Guide to Operating System Security Chapter 5 File, Directory, and Shared

advertisement
Guide to Operating
System Security
Chapter 5
File, Directory, and Shared
Resource Security
Objectives




Implement directory, folder, and file security
Configure shared resource security, using share
permissions in Windows 2000/XP/2003
Use groups to implement security
Troubleshoot security
Guide to Operating System Security
2
Directory, Folder, and File
Security (Continued)


Access control lists (security descriptors)
associate users and groups with specific access
capabilities
ACL components


Discretionary access control list (DACL)
System access control list (SACL)
Guide to Operating System Security
3
Directory, Folder, and File
Security (Continued)

Categories of information in an ACL




User accounts that can access the object
Rights and permissions that determine level of
access
Ownership of the object
Whether specific events associated with an object
are to be audited
Guide to Operating System Security
4
Windows 2000/XP/2003 Folder
and File Security


Use attributes and permissions – related to file
system used with the OS
NTFS is better than FAT16 or FAT32



Able to set standard and special permissions
Supports use of EFS
Enables disk quotas to be set
Guide to Operating System Security
5
Configuring Folder and File
Attributes


Attributes in FAT16, FAT32, and NTFS are
stored as header information
Attributes available in FAT16/FAT32formatted disks



Read-only
Hidden
Archive
Guide to Operating System Security
6
Configuring Folder and File
Attributes
Guide to Operating System Security
7
NFTS Security Attributes






Read-only
Hidden
Archive
Index
Compress
Encrypt
Guide to Operating System Security
8
NFTS Security
Guide to Operating System Security
9
Configuring Folder and File
Permissions


Use Add and Remove buttons on folder
properties Security tab to change which users
and groups have permission
Modify existing permissions by clicking on the
group and checking or removing checks in
Allow and Deny columns
Guide to Operating System Security
10
Configuring Folder and File
Permissions
Guide to Operating System Security
11
Folder and File Permissions
Supported by NTFS
Guide to Operating System Security
12
Configuring Inheritable
Permissions
Guide to Operating System Security
13
UNIX and Linux Directory and
File Security (Continued)

Permissions




Read (r)
Write (w)
Execute (x)
Special permissions for executable programs


Set User ID (SUID)
Set Group ID (SGID)
Guide to Operating System Security
14
UNIX and Linux Directory and
File Security (Continued)

Permissions criteria





Use chmod command to set up permissions



Ownership (o)
Group membership (g)
Other (o)
All (a)
Symbolic format
Octal format
Use chown command to change ownership
Guide to Operating System Security
15
Viewing Permissions Settings
Guide to Operating System Security
16
Red Hat Linux 9.x System
Directories
Guide to Operating System Security
17
NetWare 6.x Directory and File
Security

Access controlled through:


Attributes associated with files and directories
Access rights granted to trustees
Guide to Operating System Security
18
NetWare Directory Attributes
Guide to Operating System Security
19
NetWare File Attributes (Continued)
Guide to Operating System Security
20
NetWare File Attributes (Continued)
Guide to Operating System Security
21
NetWare Directory Attributes
Guide to Operating System Security
22
NetWare Access Rights
Guide to Operating System Security
23
NetWare Access Rights
Guide to Operating System Security
24
NetWare Trustee Rights
Guide to Operating System Security
25
Mac OS X Folder and File
Security

Ways to configure file and folder permissions


Command-line commands
Set Get Info properties of a file
Guide to Operating System Security
26
Using Command-Line
Commands in Mac OS X
Guide to Operating System Security
27
Configuring Ownership &
Permission for a Mac OS x File
Guide to Operating System Security
28
Mac OS X Get Info Folder and
File Permissions
Guide to Operating System Security
29
Shared Resource Security

Sharing or accessing resources – directories,
folders, files, and printers – over a network




Windows 2000/XP/2003
Red Hat Linux 9.x
NetWare 6.x
Mac OS X
Guide to Operating System Security
30
Sharing Resources in Windows
2000/XP/2003


Use share permissions
Protecting a shared folder




Full Control
Change
Read
Protecting a shared printer
Guide to Operating System Security
31
Protecting a Shared Folder
Guide to Operating System Security
32
Protecting a Shared Printer




Print
Manage Documents
Manage Printers
Special Permissions



Read
Change
Take Ownership
Guide to Operating System Security
33
Sharing Resources in
Red Hat Linux 9.x

Enable access through:

Telnet and FTP
•



Use with Secure Shell capabilities
Network File System (NFS)
Protecting directory resources
Protecting printer resources


Queue-based printing
Novell Distributed Print Services (NDPS)
Guide to Operating System Security
34
Sharing Resources in
NetWare 6.x

Protecting directory resources

Mapping and search mapping
•

Protects through attributes and trustee access rights
Protecting printer resources
Guide to Operating System Security
35
NetWare Drive Mappings
Guide to Operating System Security
36
Sharing Resources in
Mac OS X



Enable access through System Preferences
Protecting a shared folder
Protecting a shared printer
Guide to Operating System Security
37
Using Security Groups


Group together accounts that have similar
characteristics
Eliminates repetitive steps in managing user
and resource access
Guide to Operating System Security
38
Using Groups in
Windows 2000/XP/2003


Related to concept of scope of influence
Types; used for security and distribution
groups




Local
Domain local
Global
Universal
Guide to Operating System Security
39
Implementing Local Groups

Used to manage resources in Windows
2000/XP Professional
Guide to Operating System Security
40
Implementing Local Groups
Guide to Operating System Security
41
Implementing Domain Local
Groups



Used when Active Directory is deployed
Used to manage resources in a domain
Give access to global groups from the
same/other domains access to those resources
Guide to Operating System Security
42
Implementing Domain Local
Groups
Guide to Operating System Security
43
Implementing Global Groups


Intended to contain user accounts from single
domain
Can be set up as member of a domain local
group in same or other domain
Guide to Operating System Security
44
Implementing Global Groups
Guide to Operating System Security
45
Implementing Universal Groups

Spans domains and trees within a Windows
Active Directory forest
Guide to Operating System Security
46
Guidelines for Using Groups

Global groups


Domain local groups


Hold accounts as members
Provide access to resources in a specific domain
Universal groups

Provide extensive access to resources
Guide to Operating System Security
47
Using Groups in
Red Hat Linux 9.x


Assign each group a unique group
identification number (GID)
Assign permissions to access resources to the
group
Guide to Operating System Security
48
Using Groups in NetWare 6.x




Create groups with ConsoleOne tool
Configure trustee access rights for the group
Assign accounts to the group
Assign specific login script to the group
Guide to Operating System Security
49
Using Groups in Mac OS X

Automatically managed and assigned by the
operating system
Guide to Operating System Security
50
Troubleshooting Security

Windows XP Professional and Windows
Server 2003


View the effective permissions
NetWare 6.x

View the effective rights
Guide to Operating System Security
51
Viewing Effective Rights in
NetWare 6.x
Guide to Operating System Security
52
Summary



How to configure directory, folder, and file
security for Windows 2000/XP/2003,
Linux 9.x, Netware 6.x, and Mac OS X
How to fine-tune security for common and
unique circumstances
Specialized share permissions for Windowsbased systems; used when folders are shared
across a network through FAT16/32 and NTFS
Guide to Operating System Security
continued… 53
Summary


How to configure and use security groups to
manage access to shared resources
How to use effective permissions and effective
rights tools in Windows XP/2003 and
NetWare 6.x to ensure that directory, folder,
and file security is properly set and that there
are no security holes
Guide to Operating System Security
54
Download