That's old school bad advice. Permissions should be set as restricted
as they can be on both the NTFS and Share level. Defense-in-depth. If
you goof up on one (and we all goof up one time or another) the other
might save you.
Roger
************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger@banneretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code: Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
************************************************************************
****
-----Original Message-----
From: David Schenz [mailto:schenz.9@dps.ohio-state.edu]
Subject: RE: Win NT Permission question ?
I also emphasize giving everyone Full control for share level
permissions otherwise the permissions get _very_ hairy.
Good luck
David
-----Original Message-----
From: Prasanna M [mailto:PrasannaM@catsglobal.co.in]
Sent: Friday, September 10, 2004 3:46 AM
To: 'yfs us '; 'security-basics@securityfocus.com '
Subject: RE: Win NT Permission question ?
user1 & user2 are they admins? or normal users?
your file would be safe only if users 1&2 dont know how to tinker with
win nt much.
if they do kno their way around win nt, then ur data isnt safe.
basically if someone has ownership access to the parent folder, then
they can definitely access the subfolders, no matter wat permissions you
set.
hth,
Prasanna
-----Original Message-----
From: yfs us
To: security-basics@securityfocus.com
Sent: 9/9/2004 6:16 AM
Subject: Win NT Permission question ?
Hi All,
Just want to check with u guys here how does these Win NT Permission
works.My admin had setup a directory with the following permission :-
C:\detail\ was own by user1 and had Full Control
(All) (All)
user2 had Full Control (All) (All)
user3 had Full Control (All) (All)
C:\detail\data\ was own by user2 and had Full Control (All) (All)
user1 had no access
user3 had add & read (rwx)
(rwx)
C:\detail\data\info\ was own by user3 and had Full Control (All) (All)
user1 had no access
user2 had no access
I'm user3 and I just want to know can user1 & user2 delete my file ?
Can user2 delete the info folder ? If I create a folder in info
directory eg. C:\detail\data\info\secret , so can
user1 & user2
delete it and also the file inside the secret folder ?
I'm not a
admin and my admin sucks ? If I want to secure my info folder what
permission should be given to user2 & user1 ?
All help r welcome.
Cheers
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of a certified computer examiner, learn to recover trace data
left behind by fraud, theft, and cybercrime perpetrators. Discover the
source of computer crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of a certified computer examiner, learn to recover trace data
left behind by fraud, theft, and cybercrime perpetrators. Discover the
source of computer crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of a certified computer examiner, learn to recover trace data
left behind by fraud, theft, and cybercrime perpetrators. Discover the
source of computer crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
