NT File System Security

1
NT File System Security Auditing

• Issues concerning NTFS and shared folders
• Implementing Audit Policies
• Guidelines
• Best Practices

2
Securing Network Resources with Share
Permissions

• Introduction to Shared Folders
• Sharing Folders
• Guidelines for Assigning Permissions
• Best Practices

3

• Introduction to Shared Folders

• Shared Folders Give Users Centralized Access to
  Network Files
• A Folder Must Be Shared Before a User Can Connect
  to It
• Permission to Use a Shared Folder Is Assigned to
  Users and Groups

4
Sharing Folders

• Requirements for Sharing a Folder

• Using the Administrative Shares

5
Sharing a Folder
Required
6
Shared Folder Permissions
FullControl
Change
Read
No Access
7
Assigning Share Permissions
8
Guidelines for Assigning Permissions
9
Best Practices
10
Securing Network Resources with NTFS Permissions

• Introduction to NTFS Permissions
• Assigning NTFS Permissions
• Guidelines for Assigning NTFS Permissions
• Best Practices

11
Introduction to NTFS Permissions
NTFS Volume

• Available Only on NTFS Volumes
• Secure Folders and Files
• Effective When a User Accesses the Resource
• Locally
• Remotely

Server
User1
12
NTFS Permissions

• Read (R)
• Write (W)
• Execute (X)
• Delete (D)
• Change Permission (P)
• Take Ownership (O)

13
Standard Permissions

• Are a Combination of Individual NTFS Permissions
• Give You the Ability to Assign Multiple NTFS
  Permissions at One Time

14
Assigning NTFS Permissions

• Requirements to Assign NTFS Permissions
• Owner
• Full Control
• Special Access Change Permission or Take
  Ownership
• Default NTFS Permissions
• The Everyone group is automatically assigned Full
  Control
• New files inherit the permissions of the folder
  where they are created

15
Assigning NTFS File and Folder Permissions
16
Guidelines for Assigning NTFS Permissions
17
Best Practices
18
Auditing Resources and Events

• Introduction to Auditing
• Planning an Audit Policy
• Implementing an Audit Policy
• Using Event Viewer to View the Security Log
• Best Practices

19
Introduction to Auditing

• Track the Success or Failure of Events Within a
  Domain
• Identify Unauthorized Use of Resources
• View Security Logs in Event Viewer
• Archive Logs to Track Trends

20
Planning an Audit Policy
21
Implementing an Audit Policy

• An Audit Policy Is Set on a Computer-by-Computer
  Basis
• Auditing Requirements
• Only Administrators can set up auditing
• Server Operators can view and archive logs
• Files and directories must be on NTFS volumes
  only
• Auditing Process
• Set the auditing policy
• Specify the events to audit for files,
  directories, and printers

22
Defining the Domain Audit Policy
23
Auditing Files and Directories
24
Auditing a Printer
25
Using Event Viewer
26
Viewing Security Logs
27
Locating Events
28
Archiving the Security Log

• Track Trends
• Determine resource use for planning purposes
• Detect unauthorized use of resources

29
Best Practices
30
Conclusion

• 1. Proper File System Security - NTFS and shared
  folders
• 2. Implement audit policies where needed
• 3. Other Security Tasks
• a. Install Service Packs hot fixes
  www.microsoft.com/windowsnt
• b. Keep anti-virus updates current
• c. Run regular backups
• d. Monitor e-mail and internet access