Re: Permissions scanner

From: Chris Berry (compjma@hotmail.com)
Date: 02/24/03

  • Next message: Gene Yoo: "Re: HIPAA certs"
    From: "Chris Berry" <compjma@hotmail.com>
    To: security-basics@securityfocus.com
    Date: Mon, 24 Feb 2003 14:33:00 -0800
    
    

    >From: Di Fresco Marco <superdif@caltanet.it>
    >Here it is my situation: computer with WinXP Pro. and a cable modem; I have
    >4 account (+1 for "Guest" but it is off, +1 one I can not delete):
    >Administrator (that I use for configurations), my account (for daily use)
    >and 2 account for both my parents (other than web surfing, they do not need
    >to do anything else).
    >
    >Now, during the time (almost 2 month since I installed WinXP), I have made
    >some changes on the permissions (of the files, directory, some key of the
    >registry, etc.); unfortunately I have done one of the most common mistake
    >for an home user: I have not either plan the installation of WinXP and/or
    >the modification of the permissions. So now I am starting to worry to have
    >given to much permissions over some critical file (and so, become more
    >vulnerable to attack, especially since I have cable modem and so I am
    >available on-line for more time) while in some other place I left a strong
    >restriction even if I can give more permissions without worry about
    >security.
    >
    >So my question is: is there some freeware scanner that, after I have
    >associated each account with a sort of profile (like "Configuration",
    >"Daily
    >use", etc.), it scan the system (and the perimission related to each file)
    >and give me a report of the status of the permissions?
    >
    >Since I am asking for a freeware, it will be enough if the program just
    >give
    >me a report and eventually I do the changes manually (of course if there is
    >a freeware that also apply the modifications, it will be better). A
    >shareware may be ok if it gives for free the possibility to get at least
    >the
    >report (and give the possibility to apply the modifications in the
    >commercial version).

    There are a number of ways to do what you're talking about, but I don't
    think that's necessarily the correct approach to solving what you're worried
    about. There are two kinds of permissions on a microsoft system (assuming
    that you're running NTFS which XP normally does) share permissions and
    Access Control Lists. You should check your drive and make sure that any of
    your shares (folders with the little hand under them) are not set to
    everyone (the default), I usually use authenticated users or something like
    that but if you're really paranoid you could add each of your four accounts
    by name. ACLs on the other hand aren't really for protecting you from
    outsiders, they're more about protecting you from authorized users. For
    example you may not wish to give everyone who uses your machine access to
    your mp3 files, in case they might accidentally delete one.
        As you have an always on internet connection, the main three things you
    should do as a home user to protect your system are: 1) Install a firewall
    (zonealarm is free, there are lots of others that would work just fine as
    well) 2) Install and keep updated an anti-virus program. My personal
    favorite is norton corporate, its packed with features, but if you're on a
    limited budget you can get AVG for free. 3) Download and install all
    microsoft updates.
        There are lots of other things you can do to secure your computer, but
    just by doing these three you'll eliminate 95% of all trouble you'll
    probably experience as a home user.

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "Linux and I have a love/hate relationship. I hate its complexity until I
    figure out how something works, then I love its power."

    _________________________________________________________________
    Tired of spam? Get advanced junk mail protection with MSN 8.
    http://join.msn.com/?page=features/junkmail



    Relevant Pages

    • SP2 - Access Denied error when installing software
      ... we'll repair Windows and then install SP2. ... > Okay here's what I've found in the registry looking at the permissions in the ... So I added my account and "Users " groups. ... > By the way I did all this from safe mode under the "Administrator" account. ...
      (microsoft.public.games)
    • Re: SP2 - Access Denied error when installing software
      ... players chat onto the screen as well as all the game text. ... > to be able to run it I must install MSXML 4.0 and after then it work right! ... > I follow the five steps to create one administrative account and limit ... >>> Okay here's what I've found in the registry looking at the permissions in the ...
      (microsoft.public.games)
    • Re: 2000 Pro - Updates Download but wont install
      ... > Thanks for your help Robert - If I install FileMon - What exactly should I be ... the file is still downloaded but again just wont install. ... >> As others were trying to show you your problem has to do with permissions. ... FileMon would show you which account was involved, ...
      (microsoft.public.windowsupdate)
    • Re: 2000 Pro - Updates Download but wont install
      ... Thanks for your help Robert - If I install FileMon - What exactly should I be ... > As others were trying to show you your problem has to do with permissions. ... FileMon would show you which account was involved, ...
      (microsoft.public.windowsupdate)
    • Re: Printer installation rights.....Please
      ... > account in Start\Run\services.msc\Plug and Play, and go to Plug and Play ... > properties\Start Session\select this account and add the user and password ... > install the printer. ... > windows that the permissions are again the same as you had previously ...
      (microsoft.public.windowsxp.security_admin)