1 / 47

Securing File Resources

Securing File Resources. Securing Access to File Resources Securing Access to Print Resources Planning EFS Security. Securing Access to File Resources. Designing share security Planning NT file system (NTFS) security Combining share and NTFS security. Designing Share Security.

morley
Download Presentation

Securing File Resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing File Resources • Securing Access to File Resources • Securing Access to Print Resources • Planning EFS Security

  2. Securing Access to File Resources • Designing share security • Planning NT file system (NTFS) security • Combining share and NTFS security

  3. Designing Share Security

  4. Configuring Share Permissions • To enable shared folders, edit the Sharing tab of the folder properties. • The maximum number of allowed sessions can be limited. • To configure precise permission settings, click Permissions.

  5. Standard Share Permissions • Full Control • Change • Read

  6. Changes to Shares in Microsoft Windows 2000 • With down-level clients, if a logical drive letter is assigned to a file share, a fake root directory is established at the shared folder. • In Windows 2000, the default behavior allows the root directory to be established at the shared folder. • This provides additional security because the user cannot navigate to any folders above or at the same level in the folder hierarchy. • Down-level clients still require separate shares to be established for each user home directory.

  7. Making the Decision: Designing Secure Share Permissions • Remove Full Control permission from the Everyone group. • Assign share permissions to domain local groups, not to user accounts. • Assign the maximum permission that a security principal will require for the folder hierarchy below the shared folder.

  8. Applying the Decision: Designing Secure Share Permissions for Wide World Importers • Washington share: \\Washington\Applications • Users: Read • Administrators: Full Control • Dallas share: \\Dallas\Applications • Graphics Users: Change • Graphics Admins: Change • Administrators: Full Control

  9. Planning NTFS Security

  10. Changes in Windows 2000 NTFS File System • Encryption • Quotas • Permission inheritance

  11. Assessing NTFS Permissions • Define most permissions by using the predefined permissions. • Predefined NTFS permissions are compilations of several special permissions. • Security groups are included in each Access Control Entry (ACE) in the discretionary access control list (DACL). • The DACL contains one ACE for each level of access defined for an object.

  12. Folder Full Control Modify Read & Execute List Folder Contents Read Write File Full Control Modify Read & Execute Read Write Predefined NTFS Permissions

  13. Traverse Folder/Execute File List Folder/Read Data Read Attributes Read Extended Attributes Create Files/Write Data Create Folders/Append Data Write Attributes Write Extended Attributes Delete Subfolders And Files Delete Read Permissions Change Permissions Take Ownership Synchronize NTFS Special Permissions

  14. Making the Decision: Designing NTFS Permissions • Assign only the necessary permissions. • Create a custom domain local group for each type of access. • ACEs defined directly to an object are evaluated before any inherited ACEs • Within a group of explicit ACEs, access-denied ACEs are placed before access-allowed ACEs. • If there are multiple inherited ACEs, the ACEs are evaluated in the following order: from those closest to the object (first) to those farthest from the object (last). • Use security templates and Group Policy to standardize NTFS permissions.

  15. Applying the Decision: Washington Office NTFS Permission Design

  16. Applying the Decision: Dallas Office NTFS Permission Design

  17. Combining Share and NTFS Security

  18. Evaluating Effective Permissions

  19. Default Share Permissions • Full Control is assigned to the Everyone group by default. • Default share permissions should be modified if NTFS permissions are not monitored. • Full Control permission includes three additional abilities over the Modify permission. • Full Control permissions are restricted to network administrators. • An effective set of default permissions for a shared folder is • Administrators: Full Control • Users: Change • Change permissions allow users to create, read, delete, and modify any files in the share.

  20. Making the Decision: Combining Share and NTFS Permissions • Set share permissions at the highest level of permissions required for the tree below. • Use NTFS permissions to define precise access control. • Always use the NTFS file system for data. • Evaluate whether Full Control permission is appropriate.

  21. Applying the Decision: Combining Share and NTFS Permissions for Wide World Importers • Initial share and NTFS permissions • The Washington and Dallas shares and NTFS permissions do not assign excess permissions. • Share permissions could remain set at the default. • Default share permissions could result in excess permissions if any of the NTFS permissions are applied incorrectly.

  22. Applying the Decision: Combining Share and NTFS Permissions for Wide World Importers (Cont.) • Documenting initial permission assignments • All folders where permissions are assigned • Details on group membership • Rationale for each permission assignment

  23. Securing Access to Print Resources • Assessing printer security • Printer permissions • Physical security • Transmission security

  24. Designing Secure Access to Print Resources • Determine who is allowed to print to a particular printer. • Determine the security of data as it is transmitted to the printer. • Protect traffic to restricted printers, such as check printers. • Prevent users from printing sensitive or confidential material to public printers.

  25. Assessing Printer Security • Printer Permissions • Print • Manage Documents • Manage Printers • Physical Security • When printer output security is important • Put print devices in a secure location • Use security cards or biometric input to access the device

  26. Protecting Print Resources

  27. Making the Decision: Ensuring Printer Security • Restrict access to the printer to a specific group of users. • Delegate administration of a printer. • Prevent inspection of print jobs.

  28. Applying the Decision: Printer Security for Wide World Importers • Change the default share permissions to limit usage to the Graphics department. • Data transmissions to the film printer do not need to be protected.

  29. Planning EFS Security • Overview of the Encrypting File System (EFS) process • Designating an EFS recovery agent • Recovering encrypted files

  30. Planning EFS Security: Overview • EFS secures files that are stored locally. • EFS protects only the data stored on an NTFS partition. • EFS does not provide network transport security. • EFS planning should include a plan to restore data in the event that recovery keys are lost. • Poor EFS planning can result in the permanent loss of data.

  31. EFS Encryption Process • Knowing how the EFS process encrypts data helps to determine • Which user has encrypted a file by using EFS • Who can recover an EFS encrypted file • Users can enable the Encrypt Contents To Secure Data attribute for a file or folder. • Administrators can encrypt all contents of specific folders to ensure the security of confidential data.

  32. Encrypting EFS Data

  33. Decrypting EFS Data

  34. Designating an EFS Recovery Agent • If an EFS recovery agent is not defined, the EFS recovery attempts might fail. • Select the account that will be the EFS recovery agent. • Define the public/private key pair that will be used by the EFS process.

  35. The Initial EFS Recovery Agent • When the computer is not a domain member • The initial Administrator account is configured as the EFS recovery agent by default • The EFS Recovery certificate is a self-issued certificate created by the OS

  36. The Initial EFS Recovery Agent (Cont.) • When the computer is a domain member • The Default Domain policy configures the domain Administrator account as the EFS recovery agent • The public key for EFS encryption is the public key associated with the Administrator account of the first domain controller (DC) that was installed into the domain • This DC's former Security Account Management (SAM) database is used to initially populate the domain • The Administrator's EFS Recovery certificate is reconfigured as the EFS recovery agent in the Default Domain Policy

  37. Configuring a Custom EFS Recovery Agent • Define a new account as the EFS recovery agent. • The new EFS recovery agent account requires an EFS Recovery certificate but does not have to be a member of the domain Administrators group. • The certificate template is available from a Microsoft Windows 2000 Enterprise Certification Authority (CA). • Import the EFS Recovery certificate into the Default Domain Policy as the domain's Encrypted Data recovery agent. • The imported public key is used to encrypt the File Encryption Key stored in the Data Recovery Field (DRF). • Multiple EFS Recovery certificates can be imported into Group Policy to create multiple EFS recovery agents.

  38. Configuring an Empty Encrypted Data Recovery Agent • Prevent network EFS encryption by deleting all current EFS recovery agent certificates in the Encrypted Data Recovery Agent policy. • EFS encryption is not possible without defining Encrypted Data recovery agents. • An empty policy exists when no recovery agents are included in the Encrypted Data Recovery Agent policy. • The empty policy exists and is applied, but no values are assigned from it. • The creation of an empty policy ensures that local policy does not take precedence.

  39. Making the Decision: Planning EFS Recovery Agents • Ensure that all EFS encrypted files in a domain can be recovered. • Prevent EFS encryption from being used. • Prevent specific computers from using EFS encryption. • Restrict EFS encryption to specific users.

  40. Applying the Decision: Planning EFS Recovery Agents for Wide World Importers • Delete the default EFS recovery agent from the Default Domain Policy. • Remove all entries from the Default Domain Policy, but do not delete the policy. • Because no EFS recovery agent is defined, EFS encryption is disabled on the domain member computers.

  41. Deploying an EFS Recovery Solution • Create a new account that will perform the request for the EFS Recovery certificate. • Configure the permissions on the EFS Recovery certificate template to allow the new account to have Enroll permissions in Active Directory Sites And Services. • Request an EFS Recovery certificate when logged on as the new account.

  42. Deploying an EFS Recovery Solution (Cont.) • Export the key and the corresponding private key to a PKCS#12 file and store the file on removable media. • Store the PKCS#12 file in a secure location, such as a safe. • Import the public key into the Default Domain Policy in the Encrypted Data Recovery Agent Policy. • Delete the new account.

  43. Performing an EFS Recovery • Determine the private key that can perform the EFS recovery. • Import the private key into the certificate store of any user account. • The user account now holds the corresponding private key to the public key that was used to encrypt the File Encryption Key.

  44. Determining the Required Private Keys • Use the Efsinfo utility from the Microsoft Windows 2000 Server Resource Kit to determine which private key is required to decrypt an EFS encrypted file. • Efsinfo parameters • Efsinfo [/U] [/R] [/C] [/I] [Y] [/S:dir] [pathname […]]

  45. Making the Decision: Planning Recovery of Encrypted Files • Restrict the ability to recover encrypted files. • Restrict recovery to a specific workstation. • Allow more than one private key to perform EFS recovery. • Determine which users can decrypt a file. • Determine which recovery agents can decrypt a file.

  46. Applying the Decision: Recovering Encrypted Files for Wide World Importers • Files encrypted before the computers were rebuilt might still be recoverable. • Because Wide World Importers has not configured the EFS recovery agent, the default EFS recovery agent probably was previously configured. • If a roaming profile has not been implemented for the Administrator account, the private key for EFS recovery of this account might be able to decrypt the DRF and decrypt the encrypted data files.

  47. Chapter Summary • Designing share security • Planning NTFS security • Combining share and NTFS security • Assessing printer security • Overview of the EFS process • Designating an EFS recovery agent • Recovering encrypted files

More Related