Feature |
NT |
Unix |
Identification |
maps unsername onto an internal Security IDentifier (SID) which is unique within a Windows domain. SID is not reused |
username is paired with a User IDentification (UID) |
Authentication |
two hashed versions of passwords (LM-hash & NT-native)stored in Security Accounts Manager (SAM). NT-native uses MD4 hash and LM-hash uses variant of DES. |
password stored in /etc/password (or more typically) in /etc/shadow. Uses a modified DES and a salt |
Access Control |
Every object has an Access Control List (ACL) identifying what each group or user is allowed or disallowed to do with that object |
Each file has a list of attributes (filename, permission bits, and a UID and GID). The UID specifies the owner of the file. The permission bits (rwxr--r--) specifies that the owner may read, write, execute the file, while members of the group and everyone may only read the file. |
Auditing |
Done by the Security Reference Monitor (SRM) and the Local Security Authority (LSA). Auditing records are constructed by the SRM which send requests to the LSA and then in turn to the Event Logger. |
syslog facility keeps information in log files. Many systems also support C2 auditing. |
Networking |
Windows NT uses Server Message Blocks (SMB) to do authentication and RPC on NetBIOS over TCP/IP (NBT). All logging in Windows NT is done by computer name and not IP address. Very chatty. |
UNIX based on TCP/IP supporting rlogin, rcp, rsh, ... Network File System (NFS) add suport for sharing files over a network. Network Information System (NIS) allows hosts to share system databases including account information. |