IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

If this access capability is not required, e.g. because the administrator is not<br />

supposed to be able to access local user data, the right ”Access to this<br />

computer from the network ” should be blocked for administrators via User<br />

Manager, under Guidelines - User Rights.<br />

By default, Windows NT assigns the "Full Access" share permission for the<br />

"Everyone" group every time a share is created. In particular for directories<br />

located on data media without the NTFS file system, this is unacceptable,<br />

because in this case apart from the share permissions there are no other means<br />

of assigning rights and hence of access control. <strong>The</strong> "Everyone" group<br />

therefore has to be removed from the access control list and replaced by the<br />

groups and if appropriate individual users who are intended to have access to<br />

the shared directory. Corresponding share permissions should then also be<br />

assigned.<br />

Even where directories are in fact located on NTFS data media, the<br />

"Everyone" group should be removed from the access control list in the event<br />

of a share being created. It would be conceivable in this case, however, to<br />

include the "User" group with assignment of the "Full Access" access right.<br />

<strong>The</strong> individual assignment of access rights to the directory or the files and<br />

subdirectories that it contains is then carried out at the level of NTFS<br />

permissions (see S 4.53).<br />

Additional controls:<br />

- Is there any documentation indicating which directories on which<br />

computers have been shared for network access?<br />

- Has the "Everyone" group in the shared directories located on data media<br />

without an NTFS file system been removed and replaced by the groups<br />

and, if appropriate, individual users who are allowed to access the relevant<br />

shared directory via the network?<br />

- Is the existing share profile adapted to changes in operational conditions?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!