on when the password was last changed Warning information about when a password will expire Amount of time that the account can be inactive before access is prohibited Quick ReferenceDiscuss the different parameters that are available with the useradd command as listed on page 152 of the text.NetWare 6.x Accounts in NetWare 6.x can be created using the ConsoleOne tool. ConsoleOne can be run on the server console as a NetWare Loadable Module (NLM), from a workstation under the Remote Console NLM, or from an administrators workstation as a desktop application. Quick ReferenceDiscuss the general steps for creating an account through ConsoleOne as listed on pages 155 and 156 of the text.Mac OS X In the workstation version of Mac OS X, you should create accounts for each user who logs on to the console, and for users who access a Mac OS X system through Telnet, accounts are created by choosing the Accounts icon in the System Preferences window, as shown in Figure 4-8 on page 157 of the text. Mac OS X can be customized for different logon options: To automatically log on to a specific account when the computer is booted To log on by viewing a name and password box, or by seeing a list of user accounts To hide the Restart and Shut Down buttons To show the password hint after three unsuccessful logon attempts Besides configuring accounts on a Mac OS X workstation, you can also configure accounts in Mac OS X Server, which is built on the Mac OS X foundation, but is designed as a true server for file sharing, printer sharing, managing network users and groups, and providing Web services. Two important tools that enable server management are included with Mac OS X Server: Server Admin and Macintosh Manager. The Server Admin tool allows you to create and manage accounts and groups. Macintosh Manager is a tool for managing users, groups, and computers that access the server. Setting Account Policies and Configuring Logon Security Some operating systems enable you to set up account policies and default logon security. These are policies that place restrictions on passwords or that automatically lock out accounts after a specified number of unsuccessful attempts to log on. Building Strong Passwords An effective defense against attackers is the user of strong passwords. Strong passwords are important for users, particularly if their accounts access sensitive data, and for server and network administrators. Quick ReferenceDiscuss some sample strong password guidelines as shown on page 158 of the text. Using Account Policies in Windows Server 2000/2003/2008 Account policies are set up as part of a group policy in Windows Server 2000/2003/2008 that applies to all accounts in an Active Directory container, such as a domain or Organizational Unit (OU). Account policies can also be configured for a local computer, whether or not Active Directory is installed on that computer. The account policy options affect two main areas, password security and account lockout. Quick ReferenceDiscuss the specific password security options that you can configure in Windows Server 2000/2003/2008 as illustrated on page 159 of the text. The account lockout options available in Windows Server 2000/2003/2008 are: Account lockout duration Account lockout threshold Reset account lockout counter after Hands-on Project 4-7 on page 186 of the text gives students the opportunity to configure account lockout in Windows Server 2000/2003/2008. Account Security Options in Red Hat Linux 9.x Red Hat Linux 9.x does not provide formal account security policies, but it does enable the configuration of password security and other security options associated with individual accounts. After an account is created, employ the Red Hat User Manager to configure specific security settings associated with an account. The security properties that you can configure include: Setting an account to expire on a particular date Locking a user account Expiration of account passwords so that users have to reset them Figure 4-9 on page 161 of the text illustrates the Password Info tab. Hands-on Project 4-8 on page 186 of the text enables students to configure security for an account, using the Red Hat User Manager. Using Account Templates in NetWare 6.x The account properties relating to security that can be established through a user template include: Home directory location and access rights to that directory Requirement for a password Minimum password length The remainder of this list can be found on page 162 of the text. A user template is created through the ConsoleOne utility in NetWare 6.x. Hands-on Project 4-9 on page 187 of the text enables students to create a user template. Using Global Access Privileges Windows 2000 Server, Windows Server 2003/2008, and NetWare 6.x enable global security measures on servers, but using somewhat different approaches. In Windows Server 2000/2003/2008, there are user rights that govern user and administrative functions. NetWare 6.x uses a similar term, access rights, but applies it in a different way, for more fine-turned access functions, such as the right to read files or modify the contents of directories. However, NetWare 6.x does use the concept of role-based security, which is used to establish administrative roles for managing a server, such as creating user accounts and creating printer objects. Windows Server 2000/2003/2008 User Rights User rights enable an account or group to perform predefined tasks. The most basic right is the ability to access a server. More advanced rights include the privileges of creating accounts and managing server functions. Table 4-1 on pages 163 and 164 of the text shows privileges for Windows Server 2000/2003/2008, and Table 4-2 on page 165 shows logon rights. When user rights are assigned to a group, then all user accounts (or groups) that are members of that group inherit the user rights assigned to the group, making these inherited rights. Hands-on Project 4-10 on page 188 of the text enables students to configure user rights. Role-Based Security in NetWare 6.x In NetWare 6.x, global security functions, particularly for administrative use, are allocated according to administrative roles. Some roles are for managing tasks. Other roles relate to managing network services. The specific roles are: DHCP Management ( DNS Management EDirectory ( iPrint Management License Management Using Group Policies and Security Templates in Windows Server 2000/2003/2008 The security policies are a small subset of the group policy feature in Windows Server 2000/2003/2008. This feature enables you to standardize the working environment of clients and servers by setting policies in Active Directory or on a local computer. Account policies and user rights are two examples of policies that can be configured in a group policy. Group policy has evolved from the Windows NT Server 4.0 concept of system policy. System policy is a set of basic user account and computer parameters that can be configured using the system policy editor, Poledit.exe. Parameters that are established in the system policy editor can apply domain-wide, or just to specific groups of users. The defining characteristics of group policy are: Group policy can be set for a site, domain, OU, or local computer. Group policy settings are stored in group policy objects. These are local and nonlocal GPOs. Configuring Client Security Using Policies There are several advantages to customizing settings used by clients, including improved security and a consistent working environment for the organization. The settings are customized by configuring policies on the Windows 2000/2003 servers that the clients access. Manually Configuring Policies for Clients You always have the option to manually configure policies that apply to clients, in order to accomplish specific purposes. You can manually configure one or more policies that apply to clients by using the Group Policy Snap-in for Windows 2000 Server or the Group Policy Object Editor Snap-in for Windows Server 2003/2008. In either tool, you customize the desktop settings for client computers by using the Administrative Templates object under User Configuration in a group policy object (see Figure 4-11 on page 169 of the text). Table 4-3 on page 169 of the text presents very general descriptions of the Administrative Templates options under User Configuration. Using Automated Configuration of Administrative Templates The settings in Table 4-3 can be configured through the use of administrative templates already provided in Windows Server 2000/2003/2008. Table 4-4 on page 170 of the text describes the templates that are preconfigured. Quick ReferenceDiscuss the general steps for configuring administrative templates as listed on page 170 and examine Figure 4-12 on page 171, which depicts the adding or removing of administrative templates in Windows Server 2003/2008.Configuring Additional Security Options Windows Server 2000/2003/2008 offer a way to fine-tune the security on a server by configuring the security options within the local policies in a GPO. One of the most common reasons for using the security options is to enable you to configure group policy security for specialized needs. The group policy security options are available in Windows 2000 Server, but are greatly expanded and divided into functional areas in Windows Server 2003/2008. Table 4-5 on page 172 of the text shows the functional areas used in Windows Server 2003/2008 and how they are used. Quick ReferenceDiscuss the general steps for configuring the security options for a domain from the Group Policy Snap-in (Windows 2000 Server) or the Group Policy Object Editor Snap-in (Windows Server 2003/2008) as listed on page 173 of the text.  Discussion Questions Discuss several strategies for establishing secure user account in any of the available operating systems. Discuss the importance and ease of use of administrative templates. Additional Activities Utilizing the Internet, have students search for software that would aid them in securing a computer system. Have students create a written security policy and compare it with security policies that were created by professionals.     Instructor: Prof. Michael P. Harris, CCNA CCAI Chapter 4 ITSY 2400 Operating Systems Security Account-Based Security Michael Palmer, Guide To Operating Systems Security Page  PAGE 1 of  NUMPAGES 8 Thompson/Course Technology 2004 ISBN: 0-619-16040-3 &'=?PZ b t  k y ~  ' , : ? Q d i m r h:Ih%0J/h;Ch%0J"h%h%0Jh^Llh^Llh%0J"h&h%0J"h%h%0J)hjvh-'0J h3h3h%0J" h%h%h%h1fh1fh1f0J h1f0J- h-'0J-7?P S T ( s (jk./gd;C+gd&gd%+gd%gd%gd%gd1fIJ Q`einp{rq_l>?tu󹳪h#kh%0J/hjh%0J/ h;Ch%h;Ch%0Jh;Ch;C0J h;C0Jh;Ch;Ch%0J)h3h30J/h3h%0J"h3h&0J/h3h%0J/h:Ih%0J)h%h:Ih%0J"3?un{ $Ifgd;C $Ifgd;Cgd;Cgd% <IX]h )*9nux|"#'+z{|#$&1̧힕h%h%0Jh#kh%0J/h;Ch%0J" h%CJhjhh%0J)hh%0J"h;Ch%0J) h;Ch%hhushus0J/hushush%0J)h% hus0J/hush%0J/7{|}&{vvvqqqqlgvgdus$gd+gd;Cgd%kd$$Ifl   0$ (#$     t 0  64 lalp ytKC' 125A%).3GXo fp~AD5 @ A M ɹɹɹɰɗɹɗɎɅɅɧɁɗɎhh{h%0J)h{h%0Jhh%0J" h%h%h;Ch%0J)h;Ch%0J"hh%0J/ h;Ch%h%h;Ch%0J/h5h%0J h0Jh%h%0J)h%h%0Jh#kh%0J/2 ?k0 1 !I!!!!!L" $Ifgd $Ifgd{+gdgd%M !!!"K"L"M"X"Y"""""""""##p#q##### $$t$|$$$$$$$$ %%"%&&&&&&'''''''(@(Q((()))0))) h%h%h{h%0J/hh%0J/h{h%0J)h{h%0J" h;Ch% h%CJhh%0J1 hh% h{h%hh%0J"h%@L"M"Y"`#a#q##{vqqh_ $Ifgd{ $Ifgd{gd%gd{kd$$Ifl   0$ (#$     t 0  64 lalp ytKC'###R%S%%%&\&]&y'z'({vqqllllqqqq+gd{gd%gd{kd$$Ifl   0$ (#$     t 0  64 lalp ytKC' ((())***&+ $Ifgd{ $Ifgd{(gd%gdgd{gd{gd%)"*2*5*E***%+&+'+A+^+_+++++++, , ,,,,, ,$,4,q,,,,,,,,---Y-v-------..G.H.Q.˲˩ˠˠ˜h#kh%0J h%h%hh jh%0J"h jh%0J/h9h90J"h9h%0J/ hh hh%h h;Ch% h%CJ h{h%h9h%0J)h9h%0J"h%4&+'+_+,---vqllcZ $Ifgd{ $Ifgd{gdgd{kd$$Ifl   0$ (#$     t 0  64 lalp ytKC'----- .#.G.H../}0vqqqlllgqbqgd#kgd%+gd#kgd%kd$$Ifl   0$ (#$     t 0  64 lalp ytKC' Q.h...// 1 11123g3r3v3~33334q444455^6{66h7r7u7777778888 9-9:1:2:V:W:m:::::;;;6;<<< ==== > >C>D>a>˿˿Զԭԭh#kh%0Jh#kh%0J) jh%h%0Jh%h%0J h%h%h;Ch%0J)h3 h;Ch%hh%h#kh%0J/D}0~000 1 111a2b22223333^666 9-9::G:m::gd%gd#k+gd#kgd%:::;<<<==== >D>g>>??kBBCCqD $Ifgd#k $Ifgd#kgd#k+gd#kgd%gd%a>e>>>??@ AAAkBlBBBC.C1CFCCCCCWDoDpDqDrDDDD-E0ECF[F^FsFFFFFFFFFFFGGGGGGGGGIIIIIIIIII/JEJJJƾh1fhI{0JhI{hM!,jhM!,Uhjv h%CJh h#kh%h#kh#kh%0J/h3 h;Ch%h%h#kh%0J)CqDrDDFFFFGvqlllcZ $Ifgd#k $Ifgd#kgd%gd#kkde$$Ifl   0$ (#$     t 0  64 lalp ytKC'GGGGGUHHHHIIvqqlggql__% & F-gd.P%gd.Pgd.Pgd%kdF$$Ifl   0$ (#$     t 0  64 lalp ytKC' IIIIIIIIIIIIIIIIGJHJIJJJJJJJJJ %gd1fgdjvgd%JJZJbJ}J~JJJJJJJJJJJJJJJJJƳƳhjvhM!,hI{$hI{6CJOJQJaJmHnHu"jhI{6CJOJQJUaJhI{6CJOJQJaJhI{6:CJOJQJaJhI{CJOJQJaJ70&P1hP/ =!h"#$% $$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'$$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'$$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'$$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'$$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'$$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'$$Ifl!vh5$ 5#v$ #v:V l  t 0  65$ 5/  / 4alp ytKC'2P@P Normal(CJOJPJQJ_HaJmH nHsH tH.@. Heading 12@12  Heading 2@&2@a2 Heading 3@&>@>  Heading 4 @&5CJ @@@  Heading 5 @& 56CJ$D@D  Heading 6 <@& 5\aJ:@:  Heading 7 <@&H@H  Heading 8 <@& 56CJ] @ 1 Heading 9& $xx& #$3$5$7$8$@&.6CJOJPJQJ]_HaJmH nHsH tHDA@D Default Paragraph FontVi@V  Table Normal :V 44 la (k(No List VB`V & Body Text(CJOJPJQJ_HaJmH nHsH tHfof &Body Text Char Char(CJOJPJQJ_HaJmH nHsH tHROR %Head 1$dhx$d @&N 5CJdO!d %Head 1 Char Char+5CJOJPJQJ_HaJmH nHsH tH\O2\ {Head 2 x+5CJOJPJQJ_HaJmH nHsH tHZOAZ { Head 2 Char+5CJOJPJQJ_HaJmH nHsH tH`OQ` Heading 2 Char+5CJOJPJQJ_HaJmH nHsH tH\O\ Head 3056CJOJPJQJ\]_HaJmH sH tH ^Oq^  Head 3 Char056CJOJPJQJ\]_HaJmH sH tH <O< Heading 4 Char5CJ bOb Heading 5 Char.56CJ$OJPJQJ_HaJmH nHsH tHjOj Body Text Mono Char+5CJOJPJQJ_HaJmH nHsH tHjOj Body Text Monod+5CJOJPJQJ_HaJmH nHsH tHBU@B Hyperlink>*B*CJOJQJph`@` Header  $+6CJOJPJQJ_HaJmH nHsH tHZOZ  Header Char+6CJOJPJQJ_HaJmH nHsH tHfOf ChapTitle456CJ$OJPJQJ\]_HaJ(mH nHsH tHrOr ChapTitle Char Char456CJ$OJPJQJ\]_HaJ(mH nHsH tHROR "Body Text Bold Italic! 56\]bO!b !Body Text Bold Italic Char Char 56\]: : Index 1#^`LOL Body Text + Indent $^aJpOp }6jBody Text + Num% & Fd(CJOJPJQJ_HaJmH nHsH tHtOt Body Text + alpha& & Fd(CJOJPJQJ_HaJmH nHsH tHJ+rJ  Endnote Text' p@ @@@@CJ<O< )Body Text Bold(5BOB (Body Text Bold Char5RYR  Document Map*-D M OJQJ^JvOv _`WBody Text + bullet+ & Fd(CJOJPJQJ_HaJmH nHsH tHXOX -ChapNum,.5CJ OJPJQJ\_HaJ$mH nHsH tHhOh ,ChapNum Char Char.5CJ OJPJQJ\_HaJ$mH nHsH tHBOB /Body Text Italic.6]ROR .Body Text Italic Char Char6]4 @4 jvFooter 0 !bob Heading 9 Char.6CJOJPJQJ]_HaJmH nHsH tHB| ?PST(s(jk./ ? u n{|}& ?k01ILMY`aqRS\]yz !!"""&#'#_#$%%%%%%% &#&G&H&&'}(~((( ) )))a*b****++++^... 1-122G2m2222;4<45555 6D6g6677k::;;q<r<<>>>>?????U@@@@AAAAAAAAAAAAAAAAAGBHBIBJBBBBBB000?000 +0 +0 +0 +0 +000s0s0s +0s +0s +0s0s0s0s0s0s0s0s0s0s0s0s0s0s0s0s0s 0s 0s 0s0s0s +0s +0 s +0 s +0 s$0s0s0s0s +0 s +0 s +0s +0s +0s +0s +0s0s0s0s +0s +0s +0s +0s0s0s 0s 0s 0s0M0M0M 0M 0M 0s00 +0 +0 +0 +0000000000(00 0 0 0s0'#0'#0'# 0'# 0'# 0'#0'#0'# +0'# +0'# +0'#h0'#0G&0G&0G&0G& +0G& +0G& +0 G&0G&0G&0G&0G&0G&0G&0G&0G&0G&0G&0G&0G&0G&h0'#0^.0^.0^.0^.0^. +0!^. +0"^.0^.X0'#02020202020202 +0#2 +0$2 +0%202020202020202 02 02 0s0r<0r<0r<0r< 0r< 0r< 0r<0r<0r< %0r< %0r<0r<0r<- %0r<- %0r<00@0@0X00@0@0X00@0@0X00@0@0X00@0@0@0@0@0@0@0@0@0X00B @@@C1M )Q.a>JJJ&)+-/369={L"#(&+-}0:qDGIJ'*,.0124578:;<J(C!8@0(  B S  ?‹#Ë(ċ`%kBv"B>*urn:schemas-microsoft-com:office:smarttags PersonName dAAAAAAAAAAAABB s!!t5v5<<>>AAAAAAAAAAAABB33333333 aq""$%%H&E(~(((**^..22;;>>??AAAAAAAAAAAABBBBAAAAAAAAAAAABB1"+h$+ Jfi|~vw@P<\k|YT*n!&@JCUV*8*m/v%Ox1,x4@>6Z:|w9*=<\iE?y8,}@4QU Y3xW_m`A`l_e:zZh̆VZin,mlhYNo؛ZK7/rxPot:h^`B*OJQJo(phhHh ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.h ^`o(hH)h ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(hhh^h`o(.h^`.hpLp^p`L.h@ @ ^@ `.h^`.hL^`L.h^`.h^`.hPLP^P`L.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(^`B*OJQJo(ph ^`OJ QJ o(o pp^p`OJ QJ o( @ @ ^@ `OJQJo( ^`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o PP^P`OJ QJ o(h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(h^`B*OJQJo(phh ^`OJ QJ o(oh ^`OJ QJ o(h m m ^m `OJQJo(h ==^=`OJ QJ o(oh   ^ `OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh }}^}`OJ QJ o(hh^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(hhh^h`o(.h^`.hpLp^p`L.h@ @ ^@ `.h^`.hL^`L.h^`.h^`.hPLP^P`L.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(h^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(hhh^h`o(.h^`.hpLp^p`L.h@ @ ^@ `.h^`.hL^`L.h^`.h^`.hPLP^P`L.h^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.hh^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(hh^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h^`CJOJQJo(hH) ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h^`B*OJQJo(phh ^`OJ QJ o(oh pp^p`OJ QJ o(h @ @ ^@ `OJQJo(h ^`OJ QJ o(oh ^`OJ QJ o(h ^`OJQJo(h ^`OJ QJ o(oh PP^P`OJ QJ o(-1"+*m/*m/[YNo*m/\`A`*m/\w9*=*m/ \*m/,\_e*m/8\K7/r*m/D\,}@*m/P\*m/\\*m/h\*m/t\*m/\*m/\W_*n!&QUiE?ZiOx1 Yi*m/\*m/\*m/\:hot>6mlvw@UV*k|4*m/\ppppppppppppppp+        Q        v-        <        v-        v-        v-        v-        v-        ҎX        v-         &;        v-        v-        Nnr~        Nnr~        v-        Nnr~        v-        v-        v-        v-        /.{-'lCE$-%Gz&KC'M!,V.;CRG:I_`W*p[_}6j#k^LlusqOtjjv.P j[`Tn9-T3I{AFv=5SXQ\I&O1fSX&{|LMaq""&#'#%%%%;;q<r<>>??B@,|DB@Unknown Gz Times New Roman5Symbol3& z Arial7&  VerdanaA& Trebuchet MSW BatangArial Unicode MSI& ??Arial Unicode MSU5  Lucida Sans Typewriter5& zaTahoma?5 z Courier New;Wingdings"1h@F`F{ 7!w 7!w3p4dwAwA 2QX?S2&Operating Systems Security - Chapter 2|                       Oh+'0 , L X d p|(Operating Systems Security - Chapter 2 Normal.dot12Microsoft Office Word@hx@kF@@~# 7՜.+,0  px  w!wA' 'Operating Systems Security - Chapter 2 Title  !"#$%&'()*+,-./0123456789:;<=>@ABCDEFHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry Fpϟ@Data ?1TableG?WordDocument9|SummaryInformation(DocumentSummaryInformation8CompObjq  FMicrosoft Office Word Document MSWordDocWord.Document.89q