Administrating Windows Security

At a basic level, the underlying operating system has its own security infrastructure. The system administrator can configure operating system security, and programmers can use various security objects to accomplish just about any desirable security goals. An administrator can configure security at the enterprise level, using Active Directory, or at the other extreme can simply configure security at the level of individual files using NTFS (New Technology File System) and EFS (Encrypted File System). ^[8] At a more mundane level, an administrator can also create new user accounts and groups and set passwords on the local machine or the domain.

^[8] NTFS supports file and directory access security within the confines of the host operating system. However, NTFS by itself provides no real protection if there is no physical security (such as a locked room). This is because an attacker may access the disk in nefarious ways, such as by booting from a floppy. Even if floppy boot is password protected, an attacker may physically remove the disk and perform offsite analysis. This NTFS weakness exists because there are file system drivers such as NTFSDOS that understand NTFS disk structure but ignore NTFS access security. The EFS device driver solves this problem, because it actually encrypts the data, using a combination of RSA and DESX (a fortified version of DES). EFS therefore solves the problem of file system security without physical security, which is very useful, especially for laptops!

Defining Users and Roles on Windows

You can easily define new users and groups on Windows. Each user or group established by an administrator corresponds to one user or role from the perspective of the security programmer. To define a user or group , you can use the Computer Management ^[9] MMC snap-in. To add a new user, under Local users and groups, select the Users node, and select the Action New User menu item. To add a new group, select the Groups node instead, and select the Action New Group menu item. The resulting New User and New Group dialog boxes appear as shown in Figures 7-2 and 7-3.

^[9] To do this, click Start Programs Administrative Tools Computer Management.

Defining Shared Folder Permissions on Windows

An administrator can also establish what individual users and members of specific groups are permitted to do with various operating system resources. For example, an administrator can control who can do what with the folders and files on storage media.

For example, you can set shared folder permissions, which apply to all files and subfolders in a specified shared folder. Figure 7-4 shows how to do this on a shared folder named MyCodeExamples . To do this using Windows Explorer, right-click the folder that you wish to share and select the Sharing menu item. Select the Sharing tab, and select the Share this folder radio button. Click on the Permissions button, and in the resulting Permissions dialog box, you can add or remove users and groups, and allow or deny the desired shared folder permissions. Note that the effect of this is quite limited, since shared folder permissions are effective only when the folder is accessed via the network. If you log on as a different user on the local machine, your access rights to the shared folder are completely unaffected by any shared folder permissions that may have been established.

Defining NTFS Security on Windows

As was just pointed out in the previous section, shared folder permissions are effective only when the folder is accessed via the network (or locally if you use the UNC name ). Therefore, shared folder permissions provide no protection on local folders accessible to the user logged onto the local machine. In order to protect folders on the local computer, you must use NTFS permissions, which of course requires that you have set up an NTFS disk partition on your disk. There are several ways to establish an NTFS file system. For example, you may choose NTFS when you originally install Windows, or you may use the Convert.exe utility to convert an existing FAT drive to NTFS. To be safe, please read the documentation carefully to choose the best approach for your circumstances, and make sure that you understand the consequences of any such procedure before attempting it on a disk that contains important data.

ESTABLISHING NTFS FOLDER PERMISSIONS

Here are the steps for establishing NTFS permissions on a folder. First, you right-click on the folder in Windows Explorer and select the Security tab on the Folder Properties dialog box that appears. If you are using some disk format other than NTFS, this Security table will not appear. Figure 7-5 shows this being done with a folder named EncryptedFiles . The name of the folder in this example is purely arbitrary, and it is certainly not necessary that the folder must be encrypted for NTFS permissions to be established. Note that the Security tab on the Folder Properties dialog box allows you to allow or deny various permissions for each user or group that you have in the Name list. The Add button allows you to add users and groups to the Name list, and the Remove button allows you to remove them. The Permissions list that you can choose from includes such items as Modify, Read, Write, and so on. The Advanced button provides access to additional permissions that can be allowed or denied , including Create and Delete permissions.

ENCRYPT AN NTFS FOLDER

Although it is purely optional, you can indeed encrypt any folder if you are using NTFS. To do this, click the Advanced button on the General tab of the Folder Properties dialog box. This brings up the Advanced Attributes dialog box shown in Figure 7-6. This dialog box allows you to encrypt the folder and its contents using the Encrypted File System driver. All you have to do is check the Encrypt contents to secure the data check box, and then click OK. By doing this, you do not have to worry about divulging the information in the folder, even if someone is able to somehow obtain a physical copy of the folder contents. Without the cryptographic key, the contents are unintelligible.