290 likes | 812 Views
NT File System Security & Auditing. Issues concerning NTFS and shared folders Implementing Audit Policies Guidelines Best Practices. Securing Network Resources with Share Permissions. Introduction to Shared Folders Sharing Folders Guidelines for Assigning Permissions Best Practices.
E N D
NT File System Security & Auditing • Issues concerning NTFS and shared folders • Implementing Audit Policies • Guidelines • Best Practices
Securing Network Resources with Share Permissions • Introduction to Shared Folders • Sharing Folders • Guidelines for Assigning Permissions • Best Practices
Introduction to Shared Folders Shared Folders Data Users User1 User2 User3 User4 Server • Shared Folders Give Users Centralized Access to Network Files • A Folder Must Be Shared Before a User Can Connect to It • Permission to Use a Shared Folder Is Assigned to Users and Groups
Group Operating System Requirements Administrators Any computer running Windows NT Server Operators Windows NT Server domain controllers only Power Users Windows NT Server member servers and computers running Windows NT Workstation Share Purpose C$, D$, E$ The root of each volume is automatically shared Admin$ The C:\Winnt folder is shared as Admin$ Sharing Folders • Requirements for Sharing a Folder • Using the Administrative Shares
Sharing a Folder (C:) Properties Sharing General Tools Not Shared Shared As: Share Name: Apps Comment: Application files User Limit: New Share... Maximum Allowed Allow Users Remove Share Permissions... OK Cancel Apply Required
Shared Folder Permissions FullControl Change Read No Access
Access Through Share Permissions Access Through Share: Apps Add Users and Groups Owner: Domains List Names From: Name: Classroom1* Names: Users Read Account Operators Members can administer domain user an Administrators Full Control Administrators Members can fully administer the comput Backup Operators Members can bypass file security to bac Domain Admins Designated administrators for the domain Domain Admins Designated administrators for the domain Domain Guests All domains guests Everyone All Users Guests Users granted guest access to the comp Add Show Users Members... Search... Type of Access: Read Add Names: Classroom\Apps Group OK Cancel Add... Type of Access: Read OK Cancel Help Assigning Share Permissions
Determine Which Groups Need Access to a Resource Assign Permissions to Groups Instead of Users Assign the Most Restrictive Permissions Remove Default Permissions for a New Shared Folder Guidelines for Assigning Permissions
Organize Disk Resources to Simplify Administration Store Data Separately from Operating Systems and Applications Remove the Everyone Group from the Permissions List Assign Permissions to Groups Rather Than Individual Users Limit the Number of Users Who Can Connect to a Share Create Shortcuts for Frequently Used Shared Folders Best Practices
Securing Network Resources with NTFS Permissions • Introduction to NTFS Permissions • Assigning NTFS Permissions • Guidelines for Assigning NTFS Permissions • Best Practices
C Suggestions User1 R User2 R User3 R Introduction to NTFS Permissions NTFS Volume • Available Only on NTFS Volumes • Secure Folders and Files • Effective When a User Accesses the Resource: • Locally • Remotely Server User1
NTFS Permissions • Read (R) • Write (W) • Execute (X) • Delete (D) • Change Permission (P) • Take Ownership (O)
Folder Permissions File Permissions No Access (None) (None) No Access (None) Read (RX) (RX) Read (RX) Change (RWXD) (RWXD) Change (RWXD) Add (WX) (Not Specified) Full Control (All) Add & Read (RWX) (RX) List (RX) (Not Specified) Full Control (All) (All) Standard Permissions • Are a Combination of Individual NTFS Permissions • Give You the Ability to Assign Multiple NTFS Permissions at One Time
Assigning NTFS Permissions • Requirements to Assign NTFS Permissions • Owner • Full Control • Special Access: Change Permission or Take Ownership • Default NTFS Permissions • The Everyone group is automatically assigned Full Control • New files inherit the permissions of the folder where they are created
Directory Permissions D i rectory: D:\Apps Add Users and Groups O wner: Administrators L ist Names From: Classroom1* R e place Permissions on Subdirectories N ames: Replace Permissions on Existing F iles Account Operators Members can administer domain user an N ame: Administrators Members can fully administer the comput Backup Operators Members can bypass file security to bac Everyone List (RX) Not Specified Domain Admins Designated administrators of the domain CREATOR OWNER Full Control (All) (All) Domain Guests All domains guests Administrators Full Control (All) (All) Everyone All Users Server Operators Change (RWXD) (RWXD) Guests Users granted guest access to the comp SYSTEM Full Control (All) (All) A dd Show U sers M embers... S earch... A dd M embers... Full Control T ype of Access: OK Cancel A dd... R emove H elp A d d Names: Classroom1\Apps Group T ype of Access: Read OK Cancel H elp Assigning NTFS File and Folder Permissions
Remove Full Control Permission from the Everyone Group Assign Full Control Permission to the Administrators Group Educate Users to Assign NTFS Permissions to Their Files Guidelines for Assigning NTFS Permissions
Assign NTFS Permissions Before Sharing the Resource Make Application Executable Files Read-Only for All Users Assign permissions to groups rather than to individual users Educate users to assign NTFS permissions to folders and files Use NTFS permissions If the Resource Is Accessed Locally Best Practices
Auditing Resources and Events • Introduction to Auditing • Planning an Audit Policy • Implementing an Audit Policy • Using Event Viewer to View the Security Log • Best Practices
Determine the Events to Audit Determine Whether to Audit the Success or Failure of an Event Determine If You Need to Track Trends Planning an Audit Policy
Implementing an Audit Policy • An Audit Policy Is Set on a Computer-by-Computer Basis • Auditing Requirements • Only Administrators can set up auditing • Server Operators can view and archive logs • Files and directories must be on NTFS volumes only • Auditing Process • Set the auditing policy • Specify the events to audit for files, directories, and printers
Audit Policy Domain: CLASSROOM1 OK Do Not Audit Cancel Audit These Events: Help Success Failure Logon and Logoff File and Object Access Use of User Rights User and Group Management Security Policy Changes Restart, Shutdown, and System Process Tracking Defining the Domain Audit Policy
Directory Auditing Directory: D:\Data OK Replace Auditing on Subdirectories Cancel Replace Auditing on Existing Files Add... Name: Everyone Remove Help Events to Audit Success Failure Read Write Execute Delete Change Permissions Take Ownership Auditing Files and Directories
Printer Auditing Printer: HP Color LaserJet PS OK Cancel Name: Add... Everyone Remove Help Events to Audit Success Failure Print Full Control Delete Change Permissions Take Ownership Auditing a Printer
Event Viewer User View Options Help Log Security System Application Microsoft Microsoft Using Event Viewer
Event Viewer - Security Log on \\STUDENT1 Log View Options Help Date Time Source Category Event 4/24/96 6:04:07 PM Security Object Access 562 4/24/96 6:04:07 PM Security System Event 515 4/24/96 6:04:07 PM Security Privilege Use 577 4/24/96 6:01:41 PM Security Account Manage...578 4/24/96 6:01:39 PM Security Logon/Logoff 538 4/24/96 6:01:39 PM Security Detailed Tracking 593 Viewing Security Logs
Filter View From View Through OK First Event Last Event Cancel Events On: Events On: Clear 4/24/96 4/24/96 512 512 Help Find 6:00:10 PM 6:05:55 PM 512 512 Types Types Find Next Information Information Success Audit Success Audit Cancel Warning Failure Audit Warning Failure Audit Clear Error Error Help Security 512 Source: Security Source: 512 Logon/Logoff 512 Category: Policy Change 512 Category: Direction 512 User: 609 Up 512 Event ID: 512 Down Computer: NTSA5 512 Computer: 512 Event ID: 512 User: 512 Description: Locating Events
Event Log Settings Change Settings for Log OK Security Cancel Maximum Log Size: Kilobytes (64K Increments) 512 512 Default Event Log Wrapping Help Overwrite Events as Needed Overwrite Events Older than 7 Days 512 Do Not Overwrite Events (Clear Log Manually) Archiving the Security Log • Track Trends • Determine resource use for planning purposes • Detect unauthorized use of resources
Define an Audit Policy that Is Useful, But Manageable Audit the Everyone Group Instead of the Users Group Set Up a Schedule for Viewing Audit Logs Archive Audit Logs Regularly to Track Trends Best Practices
Conclusion 1. Proper File System Security - NTFS and shared folders 2. Implement audit policies where needed 3. Other Security Tasks a. Install Service Packs & hot fixes www.microsoft.com/windowsnt b. Keep anti-virus updates current c. Run regular backups d. Monitor e-mail and internet access