Tuesday, 22 March 2011

Security

20:45    No comments


 Security

 Physical Security

The most basic and important security measure for any operating system is regulating who has physical access to the machine. Software exists to read NTFS data if the drive is connected to a non-NT system (Linux or MS-DOS). It is also possible to reset the built-in administrator's password with a boot floppy.  Because data and passwords can be extracted from media, System Repair Disks and Backup Tapes should also be highly guarded.
A limited access, climate-controlled, locked room is an ideal environment for the server. A locked CPU cabinet is another viable option. If either of these can’t be obtained, a locked computer chassis should be used. The system BIOS should be secured to disable booting from floppy or CD-ROM drives and the BIOS password should be enabled.
The server should be protected from power surges and short outages with a UPS device.

4.2 Registry Security

Windows 2000 registry permissions are secure by default. Normal users do not have permission to change any registry settings.

4.3 File/Share Access permissions

The standard permissions on files and shares are secure in Windows 2000 and they do not allow a standard user to make changes to system files
Windows 2000 uses a concept of inherited permissions instead of explicitly changing the Access Control List (ACL) of each Directory/File to propagate a security change.  In the Graphical User Interface (GUI), an ACL inherited from a parent is shown grayed out. You cannot remove them without blocking ACL inheritance. Be especially careful of this when setting permissions at a drive root.
When creating a share, you can just leave default permission of "Everyone" "Full Control". In general, disk ACLs are secure and the combined restrictions apply.  It is still recommended that you first verify this setting on your system.
 “Authenticated Users” is a built-in group that contains all user accounts. This does not contain anonymous connections, as the “Everyone” group does. For better file protection, use "Authenticated Users" instead of "Everyone

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)