Security Basics mailing list archives
Re: Share Permissions
From: "Roger A. Grimes" <rogerg () cox net>
Date: Mon, 9 Jun 2003 15:50:30 -0400
I don't know of a specific exploit against the scenario you propose, and what you propose below is a very, very common way to configure a Windows box. But in theory, it exposes more information that it needs to...and to that end if you are concerned about security, you should not do it. There is a large school of thought that says you should make learning information about your system as hard as possible. The more information you give away, the easier it is for said hacker to gather intelligence and then use it to attack your system. At the very least, considered changing EVERYONE on shares to AUTHENTICATED USERS. That way you get rid of anonymous accounts, etc. Also, this goes against the security-in-depth principal. If you get in a habit of setting security on both the shares and the folders/files, if you miss one the other might catch it. If you always have everyone on the share, if you accidentally forget to remove everyone on the drive persmissions then it's an open hole; and vice-versa. Although this doesn't seem like it would catch much, people often incorrectly change inherited rights, causing unintended permissive permissions. But since there are no specific exploits that would be avoided (that I know of) if you correctly handled file permissions 100% of the time, it's basically a risk/speed trade off. Just my one-half cent. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode **************************************************************************** ************* ----- Original Message ----- From: "Benjamin Meade" <ben () lanwest com au> To: "'Security-Basics'" <security-basics () securityfocus com> Sent: Monday, June 09, 2003 3:09 AM Subject: Share Permissions
Hey all, Just wondering in Win2K server, when I share a folder, I set the share permissions to full access for everybody, and then control access using the file permissions. (Basically cos it cuts down on administration, and I'm lazy.) Are there any security issues running this way, or is it much of a muchness? Thanks, Benjamin Meade System Administrator LanWest Pty Ltd Ph: (08) 9440 3033 Fax: (08) 9440 3370 --------------------------------------------------------------------------
-
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Share Permissions Benjamin Meade (Jun 09)
- RE: Share Permissions David Gillett (Jun 09)
- Re: Share Permissions Lan Guy (Jun 10)
- Re: Share Permissions Harish Gondavale (Jun 11)
- RE: Share Permissions Benjamin Meade (Jun 11)
- Re: Share Permissions Lan Guy (Jun 10)
- RE: Share Permissions David Gillett (Jun 09)
- RE: Share Permissions Manuel Fernandes (Jun 09)
- Re: Share Permissions Roger A. Grimes (Jun 09)
- <Possible follow-ups>
- RE: Share Permissions Jennifer Fountain (Jun 09)
- RE: Share Permissions Chris Berry (Jun 10)
- RE: Share Permissions Chris Berry (Jun 10)
- Re: Share Permissions ozzie ozzie (Jun 11)
- Re: Share Permissions Marco Araujo (Jun 13)