Transcript NT File System Security & Auditing

 NT File System Security &
Auditing

Issues concerning NTFS and shared folders

Implementing Audit Policies

Guidelines

Best Practices
 Securing Network Resources
with Share Permissions

Introduction to Shared Folders

Sharing Folders

Guidelines for Assigning Permissions

Best Practices
 Introduction to Shared Folders
Shared Folders
Data
Users
User1
User2
User3
User4
Server
• Shared Folders Give Users Centralized Access to
Network Files
• A Folder Must Be Shared Before a User Can Connect
to It
• Permission to Use a Shared Folder Is Assigned to Users
and Groups
 Sharing Folders

Requirements for Sharing a Folder
Group
Operating System Requirements
Administrators
Any computer running Windows NT
Server Operators
Windows NT Server domain controllers only
Power Users
Windows NT Server member servers and computers
running Windows NT Workstation
•
Using the Administrative Shares
Share
Purpose
C$, D$, E$
The root of each volume is automatically shared
Admin$
The C:\Winnt folder is shared as Admin$
Sharing a Folder
(C:) Properties
General
Tools Sharing
Not Shared
Shared As:
Required
Share Name: Apps
Comment:
Application files
User Limit:
New Share...
Maximum Allowed
Allow
Users
Remove Share
Permissions...
OK
Cancel
Apply
Shared Folder Permissions
Full
Control
Change
Read
No Access
Assigning Share Permissions
Access Through Share Permissions
Access Through Share:
Apps
Owner:
Name:
Users
Read
Administrators
Full Control
Add Users and Groups
Domains
List Names From:
Classroom1*
Names:
Account Operators
Members can administer domain user an
Administrators
Members can fully administer the comput
Backup Operators
Members can bypass file security to bac
Domain Admins
Designated administrators for the domain
Domain Admins
Designated administrators for the domain
Domain Guests
All domains guests
Everyone
All Users
Guests
Users granted guest access to the comp
Add
Type of Access: Read
Show Users
Members...
Add Names:
Classroom\Apps Group
OK
Cancel
Add...
Type of Access: Read
OK
Cancel
Help
Search...
Guidelines for Assigning Permissions
Determine Which Groups Need Access to a Resource
Assign Permissions to Groups Instead of Users
Assign the Most Restrictive Permissions
Remove Default Permissions for a New Shared Folder
 Best Practices
Organize Disk Resources to Simplify Administration
Store Data Separately from Operating Systems and Applications
Remove the Everyone Group from the Permissions List
Assign Permissions to Groups Rather Than Individual Users
Limit the Number of Users Who Can Connect to a Share
Create Shortcuts for Frequently Used Shared Folders
 Securing Network Resources
with NTFS Permissions
• Introduction to NTFS Permissions
• Assigning NTFS Permissions
• Guidelines for Assigning NTFS
Permissions
• Best Practices
 Introduction to NTFS
Permissions
• Available Only on
NTFS Volumes
• Secure Folders and
Files
• Effective When a User
Accesses the
Resource:
– Locally
– Remotely
NTFS Volume
C
Suggestions
User1
R
R
User2
R
User3
Server
User1
NTFS Permissions
•
•
•
•
•
•
Read (R)
Write (W)
Execute (X)
Delete (D)
Change Permission (P)
Take Ownership (O)
Standard Permissions
• Are a Combination of Individual NTFS
Permissions
• Give You the Ability to Assign Multiple NTFS
Permissions at One Time
Folder Permissions
File Permissions
No Access (None) (None)
No Access (None)
Read (RX) (RX)
Read (RX)
Change (RWXD) (RWXD)
Change (RWXD)
Add (WX) (Not Specified)
Full Control (All)
Add & Read (RWX) (RX)
List (RX) (Not Specified)
Full Control (All) (All)
 Assigning NTFS Permissions
• Requirements to Assign NTFS Permissions
– Owner
– Full Control
– Special Access: Change Permission or Take
Ownership
• Default NTFS Permissions
– The Everyone group is automatically assigned
Full Control
– New files inherit the permissions of the folder
where they are created
Assigning NTFS File and Folder
Permissions
Directory Permissions
Directory:
D:\Apps
Add Users and Groups
Owner: Administrators
List Names From:
Classroom1*
Names:
Replace Permissions on Existing Files
Account Operators Members can administer domain user an
Name:
Administrators
Members can fully administer the comput
Backup Operators Members can bypass file security to bac
Everyone
List (RX) Not Specified
Designated administrators of the domain
CREATOR OWNER
Full Control (All) (All) Domain Admins
All domains guests
Administrators
Full Control (All) (All) Domain Guests
Everyone
All Users
Server Operators
Change (RWXD) (RWXD)
Guests
Users granted guest access to the comp
SYSTEM
Full Control (All) (All)
Replace Permissions on Subdirectories
Type of Access:
OK
Cancel
Full Control
Add...
Add
Show Users
Members...
Remove Add Names:
Help
Classroom1\Apps Group
Type of Access:
Read
OK
Cancel
Help
Search...

Guidelines for Assigning NTFS
Permissions
Remove Full Control Permission from the Everyone Group
Assign Full Control Permission to the Administrators Group
Educate Users to Assign NTFS Permissions to Their Files
 Best Practices
Assign NTFS Permissions Before Sharing the Resource
Make Application Executable Files Read-Only for All Users
Assign permissions to groups rather than to individual users
Educate users to assign NTFS permissions to folders and files
Use NTFS permissions If the Resource Is Accessed Locally
 Auditing Resources and Events
•
•
•
•
Introduction to Auditing
Planning an Audit Policy
Implementing an Audit Policy
Using Event Viewer to View the Security
Log
• Best Practices
 Planning an Audit Policy
Determine the Events to Audit
Determine Whether to Audit the Success or Failure of an Event
Determine If You Need to Track Trends
 Implementing an Audit Policy
• An Audit Policy Is Set on a Computerby-Computer Basis
• Auditing Requirements
– Only Administrators can set up auditing
– Server Operators can view and archive logs
– Files and directories must be on NTFS
volumes only
• Auditing Process
– Set the auditing policy
– Specify the events to audit for files,
directories, and printers
Defining the Domain Audit Policy
Audit Policy
OK
Domain:
CLASSROOM1
Do Not Audit
Audit These Events:
Logon and Logoff
File and Object Access
Use of User Rights
User and Group Management
Security Policy Changes
Restart, Shutdown, and System
Process Tracking
Cancel
Success
Failure
Help
Auditing Files and Directories
Directory Auditing
OK
Directory:
D:\Data
Replace Auditing on Subdirectories
Cancel
Replace Auditing on Existing Files
Add...
Name:
Everyone
Remove
Help
Events to Audit
Success
Read
Write
Execute
Delete
Change Permissions
Take Ownership
Failure
Auditing a Printer
Printer Auditing
Printer:
OK
HP Color LaserJet PS
Cancel
Name:
Everyone
Add...
Remove
Help
Events to Audit
Success
Print
Full Control
Delete
Change Permissions
Take Ownership
Failure
 Using Event Viewer
Event Viewer
Log
User
View
Options
Help
Security
System
Application
Microsoft
Microsoft
Viewing Security Logs
Event Viewer - Security Log on \\STUDENT1
Log
Date
View
4/24/96
4/24/96
4/24/96
4/24/96
4/24/96
4/24/96
Options Help
Time
6:04:07 PM
6:04:07 PM
6:04:07 PM
6:01:41 PM
6:01:39 PM
6:01:39 PM
Source
Security
Security
Security
Security
Security
Security
Category
Event
Object Access
562
System Event
515
Privilege Use
577
Account Manage...578
Logon/Logoff
538
Detailed Tracking 593
Locating Events
Filter
View From
View Through
First Event
Last Event
Events On:
Events On:
512 4/24/96
512 4/24/96
512
6:00:10 PM
512
6:05:55 PM
Types
Information
Warning
Success Audit
OK
Cancel
Clear
FindHelp
Types
Information
Failure Audit
Warning
Error
Security
512
Category:
Logon/Logoff
512
User:
512
Computer:
512
Event ID:
512
Success Audit
Failure Audit
Cancel
Clear
Error
Source:
Find Next
Source:
Security
512
Category:
Policy
512 Change
Event ID:
609
512
Computer:
NTSA5
512
User:
512
Description:
512
Help
Direction
Up
Down
Archiving the Security Log
• Track Trends
– Determine resource use for planning
purposes
– Detect unauthorized use of resources
Event Log Settings
Change Settings for Security
OK
Log
Cancel
Maximum Log Size: 512
512
Kilobytes (64K Increments)
Event Log Wrapping
Help
Overwrite Events as Needed
Overwrite Events Older than 512
7
Default
Days
Do Not Overwrite Events (Clear Log Manually)
 Best Practices
Define an Audit Policy that Is Useful, But Manageable
Audit the Everyone Group Instead of the Users Group
Set Up a Schedule for Viewing Audit Logs
Archive Audit Logs Regularly to Track Trends
Conclusion
1. Proper File System Security - NTFS and
shared folders
2. Implement audit policies where needed
3. Other Security Tasks
a. Install Service Packs & hot fixes
www.microsoft.com/windowsnt
b. Keep anti-virus updates current
c. Run regular backups
d. Monitor e-mail and internet access