Re: Permissions scanner

[Harvey Cary <hcary () insphere net>]

A key element to this is that a user will be granted the least security 
possible when the share and NTFS permissions are combined. For example, if 
the NTFS permissions give a user read access but the shared permission is 
read/write for everyone the user will still only have read access. 

I generally try not to mix my permissions. I would recommend setting your 
permmisions in NTFS and not giving much thought to the share permissions.


On Monday 24 February 2003 23:43, Di Fresco Marco wrote:
> > There are a number of ways to do what you're talking about, but I don't
> > think that's necessarily the correct approach to solving what
> > you're worried about. There are two kinds of permissions on a microsoft
> > system (assuming  that you're running NTFS which XP normally does)
>
> Yes, I am using NTFS (I forgot to mention it).
>
> > share permissions and Access Control Lists. You should check your drive
> > and make sure that any of  your shares (folders with the little hand
> > under them) are not set to everyone (the default), I usually use
> > authenticated users or something like that but if you're really paranoid
> > you could add each of your four accounts by name.
>
> I do not have any shared folder (at least I never configured any folder to
> this sitting), so I should be fine on this metter.
>
> > ACLs on the other hand aren't really for protecting you from outsiders,
> > they're more about protecting you from authorized users. For example you
> > may not wish to give everyone who uses your machine access to your mp3
> > files, in case they might accidentally delete one.
>
> The configurtion between user shoud be fine (at least the accounts of my
> parents do not have permission over my files, but my account has permission
> over their for backup purpose). But I am worring (other then attacker, that
> you solved my doubts with the first line of the above paragraph) about
> viruses, trojan, etc (even if I shuld be quite protected, see reply to the
> next paragraph). As far as I have understood (as I said in the previous
> e-mail, I am a newbie home user), when loaded, the viruses infect as much
> as it can with the permission of the current active user and since I am
> affraid to have given to much permission to my daily use account, I am
> worry to be too vulnerable.
>
> I am already considering to make backups more often (and especially to a
> separate media, right now the automatic backup goes in a local folder) and
> use the system restore.
>
> > As you have an always on internet connection, the main three things you
> > should do as a home user to protect your system are:
> > 1) Install a firewall (zonealarm is free, there are lots of others that
> > would work just fine as well)
> > 2) Install and keep updated an anti-virus program. My personal favorite
> > is norton corporate, its packed with features, but if you're on a limited
> > budget you can get AVG for free.
> > 3) Download and install all microsoft updates.
>
> On these three thing I am fine; I (already) have ZoneAlarm, McAfe Personal
> Firewall and McAfee VirusScan Professional 7 and I look for updates (for
> either these programs and Windows Update) almost every days.
>
> > There are lots of other things you can do to secure your computer, but
> > just by doing these three you'll eliminate 95% of all trouble you'll
> > probably experience as a home user.
>
> Thank you.
>
>
>
> Di Fresco Marco
> ICQ #51985192
>
> |--------------------------------------------------------------------------
> || Spock (Court Martial - TOS): If I let go a hammer on a planet having a  
> | | positive gravity, I need not see it fall to know that it has, in fact, 
> |  | fallen.                                                                                     |
> |--------------------------------------------------------------------------
> ||

-- 

Thanks,

Harvey Cary 
CISSP, MCSE+I
Network Security Consultant
Raleigh, NC
hcary () insphere net