Re: drive and %systemfolder%
From: Steven L Umbach (n9rou_at_N0sPaM-comcast.net)
Date: 11/23/04
- Next message: Steven L Umbach: "Re: user certificate request - cannot find CA authority!"
- Previous message: Ian Zahn: "Security Settings revert back after setting them"
- In reply to: KJ: "Re: drive and %systemfolder%"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Nov 2004 01:10:45 GMT
Do you mean that it was hacked with a rouge ftp server installed on it??
That can happen if a user with administrator credentials opened a file,
email attachment, or Internet Explorer malicious download [be careful what
you say OK to and only use red X in upper left hand corner of unwanted pop
up boxes to exit them] that had malware on it and installed the malware. If
weak or no passwords are used the malware may have run a short password
attack against the administrator account. Other infected or hacked computers
on the network could also have been the culprit bypassing the permimiter
firewall. If computers are not kept patched with critical updates an attack
from inside or outside may be able to exploit weakness of the operating
system without administrator access by gaining system access. -- Steve
"KJ" <KJ@discussions.microsoft.com> wrote in message
news:50205FC7-A5F2-4C03-9A12-48D181929345@microsoft.com...
> I have 2000 file server with settings as you say except for C: drive
itself
> yet ftp server had got loaded on it. How is this possible through ports
that
> are in 50000 range or 1024? Can the antivirus server on it be the culprit?
>
> "Steven L Umbach" wrote:
>
> > No they should not have full access. At best they should have
> > read/list/execute for the root and system folder. You may be able to
remove
> > them as long as users group has the needed permissions and no legacy
> > applications or downlevel clients [W9X/NT4.0] require the use of
everyone
> > permissions . The NSA security guide suggests removing them and using
> > authenticated users in place of everyone and users. If you remove
everyone
> > you may have to give users from trusted domains explicit access FYI to
ACL
> > and user rights such as logon locally or access this computer from the
> > network. Do NOT however give everyone group deny permissions. The link
below
> > is for several security guides that should be of help. By default XP Pro
and
> > W2003 Server have fairly secure ntfs permissions/user rights if you want
to
> > check one of those operating systems as a guideline. --- Steve
> >
> >
> > "KJ" <KJ@discussions.microsoft.com> wrote in message
> > news:5C69C178-58BF-4761-8A3B-99E067BCA642@microsoft.com...
> > > What are best permissions to use on file server? Should everyone have
full
> > > access to C: drive? Should evereyone be removed from default anywhere
on
> > > sytem folder? Will Group Policy and Terminal Services work if you
remove
> > > them? How do you lock yours down?
> >
> >
> >
- Next message: Steven L Umbach: "Re: user certificate request - cannot find CA authority!"
- Previous message: Ian Zahn: "Security Settings revert back after setting them"
- In reply to: KJ: "Re: drive and %systemfolder%"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
