Re: Share Permissions vs NTFS Permissions


"Pegasus" <I.can@xxxxxxx> wrote in message
news:eGVHXKRsHHA.1408@xxxxxxxxxxxxxxxxxxxxxxx


NTFS permissions are sufficiently powerful to keep out
unauthorised users. I'd be interested to hear why you are
so strongly in favour of a belt-and-braces approach.

I already gave you the why -- re-read the message.

I was hoping for a little more substance. When I apply
permissions then I check them, same as I check all my
other work. If I detect a mistake then I prefer to correct
it instead of adding a second security layer which offers
far less flexibility or granularity than ACLs.

Security principle: Never grant more security privileges than
necessary, even with the INTENT to restrict them later.

Always grant the minimum privileges at each opportunity.

Alwasy grant privileges to ONLY those who specifically need
them.

You may in fact get the NTFS perfect -- but the fact that you
have to check them (and you should) implies you COULD be
wrong. Don't take such chances unnecessarily and don't recommend
that others (who may not be as careful as you) do so as a GENERAL
rule.

Recommend the tightest possible (practical) settings, with privileges
being granted as EXCEPTIONS whenever possible.

This is the way good security works more reliably.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


.

Relevant Pages

  • Re: Share Permissions vs NTFS Permissions
    ... Security principle: Never grant more security privileges than ... Always grant the minimum privileges at each opportunity. ... Recommend the tightest possible settings, ...
    (microsoft.public.windows.server.general)
  • Re: Share Permissions vs NTFS Permissions
    ... Security principle: Never grant more security privileges than ... Always grant the minimum privileges at each opportunity. ... Recommend the tightest possible settings, ...
    (microsoft.public.windows.server.general)
  • Re: APACHE$PRIVILEDGED
    ... The primary security on OpenVMS and on most other multi-processing operating systems is implemented via the memory management system and via what VAX calls the change-mode routines, via the Alpha SRM PALcode change-mode equivalent, or via what the IA-32 and IA-32e architectures refer to as the call gate. ... With OpenVMS constructs including device drivers )and user-written system services (UWSS; also known as privileged shareable images), these constructs operate in inner processor modes. ... One of the more hazardous situations for system security is a mixed environment; where there are resources shared between trusted and untrusted environments. ... Not only will the operation that requires privileges now be permitted, but other and potentially unintended operations can also be permitted. ...
    (comp.os.vms)
  • [UNIX] Bugzilla Multiple Vulnerabilities (SQL Injections, Privileges Escalation, Information Leak)
    ... Get your security news from a reliable source. ... user may retain privileges that should have been removed, ... Reference: ... secure bug, you can access the summary of that bug even if you do not have ...
    (Securiteam)
  • Re: Happy 10 years of continuous virus free computing on OpenVMS alpha 7.1
    ... OpenVMS provides an inherent security advantage over all the other ... advantage of OpenVMS brings it much closer to such a goal than any OS ... attaining higher mode privileges or services for which a process was ... currently used University-level texts on OS Design. ...
    (comp.os.vms)
Loading