The Windows NT Security Model & Architecture
E. Eugene Schultz - Global Integrity
Feb 26, 1999
AbstractWindows NT is currently the best-selling operating system product. Marketing efforts for this product often emphasize the claim that "you can't buy a more secure product than Windows NT." Is this true? Windows NT security is based on a security model and an architecture that includes many security-related capabilities. This talk explores how this model and architecture work, then analyzes both in terms of their value in countering the most currently common types of attacks on Windows NT systems and networks. The presentation concludes with a high-level view of Windows NT security.
About the SpeakerDr. Eugene Schultz, CISSP, is the Research Director and Trusted Security Advisor with Global Integrity Corporation, a wholly-owned subsidiary of Science Applications International Corporation (SAIC). In this role he conducts research and consulting activities and provides strategic guidance to corporate clients. He is also a Visiting Scientist in the Computer Science Department at Purdue University as part of his research activities.
An expert in Windows NT, UNIX, and network security, Dr. Schultz is a member of the faculty of the Computer Security Institute and SANS (System Administration and Network Security). He has co-authored two books (UNIX: Its Use, Control and Audit and Internet Security for Business) and over 80 published articles, and is a contributing editor to Network Security in addition to being a member of IFIP Working Group 11.4 (Network Security). His new book, Practical Windows NT Security, will be released early this year.
He has received numerous professional awards, including the NASA Technical Innovation Award, Best Paper Award for the National Information Systems Security Conference, and Information Systems Security Association (ISSA) Career Achievement Award. Dr. Schultz has also provided expert testimony for the U.S. Senate.
Before coming to Global Integrity, he was the Principal and Infomation Security Practice Leader for SRI Consulting, where he also served as Program Manager and Research Director for the I-4 (International Information Integrity Institute) Program. Dr. Schultz was also previously a Principal Security Engineer with ARCA Systems, the Project Manager and founder of the Department of Energy's Computer Incident Advisory Capability (CIAC) at Lawrence Livermore National Laboratory, and Group Leader at the Jet Propulsion Laboratory. He has presented over 100 talks, including numerous keynote addresses, at a variety of conferences throughout the world.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.