nt file system security auditing l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
NT File System Security & Auditing PowerPoint Presentation
Download Presentation
NT File System Security & Auditing

Loading in 2 Seconds...

play fullscreen
1 / 29

NT File System Security & Auditing - PowerPoint PPT Presentation


  • 203 Views
  • Uploaded on

NT File System Security & Auditing. Issues concerning NTFS and shared folders Implementing Audit Policies Guidelines Best Practices. Securing Network Resources with Share Permissions. Introduction to Shared Folders Sharing Folders Guidelines for Assigning Permissions Best Practices.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'NT File System Security & Auditing' - betty_james


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
nt file system security auditing
NT File System Security & Auditing
  • Issues concerning NTFS and shared folders
  • Implementing Audit Policies
  • Guidelines
  • Best Practices
securing network resources with share permissions
Securing Network Resources with Share Permissions
  • Introduction to Shared Folders
  • Sharing Folders
  • Guidelines for Assigning Permissions
  • Best Practices
slide3

Introduction to Shared Folders

Shared Folders

Data

Users

User1

User2

User3

User4

Server

  • Shared Folders Give Users Centralized Access to Network Files
  • A Folder Must Be Shared Before a User Can Connect to It
  • Permission to Use a Shared Folder Is Assigned to Users and Groups
sharing folders

Group

Operating System Requirements

Administrators

Any computer running Windows NT

Server Operators

Windows NT Server domain controllers only

Power Users

Windows NT Server member servers and computers

running Windows NT Workstation

Share

Purpose

C$, D$, E$

The root of each volume is automatically shared

Admin$

The C:\Winnt folder is shared as Admin$

Sharing Folders
  • Requirements for Sharing a Folder
  • Using the Administrative Shares
slide5

Sharing a Folder

(C:) Properties

Sharing

General

Tools

Not Shared

Shared As:

Share Name:

Apps

Comment:

Application files

User Limit:

New Share...

Maximum Allowed

Allow

Users

Remove Share

Permissions...

OK

Cancel

Apply

Required

shared folder permissions
Shared Folder Permissions

FullControl

Change

Read

No Access

assigning share permissions

Access Through Share Permissions

Access Through Share:

Apps

Add Users and Groups

Owner:

Domains

List Names From:

Name:

Classroom1*

Names:

Users Read

Account Operators Members can administer domain user an

Administrators Full Control

Administrators Members can fully administer the comput

Backup Operators Members can bypass file security to bac

Domain Admins Designated administrators for the domain

Domain Admins Designated administrators for the domain

Domain Guests All domains guests

Everyone All Users

Guests Users granted guest access to the comp

Add

Show Users

Members...

Search...

Type of Access:

Read

Add Names:

Classroom\Apps Group

OK

Cancel

Add...

Type of Access:

Read

OK

Cancel

Help

Assigning Share Permissions
slide8

Determine Which Groups Need Access to a Resource

Assign Permissions to Groups Instead of Users

Assign the Most Restrictive Permissions

Remove Default Permissions for a New Shared Folder

Guidelines for Assigning Permissions

best practices

Organize Disk Resources to Simplify Administration

Store Data Separately from Operating Systems and Applications

Remove the Everyone Group from the Permissions List

Assign Permissions to Groups Rather Than Individual Users

Limit the Number of Users Who Can Connect to a Share

Create Shortcuts for Frequently Used Shared Folders

Best Practices
securing network resources with ntfs permissions
Securing Network Resources with NTFS Permissions
  • Introduction to NTFS Permissions
  • Assigning NTFS Permissions
  • Guidelines for Assigning NTFS Permissions
  • Best Practices
introduction to ntfs permissions

C

Suggestions

User1

R

User2

R

User3

R

Introduction to NTFS Permissions

NTFS Volume

  • Available Only on NTFS Volumes
  • Secure Folders and Files
  • Effective When a User Accesses the Resource:
    • Locally
    • Remotely

Server

User1

ntfs permissions
NTFS Permissions
  • Read (R)
  • Write (W)
  • Execute (X)
  • Delete (D)
  • Change Permission (P)
  • Take Ownership (O)
standard permissions

Folder Permissions

File Permissions

No Access (None) (None)

No Access (None)

Read (RX) (RX)

Read (RX)

Change (RWXD) (RWXD)

Change (RWXD)

Add (WX) (Not Specified)

Full Control (All)

Add & Read (RWX) (RX)

List (RX) (Not Specified)

Full Control (All) (All)

Standard Permissions
  • Are a Combination of Individual NTFS Permissions
  • Give You the Ability to Assign Multiple NTFS Permissions at One Time
assigning ntfs permissions
Assigning NTFS Permissions
  • Requirements to Assign NTFS Permissions
    • Owner
    • Full Control
    • Special Access: Change Permission or Take Ownership
  • Default NTFS Permissions
    • The Everyone group is automatically assigned Full Control
    • New files inherit the permissions of the folder where they are created
assigning ntfs file and folder permissions

Directory Permissions

D

i

rectory:

D:\Apps

Add Users and Groups

O

wner:

Administrators

L

ist Names From:

Classroom1*

R

e

place Permissions on Subdirectories

N

ames:

Replace Permissions on Existing

F

iles

Account Operators

Members can administer domain user an

N

ame:

Administrators

Members can fully administer the comput

Backup Operators

Members can bypass file security to bac

Everyone

List (RX) Not Specified

Domain Admins

Designated administrators of the domain

CREATOR OWNER

Full Control (All) (All)

Domain Guests

All domains guests

Administrators

Full Control (All) (All)

Everyone

All Users

Server Operators

Change (RWXD) (RWXD)

Guests

Users granted guest access to the comp

SYSTEM

Full Control (All) (All)

A

dd

Show

U

sers

M

embers...

S

earch...

A

dd

M

embers...

Full Control

T

ype of Access:

OK

Cancel

A

dd...

R

emove

H

elp

A

d

d Names:

Classroom1\Apps Group

T

ype of Access:

Read

OK

Cancel

H

elp

Assigning NTFS File and Folder Permissions
guidelines for assigning ntfs permissions

Remove Full Control Permission from the Everyone Group

Assign Full Control Permission to the Administrators Group

Educate Users to Assign NTFS Permissions to Their Files

Guidelines for Assigning NTFS Permissions
best practices17

Assign NTFS Permissions Before Sharing the Resource

Make Application Executable Files Read-Only for All Users

Assign permissions to groups rather than to individual users

Educate users to assign NTFS permissions to folders and files

Use NTFS permissions If the Resource Is Accessed Locally

Best Practices
auditing resources and events
Auditing Resources and Events
  • Introduction to Auditing
  • Planning an Audit Policy
  • Implementing an Audit Policy
  • Using Event Viewer to View the Security Log
  • Best Practices
planning an audit policy

Determine the Events to Audit

Determine Whether to Audit the Success or Failure of an Event

Determine If You Need to Track Trends

Planning an Audit Policy
implementing an audit policy
Implementing an Audit Policy
  • An Audit Policy Is Set on a Computer-by-Computer Basis
  • Auditing Requirements
    • Only Administrators can set up auditing
    • Server Operators can view and archive logs
    • Files and directories must be on NTFS volumes only
  • Auditing Process
    • Set the auditing policy
    • Specify the events to audit for files, directories, and printers
defining the domain audit policy

Audit Policy

Domain: CLASSROOM1

OK

Do Not Audit

Cancel

Audit These Events:

Help

Success

Failure

Logon and Logoff

File and Object Access

Use of User Rights

User and Group Management

Security Policy Changes

Restart, Shutdown, and System

Process Tracking

Defining the Domain Audit Policy
auditing files and directories

Directory Auditing

Directory: D:\Data

OK

Replace Auditing on Subdirectories

Cancel

Replace Auditing on Existing Files

Add...

Name:

Everyone

Remove

Help

Events to Audit

Success

Failure

Read

Write

Execute

Delete

Change Permissions

Take Ownership

Auditing Files and Directories
auditing a printer

Printer Auditing

Printer: HP Color LaserJet PS

OK

Cancel

Name:

Add...

Everyone

Remove

Help

Events to Audit

Success

Failure

Print

Full Control

Delete

Change Permissions

Take Ownership

Auditing a Printer
using event viewer

Event Viewer

User View Options Help

Log

Security

System

Application

Microsoft

Microsoft

Using Event Viewer
viewing security logs

Event Viewer - Security Log on \\STUDENT1

Log View Options Help

Date

Time

Source

Category

Event

4/24/96 6:04:07 PM Security Object Access 562

4/24/96 6:04:07 PM Security System Event 515

4/24/96 6:04:07 PM Security Privilege Use 577

4/24/96 6:01:41 PM Security Account Manage...578

4/24/96 6:01:39 PM Security Logon/Logoff 538

4/24/96 6:01:39 PM Security Detailed Tracking 593

Viewing Security Logs
locating events

Filter

View From

View Through

OK

First Event

Last Event

Cancel

Events On:

Events On:

Clear

4/24/96

4/24/96

512

512

Help

Find

6:00:10 PM

6:05:55 PM

512

512

Types

Types

Find Next

Information

Information

Success Audit

Success Audit

Cancel

Warning

Failure Audit

Warning

Failure Audit

Clear

Error

Error

Help

Security

512

Source:

Security

Source:

512

Logon/Logoff

512

Category:

Policy Change

512

Category:

Direction

512

User:

609

Up

512

Event ID:

512

Down

Computer:

NTSA5

512

Computer:

512

Event ID:

512

User:

512

Description:

Locating Events
archiving the security log

Event Log Settings

Change Settings for

Log

OK

Security

Cancel

Maximum Log Size:

Kilobytes (64K Increments)

512

512

Default

Event Log Wrapping

Help

Overwrite Events as Needed

Overwrite Events Older than

7

Days

512

Do Not Overwrite Events (Clear Log Manually)

Archiving the Security Log
  • Track Trends
    • Determine resource use for planning purposes
    • Detect unauthorized use of resources
best practices28

Define an Audit Policy that Is Useful, But Manageable

Audit the Everyone Group Instead of the Users Group

Set Up a Schedule for Viewing Audit Logs

Archive Audit Logs Regularly to Track Trends

Best Practices
conclusion

Conclusion

1. Proper File System Security - NTFS and shared folders

2. Implement audit policies where needed

3. Other Security Tasks

a. Install Service Packs & hot fixes www.microsoft.com/windowsnt

b. Keep anti-virus updates current

c. Run regular backups

d. Monitor e-mail and internet access