为什么在 Windows 上将服务作为本地系统运行是不好的? [英] Why running a service as Local System is bad on windows?

问题描述

我试图找出不同服务帐户类型之间的区别.我突然想到了这个问题.

I am trying to find out the difference between difference service account types. I tumbled upon this question.

答案是因为它对本地资源有强大的访问能力，如果可能，应该使用网络服务.

The answer was because it has powerful access to local resources, and Network Service should be used if possible.

但是我仍然无法理解，如果它具有对本地资源的强大访问权限，那么攻击者如何访问该帐户?账号泄露的方法有哪些?我知道这完全与安全有关，但我不知道如何.这可能是黑暗黑客的世界，但是任何人都可以简单地解释为什么网络服务帐户比本地帐户更好?

But still I am not able to understand that if it has powerful access to local resources, how attacker can access the account? What are the ways to compromise the account? I understood it is all about security, but I don't know how. It could be dark hacker's world, however anybody could explain, in simple terms, why network service account is better than local account ?

提前致谢.

推荐答案

您运行的每个程序都会增加服务器的攻击面.

Every program you run increases the attack surface of your server.

您必须假设一个坚定的恶意行为者可以利用您程序中的错误或漏洞使其执行任何操作.您可以通过以完成工作所需的最低权限执行程序来缓解这种情况.

You have to assume that a determined, malicious actor can exploit bugs or loopholes in your program to make it do anything. You mitigate that by executing your programs with the least privileges required to do their jobs.

其中一些漏洞利用包括:

Some of these exploits include:

• 引诱攻击，其中攻击者诱骗您的程序在程序的提升权限下执行其代码.

• Luring attacks, in which an attacker tricks your program into executing their code under the program's elevated privileges.

缓冲区溢出攻击，其中额外的数据发送到一个方法被写入相邻的内存，这可能是控制流逻辑的目标.

Buffer Overrun Attacks, in which extra data sent to a method is written into adjacent memory, which may be the target of control flow logic.

中间人攻击，攻击者向您的程序伪造消息.

Man in the Middle attacks, where an attacker falsifies messages to your program.

通常，给定的服务并不明显容易受到任何这些攻击.在网络服务(或其他权限降低的帐户)下运行是一种比后悔更安全"的策略，它承认软件开发的两个重要事实:程序员容易犯错，攻击者具有创造性.

Often, a given service isn't obviously vulnerable to any of these. Running under network service (or another account with reduced permissions) is a 'better safe than sorry' strategy that acknowledges two important facts of software development: programmers are fallible and attackers are inventive.

这篇关于为什么在 Windows 上将服务作为本地系统运行是不好的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！