Home page logo

basics logo Security Basics mailing list archives

Re: Permissions scanner
From: Harvey Cary <hcary () insphere net>
Date: Tue, 25 Feb 2003 20:22:25 -0500

A key element to this is that a user will be granted the least security 
possible when the share and NTFS permissions are combined. For example, if 
the NTFS permissions give a user read access but the shared permission is 
read/write for everyone the user will still only have read access. 

I generally try not to mix my permissions. I would recommend setting your 
permmisions in NTFS and not giving much thought to the share permissions.

On Monday 24 February 2003 23:43, Di Fresco Marco wrote:
There are a number of ways to do what you're talking about, but I don't
think that's necessarily the correct approach to solving what
you're worried about. There are two kinds of permissions on a microsoft
system (assuming  that you're running NTFS which XP normally does)

Yes, I am using NTFS (I forgot to mention it).

share permissions and Access Control Lists. You should check your drive
and make sure that any of  your shares (folders with the little hand
under them) are not set to everyone (the default), I usually use
authenticated users or something like that but if you're really paranoid
you could add each of your four accounts by name.

I do not have any shared folder (at least I never configured any folder to
this sitting), so I should be fine on this metter.

ACLs on the other hand aren't really for protecting you from outsiders,
they're more about protecting you from authorized users. For example you
may not wish to give everyone who uses your machine access to your mp3
files, in case they might accidentally delete one.

The configurtion between user shoud be fine (at least the accounts of my
parents do not have permission over my files, but my account has permission
over their for backup purpose). But I am worring (other then attacker, that
you solved my doubts with the first line of the above paragraph) about
viruses, trojan, etc (even if I shuld be quite protected, see reply to the
next paragraph). As far as I have understood (as I said in the previous
e-mail, I am a newbie home user), when loaded, the viruses infect as much
as it can with the permission of the current active user and since I am
affraid to have given to much permission to my daily use account, I am
worry to be too vulnerable.

I am already considering to make backups more often (and especially to a
separate media, right now the automatic backup goes in a local folder) and
use the system restore.

As you have an always on internet connection, the main three things you
should do as a home user to protect your system are:
1) Install a firewall (zonealarm is free, there are lots of others that
would work just fine as well)
2) Install and keep updated an anti-virus program. My personal favorite
is norton corporate, its packed with features, but if you're on a limited
budget you can get AVG for free.
3) Download and install all microsoft updates.

On these three thing I am fine; I (already) have ZoneAlarm, McAfe Personal
Firewall and McAfee VirusScan Professional 7 and I look for updates (for
either these programs and Windows Update) almost every days.

There are lots of other things you can do to secure your computer, but
just by doing these three you'll eliminate 95% of all trouble you'll
probably experience as a home user.

Thank you.

Di Fresco Marco
ICQ #51985192

|| Spock (Court Martial - TOS): If I let go a hammer on a planet having a  
| | positive gravity, I need not see it fall to know that it has, in fact, 
|  | fallen.                                                                                     |



Harvey Cary 
Network Security Consultant
Raleigh, NC
hcary () insphere net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]