Ten Practical Security Steps
Access Permissions
4. Take full advantage file system access permissions and user groups
to limit access to resources on a need to use only basis.
Some systems come by default allowing ordinary users access to nearly
everything. Most place some restrictions on what users have access
to. All are too liberal on what ordinary users have access to.
Frequently users are prevented from updating key system components but
except for the most sensitive files, users on most systems with
default installs are allowed to see all kinds of things, including
most of the system configuration information which they have
absolutely no reason for needing access to.
Files that are run at startup or from the system scheduler (as the
system or administrator) should never be writeable by anyone
but the administrative user or root. It's preferable that these not be
readable or executable by anyone but the adminstrative user or those
authorized to use the adminstrative password.
Scripts on any system that are likely to be run by root or the
administrator should never be writeable by anyone but root or the
administrator. When executed by root or an administrator, scripts and
all programs or scripts run from it, run with full privileges. Any
user who can write to these files, can have anything they want run
with full privileges by simply adding a line. This is probably the
easiest way for a non privileged user to gain administrative
privileges as it requires almost no technical skills and no operating
system bug. It only requires a little carelessness by an
administrator. Startup files are guaranteed to be run sooner or later
and scheduled jobs can be counted on but anything run by the
administrative user will do; it's only less predictable when the
damage will be done.
On all systems there is no reason for compiled executables to be
writeable by anyone after they are installed. Locally developed and
modified scripts will need to writeable by administrative user; if
they are never run at startup, via the system scheduler or by root
they may be writeable by development staff.
Files or directories that are world writeable are highly suspect on
any system. On UNIX
find / -perm 002 -exec ls -l {} \;
will identify any world writeable files and directories. It should
not be necessary to pipe this to less as there should be no output.
Windows NT Workstation defaults new disk partitions to full control
(which includes write and access control) to the group Everyone which
is the worst possible setting. I've read that this is not true of NT
Server though my recollections are that it is true. Even if NT
Server's default directory permissions are not as open as Workstation,
they are far too permissive. The group Everyone automatically
includes all users. Everyone should be severely restricted in what it
can access. Nothing may be the best setting or read and execute only
on \Winnt\system32 may be appropriate. Creating your own "All Users"
or similar group to which you may add users and from which you may
remove any user, will give you much greater control over permissions
that are to be granted almost universally.
Since NT normally allows access to subdirectories even though the user
does not have access to parent directories, the root of NT's NTFS
partitions should be restricted to System, Administrators and Backup
Operators. Permissions in all top level directories should be
reexamined and tightened as much as practical. Newly created
directories, which inherit settings from their parent directory as
their default, should be opened only to the extent necessary for them
to fulfill their purpose.
NT's access permissions are much more complex than UNIX. The
graphical tools for controlling NT access permissions are like a
sledge hammer allowing control over only the current directory or
changing everything in all subdirectories if anything is to be changed
in all subdirectories. NT administrators must learn to use the command
line CACLS, which allows individual permissions to be added or removed
in the current directory or subdirectories without changing other
settings, if they want secure and useable systems.
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|