Previous | Table of Contents | Next |
Why not simply itemize all of the permission interpretations and allow users to individually grant or deny these? The NT and UNIX designers alike were making a tradeoff for simplicity over granularity. Rather than explicitly creating a permission for more than a dozen different access rights, grouping and overloading were allowed to simplify the administrators task.
You also can assign the permission Special Access for a file that gives the designated user the ability to explicitly specify individual special permissions (R, W, X, D, and P) for the object.
The Windows NT interface for viewing or changing permissions can be confusing to read. When you view the permissions for an object, the permissions are itemized for each subject (user or group). Each line in the lower portion of the display shows the subject and the access permissions. The access permissions include the standard permission name and two sets of special permissions. The first set itemizes special permissions allowed on subfolders (subdirectories), and the second set lists the special permissions for files within the current folder. These sets are not always equal as Tables 3.4 and 3.5 show.
A user can gain access either through permissions granted individually to the user or with permissions defined for any groups to which the user belongs. Access permissions are interpreted with the least privilege principle. Any expressly denied permission overrides any granted permissions. For example, if a user belongs to a group that has read access, but the user is explicitly entered in an ACE with No Access, the user will not be allowed to access the object. No Access overrides any other permissions.
You should know that access control can be specified for other objects in the NT environment including printers. Not all of the access control options identified are available for all objects, however.
NT Registry Permissions
The NT Registry is the main repository for storing system configuration information. As applications are added to the system, additional Registry entries are created. It is safe to say that the Registry is mysterious to even experienced systems administrators. Microsoft has responded to some security advisories by creating new Registry entries or by recommending changes to default values stored in the Registry.
Because the Registry is so critical to the operation of NT itself, a set of access control permissions is defined for Registry entries. Each entry in the Registry consists of a key and a value. Technically, the value can be a complex expression such as a string of characters. Entries are arranged hierarchically, much like a file system. Unfortunately, many parts of the Registry must be readable by all users. Not all users should be allowed to change Registry entries. Just as the NTFS supports standard and special permissions, the Registry has three standard access permissions and 10 special access permissions. Table 3.6 summarizes the standard Registry permissions, and Table 3.7 describes the special permissions.
Permission | Interpretation | |
---|---|---|
Full Control | Edit, create, delete, or take ownership of Registry entries | |
Read | Read any key value | |
Special Access | Any combination of the 10 special permissions | |
Permission | Interpretation | |
---|---|---|
Query Value | Read a value for a key or subkey | |
Create Subkey | Set the value of a subkey | |
Enumerate Subkeys | List all subkeys within a key or subkey | |
Notify | Receive notifications generated by this key or subkey | |
Create Link | Create symbolic links to subkeys | |
Delete | Delete keys or subkeys | |
Write DAC | Modify the DAC for this key | |
Write Owner | Take ownership of key or subkey | |
Read Control | Read security information for a subkey | |
Just as file access permissions are set by default for NT, Registry permissions are also configured when NT is installed.
Postings in cyberspace as well as recent books have detailed some of the attacks and recommended configurations for NT systems (Sheldon, 1997; Anonymous, 1997; Klander, 1997). Chapter 10, Intrusion Detection for NT, is devoted exclusively to describing what can go wrong on NT systems and why intrusion detection is needed despite NTs C2 rating. The literature on problems with UNIX systems is immense, with Garfinkel and Spafford (1996) on most recommended reading lists.
In Part 2 of this book, some specific hack attacks will be detailed. For the purposes of this chapter, it is sufficient to state that access control problems can be narrowed down to one of two cases:
Previous | Table of Contents | Next |