1 / 63

File System Security

File System Security. Gary DeRoest. Topics. Access Rights Security Trustee Effective Rights Inherited Rights Inherited Rights Filter Tools Attribute Security Documentation. Access Rights Security. Access to shared directories and files Securing sensitive data Drop boxes

long
Download Presentation

File System Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. File System Security Gary DeRoest

  2. Topics • Access Rights Security • Trustee • Effective Rights • Inherited Rights • Inherited Rights Filter • Tools • Attribute Security • Documentation

  3. Access Rights Security • Access to shared directories and files • Securing sensitive data • Drop boxes • Executing programs • Viewing directory contents

  4. Access Rights Security • Supervisor Access Right • Directory • Grants all rights • Cannot be blocked by IRF or reassigned • File • Grants all rights to specified file S

  5. Access Rights Security • Read Access Right • Directory • Read files or run programs within specified directory • File • Read or run specified file R

  6. Access Rights Security • Write Access Right • Directory • Allows users to add or change data to files in this directory • File • Users can add or chance data to specified file W

  7. Access Rights Security • Create Access Right • Directory • Users can create files and subdirectories in specified directory • File • Users can salvage specified file if deleted C

  8. Access Rights Security • Erase Access Right • Directory • Allows users to delete files and destroy subdirectories • File • Allow user to delete specified file E

  9. Access Rights Security • Modify Access Right • Directory • Allows users to change file and subdirectory names as well as attribute settings • File • Allow user to change name or attribute settings for specified file M

  10. Access Rights Security • File Scan Access Right • Directory • Allows users to view file and subdirectory names within specified directory • File • Allow user to view file name for specified file F

  11. Access Rights Security • Access Control Access Right • Directory • Allows users to grant access rights to other users for this directory • File • Allow user to grant access rights for specified file A

  12. Directory Entry Table • Record of file name on volume • List of Trustees and Access Rights • 6 trustees per entry

  13. Trustee • Directory Trustee • user, group, or container object that has been granted access rights to a directory • File Trustee • user or group that has been granted acces rights to a file

  14. Effective Rights • The rights that ultimately control what functions a user can perform in a specified directory or file • Consist of one or more… • user trustee assignments • user’s group membership • container trustee assignments to user or group • Inherited rights through container, user, group • Inherited rights filter

  15. Countries France Spain Home Volume Access Rights What are Bill’s Effective rights? Countries Spain France IRF [] Bill [RWCFM] IRF [] IRF []

  16. Countries France Spain Home Volume Inherited Rights What are Bill’s Effective rights? Countries Spain France IRF [] Bill [RWCFM] IRF [] IRF [CM]

  17. Home Volume Countries France Spain Access Rights What are Bill’s Effective rights? Countries Spain France IRF [CM] Bill [RWCFM] IRF [] Bill [RW] IRF [CRM]

  18. Home Volume Countries France Spain Group Rights Accounting Bill IRF [] Bill [SRWCFM] IRF [CEM] Bill [RFM] IRF [] Accounting[REA]

  19. Tools Use Windows Explorer tool to view and modify file system security settings.

  20. Tools Use Windows Explorer tool to view and modify file system security settings.

  21. Tools Use NWAdmin to add trustees and security settings to the file system.

  22. Tools Use NWAdmin to add trustees and security settings to the file system.

  23. Documenting Access Rights • RIGHTS

  24. Documenting Access Rights • RIGHTS /S /T

  25. Documenting Access Rights

  26. Attribute Security

  27. Attribute Security • File Attributes • A, Cc, Ci, Di, Dc, Ds, X, H, Ic, M, P, Ro, Rw, Ri, Sh, Sy, T • Directory Attributes • Di, Dc, Dm, N, H, Ic, P, Ri, Sy

  28. Tools Use Windows Explorer tool to view and modify file attribute settings.

  29. Tools Use NWAdmin tool to view and modify file attribute settings.

  30. Documenting Attribute Security

  31. NDS Security • Allows users to view, access, create, or modify NDS objects and their properties • NDS security and File System are similar and separate • Separate administrators for containers

  32. Access Control List • List of users, groups or containers that have rights to the object – trustees • [Public] – all VLM client computers • [Root] – all users in NDS tree

  33. Two Parts of NDS Security • Object Rights • what a trustee is allowed to do the object itself • Property Rights • What a trustee can do with the properties and their values within the object

  34. Object Rights

  35. Browse Right • Similar to the File Scan right in file system security. • Allows the trustee to see the object in the tree.

  36. Create Right • When assigned to a container, the create right allows the trustee to create leaf and sub-container objects. • Cannot be assigned to leaf objects.

  37. Rename, Delete and Supervisor • Rename and Delete rights allow the trustee to rename or delete the container or leaf object. • The Supervisor right provides all other rights including Supervisor rights to all properties.

  38. Inheritable Right • New right with NetWare 5. • Granting a trustee the Inheritable right allows the trustee’s object rights given in the trustee assignment to be inherited by all leaf objects and subcontainers.

  39. Property Rights

  40. Read and Compare Rights • The Read right allows the trustee to view the contents of the property. • The Compare right is a subset of the Read right and only allows the trustee to compare a given value to the property without actually viewing the contents of the property.

  41. Write and Add Self rights • The Write right allows a trustee to change the contents of a property. • The Add Self right is a special case of the Write right and allows a trustee to make themselves a member of the object, or remove themselves from the object. • Add self is usually only assigned to group type objects.

  42. Inheritable Right • Allows the trustee’s assignment to be inherited by sub-containers and leaf objects. • Can be assigned to All properties or selected properties. • Assigning Inheritable to a selected property allows only that property to be inherited by sub-containers and leaf objects.

  43. Effective Rights • What actions the trustee can perform as a result of one of more of the following: • Direct trustee assignment • Trustee assignment made to group or container • Trustee assignment made to parent container • Rights inherited from a parent container • Rights lost through a Inherited Rights Filter (IRF)

  44. Tools of the Trade • NetWare Administrator Property Rights Object Rights

  45. Effective Rights • NetWare Administrator Effective Rights

  46. Chapter 6 Exercises

  47. Z.E.N. Works

  48. If Necessary- Delete Netscape 4

  49. Note • Make sure that G: is mapped to UAS_HOST_CORP:##CORP

  50. Inventory Current Environment

More Related