Mcgraw.Hill.Hacknotes.Windows.Security.Portable

Total Page:16

File Type:pdf, Size:1020Kb

Mcgraw.Hill.Hacknotes.Windows.Security.Portable HackNote / HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / Color profile: Generic CMYK printer profile Composite Default screen blind folio i HACKNOTES™ “HackNotes Windows Security Portable Reference distills into a small form factor the encyclopedic information in the original Hacking Exposed: Windows 2000.” —Joel Scambray, coauthor of Hacking Exposed 4th Edition, Hacking Exposed Windows 2000, and Hacking Exposed Web Applications; Senior Director of Security, Microsoft’s MSN “HackNotes Windows Security Portable Reference takes a ‘Just the Facts, Ma’am’ approach to securing your Windows infrastructure. It checks the overly long exposition at the door, focusing on specific areas of attack and defense. If you’re more concerned with securing systems than speed-reading thousand-page tech manuals, stash this one in your laptop case now.” —Chip Andrews, www.sqlsecurity.com, Black Hat Speaker, and coauthor of SQL Server Security “No plan, no matter how well-conceived, survives contact with the enemy. That’s why Michael O’Dea’s HackNotes Windows Security Portable Reference is a must-have for today’s over-burdened, always-on-the-move security professional. Keep this one in your hip pocket. It will help you prevent your enemies from gaining the initiative.” —Dan Verton, author of Black Ice: The Invisible Threat of Cyber-Terrorism and award-winning senior writer for Computerworld “HackNotes Windows Security Portable Reference covers very interesting and pertinent topics, especially ones such as common ports and services, NetBIOS name table definitions, and other very specific areas that are essential to understand if one is to genuinely comprehend how Windows systems are attacked. Author Michael O’Dea covers not only well-known but also more obscure (but nevertheless potentially dangerous) attacks. Above all else, he writes in a very clear, well-organized, and concise style—a style that very few technical books can match.” —Dr. Eugene Schultz, Ph.D., CISSP, CISM, Principle Computer Systems Engineer, University of California-Berkeley, Prominent SANS speaker P:\010Comp\HackNote\785-0\fm.vp Friday, June 20, 2003 10:31:38 AM Color profile: Generic CMYK printerHackNote profile/ HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / Composite Default screen blind folio 1 About the Author Michael O’Dea is Project Manager of Product Services for the security firm Foundstone, Inc. Michael has been immersed in information technology for over 10 years, working with technologies such as enterprise data encryption, vi- rus defense, firewalls, and proxy service solutions on a variety of UNIX and Windows platforms. Currently, Michael develops custom integration solutions for the Foundstone Enterprise vulnerability management product line. Prior to joining Foundstone, Michael worked as a senior analyst supporting Internet se- curity for Disney Worldwide Services, Inc., the data services arm of the Walt Disney Company; and as a consultant for Network Associates, Inc., Michael has contributed to many security publications, including Hacking Exposed: Fourth Edition and Special Ops: Internal Network Security. About the Technical Editor Arne Vidström is an IT Security Research Scientist at the Swedish Defence Re- search Agency. Prior to that he was a Computer Security Engineer at the telecom operator Telia, doing penetration testing, source code security reviews, security configuration testing, and creation of security configuration checklists. Arne holds a University Diploma in Electronic Engineering and a B.Sc. in Math- ematics from the University of Karlstad. In his spare time he runs the Windows security web site ntsecurity.nu, where he publishes his own freeware security tools and vulnerability discoveries. P:\010Comp\HackNote\785-0\fm.vp Friday, June 20, 2003 10:30:34 AM HackNote / HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / Color profile: Generic CMYK printer profile Composite Default screen blind folio iii HACKNOTES™ Windows MICHAEL O’DEA McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto P:\010Comp\HackNote\785-0\fm.vp Friday, June 20, 2003 10:30:34 AM Color profile: Generic CMYK printerHackNote profile/ HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / Composite Default screen blind folio 1 McGraw-Hill/Osborne 2100 Powell Street, 10th Floor Emeryville, California 94608 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund- raisers, please contact McGraw-Hill/Osborne at the above address. For informa- tion on translations or book distributors outside the U.S.A., please see the Interna- tional Contact Information page immediately following the index of this book. HackNotesTM Windows® Security Portable Reference Copyright © 2003 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1234567890 DOC DOC 019876543 ISBN 0-07-222785-0 Publisher Copy Editor Brandon A. Nordin Andrea Boucher Vice President & Associate Publisher Proofreader Scott Rogers Linda Medoff Editorial Director Indexer Tracy Dunkelberger Jack Lewis Executive Editor Composition Jane K. Brownlow Lucie Ericksen Project Editor John Patrus Jennifer Malnick Illustrators Executive Project Editor Kathleen Edwards Mark Karmendy Dick Schwartz Acquisitions Coordinator Lyssa Wald Athena Honore Series Design Technical Editor Dick Schwartz Arne Vidström Peter F. Hancik Series Editor Cover Series Design Mike Horton Dodie Shoemaker This book was composed with Corel VENTURA™ Publisher. Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. P:\010Comp\HackNote\785-0\fm.vp Friday, June 20, 2003 10:30:34 AM HackNote / HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / Color profile: Generic CMYK printer profile Composite Default screen CONTENTS Acknowledgments . ix HackNotes: The Series. xi Introduction . xiii Reference Center Hacking Fundamentals: Concepts . RC 2 ICMP Message Types . RC 5 Common Ports and Services . RC 7 Common NetBIOS Name Table Definitions . RC 12 Windows Security Fundamentals: Concepts . RC 13 Windows Default User Accounts . RC 14 Windows Authentication Methods . RC 15 Common Security Identifiers (SIDs) . RC 16 Windows NT File System Permissions . RC 17 Useful Character Encodings . RC 18 Testing for Internet Information Services ISAPI Applications . RC 21 Security Related Group Policy Settings . RC 22 Useful Tools . RC 26 Quick Command Lines . RC 28 WinPcap / libpcap Filter Reference . RC 29 nslookup Command Reference . RC 30 Microsoft Management Console . RC 31 Online References . RC 32 Part I Hacking Fundamentals ■ 1 Footprinting: Knowing Where to Look . 3 Footprinting Explained . 4 Footprinting Using DNS . 4 Footprinting Using Public Network Information . 10 Summary . 12 v P:\010Comp\HackNote\785-0\fm.vp Friday, June 20, 2003 10:30:34 AM HackNote / HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / FM Color profile: Generic CMYK printer profile Composite Default screen vi HackNotes Windows Security Portable Reference ■ 2 Scanning: Skulking About . 13 Scanning Explained . 14 How Port Scanning Works . 14 Port Scanning Utilities . 21 Summary . 30 ■ 3 Enumeration: Social Engineering, Network Style . 31 Enumeration Overview . 32 DNS Enumeration (TCP/53, UDP/53) . 35 NetBIOS over TCP/IP Helpers (UDP/137, UDP 138, TCP/139, and TCP/445) . 37 Summary . 48 ■ 4 Packet Sniffing: The Ultimate Authority . 49 The View from the Wire . 50 Windows Packet Sniffing . 50 Summary . 57 ■ 5 Fundamentals of Windows Security . 59 Components of the Windows Security Model . 60 Security Operators: Users and User Contexts . 60 Authentication . 66 Windows Security Providers . 69 Active Directory and Domains . 70 Summary . 71 Part II Windows 2000 and 2003 Server Hacking Techniques & Defenses ■ 6 Probing Common Windows Services . 75 Most Commonly Attacked Windows Services . 76 Server Message Block Revisited . 76 Probing Microsoft SQL Server . 89 Microsoft Terminal Services / Remote Desktop (TCP 3389) . 93 Summary . 96 ■ 7 Hacking Internet Information Services . 97 Working with HTTP Services . 98 Simple HTTP Requests . 98 Speaking HTTP . 99 Delivering Advanced Exploits . 100 Introducing the Doors . 102 The Big Nasties: Command Execution . 102 A Kinder, Gentler Attack . 115 Summary . 117 P:\010Comp\HackNote\785-0\fm.vp Friday, June 20, 2003 10:30:34 AM HackNote / HackNotes Windows Security Portable Reference / O’Dea / 222785-0 / FM Color profile: Generic CMYK printer profile Composite Default screen Contents vii Part III Windows Hardening ■ 8 Understanding Windows Default Services . 121 Windows Services Revealed . 122 The Top Three Offenders . 122 Internet Information Services/ World Wide Web Publishing Service . 122 Terminal Services . 123 Microsoft SQL Server / SQL Server Resolution Service . 123 The Rest of the Field . 123 Summary . 134 ■ 9 Hardening Local User Permissions . 135 Windows Access Control Facilities . 136 File System Permissions . 136 Local Security Settings . 146 Summary . 154 ■ 10 Domain Security with Group Policies . 155 Group Policy Overview . 156 Group Policy Application . 157 Working with Group Policies . 157 Working with Group Policies in Active Directory . 163 Editing Default Domain Policies . 164 Controlling Who Is Affected by Group Policies . 165 Using the Group Policy Management Console . 166 Summary . ..
Recommended publications
  • Cygwin User's Guide
    Cygwin User’s Guide Cygwin User’s Guide ii Copyright © Cygwin authors Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this per- mission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this documentation under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this documentation into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Cygwin User’s Guide iii Contents 1 Cygwin Overview 1 1.1 What is it? . .1 1.2 Quick Start Guide for those more experienced with Windows . .1 1.3 Quick Start Guide for those more experienced with UNIX . .1 1.4 Are the Cygwin tools free software? . .2 1.5 A brief history of the Cygwin project . .2 1.6 Highlights of Cygwin Functionality . .3 1.6.1 Introduction . .3 1.6.2 Permissions and Security . .3 1.6.3 File Access . .3 1.6.4 Text Mode vs. Binary Mode . .4 1.6.5 ANSI C Library . .4 1.6.6 Process Creation . .5 1.6.6.1 Problems with process creation . .5 1.6.7 Signals . .6 1.6.8 Sockets . .6 1.6.9 Select . .7 1.7 What’s new and what changed in Cygwin . .7 1.7.1 What’s new and what changed in 3.2 .
    [Show full text]
  • Microsoft Windows Common Criteria Evaluation Security Target
    Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 version 1809 (October 2018 Update) Microsoft Windows Server 2019 (October 2018 Update) Security Target Document Information Version Number 0.05 Updated On June 18, 2019 Microsoft © 2019 Page 1 of 126 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 June 27, 2018 Initial draft 0.02 December 21, 2018 Updates from security target evaluation 0.03 February 21, 2019 Updates from evaluation 0.04 May 6, 2019 Updates from GPOS PP v4.2.1 0.05 June 18, 2019 Public version Microsoft © 2019 Page 2 of 126 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
    [Show full text]
  • Windows System Error Codes and What They Mean
    Windows system error codes and what they mean This information was gathered from: https://msdn.microsoft.com/en-us/library/windows/desktop/ ms681382(v=vs.85).aspx You can find additional error codes and messages in the above website. Code Description: 0 The operation completed successfully. 1 Incorrect function. 2 The system cannot find the file specified. 3 The system cannot find the path specified. 4 The system cannot open the file. 5 Access is denied. 6 The handle is invalid. 7 The storage control blocks were destroyed. 8 Not enough storage is available to process this command. 9 The storage control block address is invalid. 10 The environment is incorrect. 11 An attempt was made to load a program with an incorrect format. 12 The access code is invalid. 13 The data is invalid. 14 Not enough storage is available to complete this operation. 15 The system cannot find the drive specified. 16 The directory cannot be removed. 17 The system cannot move the file to a different disk drive. 18 There are no more files. 19 The media is write protected. 20 The system cannot find the device specified. 21 The device is not ready. 22 The device does not recognize the command. 23 Data error (cyclic redundancy check). 24 The program issued a command but the command length is incorrect. 25 The drive cannot locate a specific area or track on the disk. 26 The specified disk or diskette cannot be accessed. 27 The drive cannot find the sector requested. 28 The printer is out of paper.
    [Show full text]
  • DRBL-Winroll: the Free Configuration Program for Microsoft Windows
    DRBL-Winroll: The Free configuration program for Microsoft Windows Ceasar Sun, Steven Shiau, Thomas Tsai http://drbl-winroll.org , http://drbl.org , http://clonezilla.org/ RMLL (LSM) 2015 Q3, 2015 1 Outline Introduction to DRBL-Winroll – Develop Team – Common Issues for Windows Replication – Feature/Framework Cases of Usages – Basic Installation and usage – How to do centralize management – Advanced usage Limitation/Development/Contribution Q&A 2 Outline Introduction to DRBL-Winroll – Develop Team – Common Issues for Windows Replication – Feature/Framework Cases of Usages – Basic Installation and usage – How to do centralize management – Advanced usage Limitation/Development/Contribution Q&A 3 About us • From Taiwan, working for the NPO NCHC (National Center for High- Performance Computing) • Developers of free/open-source software: – DRBL, Clonezilla – DRBL-Winroll, Tux2live – Partclone, Tuxboot, Cloudboot – ... more Taiwan image source: wikipedia.org 4 Developers/Contributor • Steven Shiau • Ceasar Sun • Thomas Tsai • Jazz Wang • Jean René Mérou Sánchez • K. L. Huang • Jean-Francois Nifenecker • Louie Chen • Nagappan Alagappan • … 5 Replication Issue 6 Copy & Paste ? • Data v.s Configurations – For small scale replication , it's easy. • Deployment is one thing, but configuration is another – Not only copy-and-paste 7 Configuration with Massive Scale • Not possible by hand , automatical configuration is better I©m Robot #1 Hello, I©m Robot #2 Hello, I©m Robot #3 Hello, I©m Robot #.. 8 Mass Deployment • What is “mass deployment”
    [Show full text]
  • Clustered Data ONTAP® 8.3 File Access Management Guide for NFS
    Updated for 8.3.1 Clustered Data ONTAP® 8.3 File Access Management Guide for NFS NetApp, Inc. Telephone: +1 (408) 822-6000 Part number: 215-10105_A0 495 East Java Drive Fax: +1 (408) 822-4501 June 2015 Sunnyvale, CA 94089 Support telephone: +1 (888) 463-8277 U.S. Web: www.netapp.com Feedback: [email protected] Table of Contents | 3 Contents Considerations before configuring file access .......................................... 10 File protocols that Data ONTAP supports ................................................................. 10 How Data ONTAP controls access to files ................................................................ 10 Authentication-based restrictions .................................................................. 10 File-based restrictions ................................................................................... 11 LIF configuration requirements for file access management .................................... 11 How namespaces and volume junctions affect file access on SVMs with FlexVol volumes ................................................................................................................ 11 What namespaces in SVMs with FlexVol volumes are ................................. 11 Volume junction usage rules ......................................................................... 12 How volume junctions are used in SMB and NFS namespaces .................... 12 What the typical NAS namespace architectures are ...................................... 12 Creating and managing data volumes
    [Show full text]
  • Clustered Data ONTAP 8.3 NFS File Access Reference Guide
    Clustered Data ONTAP® 8.3 NFS File Access Reference Guide February 2016 | 215-10877_A0 [email protected] Updated for 8.3.2 Table of Contents | 3 Contents Deciding whether to use this guide ............................................................. 8 Considerations before configuring file access ............................................ 9 File protocols that Data ONTAP supports ................................................................... 9 How Data ONTAP controls access to files .................................................................. 9 Authentication-based restrictions .................................................................... 9 File-based restrictions ................................................................................... 10 LIF configuration requirements for file access management .................................... 10 How namespaces and volume junctions affect file access on SVMs with FlexVol volumes ................................................................................................................ 10 What namespaces in SVMs with FlexVol volumes are ................................. 10 Volume junction usage rules ......................................................................... 11 How volume junctions are used in SMB and NFS namespaces .................... 11 What the typical NAS namespace architectures are ...................................... 11 Creating and managing data volumes in NAS namespaces ...................................... 14 Creating data volumes
    [Show full text]
  • More Than You Ever Wanted to Know About NT Login Authentication
    A Perspective On Practical Security 2000 More Than You Ever Wanted to Know about NT Login Authentication SystemExperts Corporation Philip C. Cox & Paul B. Hill Abstract Inside The login process is the user's entry-point to the computing • Under the covers for a local NT login environment, the best or perhaps only chance for real • NT & LAN Manager compatibility authentication. No authorization decision has any meaning absent authentication. Taking the rapid adoption of NT as a given, any • Password encryption within the Security Accounts Manager organization must understand exactly how NT login authentication (SAM) database works if it is to determine whether or not NT login can meet the organization's needs. Otherwise, the choices are faith and luck. • User Authentication Process This white paper describes an Interactive NT login and lays the • Use of the LsaLogonUser API groundwork for understanding the Network login. This information is current as of NT 4.0 Service Pack 5. • The groundwork for understanding network login. NT Login Authentication SystemExperts Corporation There are no less than 5 types of “logons” in Windows NT, but only three are commonly used: Interactive, Network, and Service. Boston New York Washington D.C Tampa San Francisco Los Angeles Sacramento 1. Interactive logons are for users logging onto the console and for processes that require “interactive” access. Interactive NT Toll free (USA only): +1 888 749 9800 user authentication itself takes several forms: From outside USA: +1 978 440 9388 - Login with a locally defined user account — no network access is required; the account is authenticated by the machine you are logging into and only by that machine www.systemexperts.com [email protected] Copyright 1997-2001 SystemExperts Corporation.
    [Show full text]
  • Windows Server 2003 Security Guide
    Microsoft Solutions for Security and Compliance Windows Server 2003 Security Guide April 26, 2006 © 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-Non Commercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. Table of Contents iii Contents Chapter 1: Introduction to the Windows Server 2003 Security Guide ............. 1 Overview....................................................................................................1 Executive Summary .....................................................................................1 Who Should Read This Guide.........................................................................2 Scope of this Guide......................................................................................2 Chapter Summaries .....................................................................................3 Chapter 1: Introduction to the Windows Server 2003 Security Guide .............4 Chapter 2: Windows Server 2003 Hardening Mechanisms ............................4 Chapter 3: The Domain Policy..................................................................4 Chapter 4: The Member Server Baseline Policy ...........................................4 Chapter 5: The Domain Controller Baseline Policy .......................................5 Chapter 6: The Infrastructure Server Role .................................................5
    [Show full text]
  • A Survey of Access Control Policies
    A Survey of Access Control Policies Amanda Crowell University of Maryland [email protected] ABSTRACT nisms to the standard checks. Modern operating systems each have different implementa- tions of access controls and use different policies for deter- The Common Weakness Enumeration (CWE) describes sev- mining the access that subjects may have on objects. This eral mistakes that application developers have made in re- paper reviews the three main types of access control policies: gard to access control. Often, developers do not give the discretionary, mandatory, and role-based. It then describes application objects the appropriate rights to begin with (i.e. how Windows and various Unix systems implement their they specify more rights than are necessary) and do not chosen access control policies. Finally, it discusses some modify rights throughout the application's lifetime. Since common mistakes that application programmers make when spawned processes typically take on the rights of the spawn- enforcing access control in their applications and gives some ing process, rights might be passed on to the spawned pro- general guidance to reduce the occurrence of mistakes. cess that were unintentional. In response to these mistakes, some researchers have developed guidelines for using access 1. INTRODUCTION controls appropriately. These include: (a) understanding Modern operating systems use different mechanisms for pro- what information is available to the system and how it can viding access control. These mechanisms are designed to be used to make decisions, (b) determining exactly which meet security policies that vary in the way access decisions rights are absolutely necessary and only allow those and are made.
    [Show full text]
  • Database Installation Guide
    Oracle® Database Database Installation Guide 19c for Microsoft Windows E96293-06 June 2020 Oracle Database Database Installation Guide, 19c for Microsoft Windows E96293-06 Copyright © 1996, 2020, Oracle and/or its affiliates. Primary Authors: Sunil Surabhi, Tanaya Bhattacharjee Contributing Authors: Prakash Jashnani, Mark Bauer, Bharathi Jayathirtha Contributors: Barb Glover, Eric Belden, Sudip Datta, David Friedman, Alex Keh, Peter LaQuerre, Rich Long, Matt McKerley, Sham Rao Pavan, Hanlin Qian, Sujatha Tolstoy, Sergiusz Wolicki, Sue Mavris, Mohammed Shahnawaz Quadri, Vishal Saxena, Krishna Itikarlapall, , Santanu Datta, Christian Shay, Aneesh Khanderwal, Michael Coulter, Robert Achacoso, Malai Stalin, David Price, Ramesh Chakravarthula This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S.
    [Show full text]
  • Lustre Windows Client High Level Design Sun Microsystems
    Lustre Windows Client High Level Design Sun Microsystems April 8, 2008 Developed by: OSR Open Systems Resources, Inc. 105 Route 101A, Suite 19 Amherst, New Hampshire 03031-2277 (603) 595-6500 (603) 595-6503 © 2008 OSR Open Systems Resources, Inc. All rights reserved. No part of this work covered by the copyright hereon may be reproduced or used in any form or by any means -- graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems -- without written permission of OSR Open Systems Resources, Inc., 105 Route 101A Suite 19, Amherst, New Hampshire 03031, (603) 595-6500 OSR, the traditional OSR Logo, the new OSR logo, “OSR Open Systems Resources, Inc.”, and “The NT Insider” are trademarks of OSR Open Systems Resources, Inc. All other trademarks mentioned herein are the property of their owners. Printed in the United States of America Document Identifier: PR088-02 LIMITED WARRANTY OSR Open Systems Resources, Inc. (OSR) expressly disclaims any warranty for the information presented herein. This material is presented “as is” without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose. The entire risk arising from the use of this material remains with you. OSR’s entire liability and your exclusive remedy shall not exceed the price paid for this material. In no event shall OSR or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profit, business interruption, loss of business information, or any other pecuniary loss) arising out of the use or inability to use this information, even if OSR has been advised of the possibility of such damages.
    [Show full text]
  • A Novel Software Tool for Analysing NT R File System Permissions
    A Novel Software Tool for Analysing NT R File System Permissions Simon Parkinson and Andrew Crampton School of Informatics University of Huddersfield HD1 3DH, UK Email: [email protected] Abstract—Administrating and monitoring New Technology administrator to evaluate user permission across a File System (NTFS) permissions can be a cumbersome and whole directory structure. convoluted task. In today’s data rich world there has never 2) Interacting with a single ACL using Windows Ex- been a more important time to ensure that data is secured plorer as seen in Figure 1 requires the traversal of against unwanted access. This paper identifies the essential and four different interfaces. Interacting with multiple fundamental requirements of access control, highlighting the ACLs soon becomes a cumbersome task, which could main causes of their misconfiguration within the NTFS. In response, a number of features are identified and an efficient, ultimately result in permissions being overlooked. informative and intuitive software-based solution is proposed for 3) Not only is the administrator required to examine examining file system permissions. In the first year that the users or groups within the ACL, they have to re- software has been made freely available it has been downloaded member, or explore, group association to evaluate the and installed by over four thousand users1. inheritance of permissions from different groups. It is well reported that these time-consuming peculiarities re- I. INTRODUCTION sult in the potential for errors to occur, which could ultimately result in users being denied access, or in the worst case, the Controlling access permissions to a given file system is possibility for unwanted access to occur [3]–[7].
    [Show full text]