In-Reply-To: <[EMAIL PROTECTED]>
Depending on how your OS has been setup, it may allow access to the file via anonymous logon (NULL session). It may be better to set it for a particular users, or config your local security sessions to prevent NULL sessions. hope that helps. oz >Received: (qmail 32687 invoked from network); 10 Jun 2003 15:12:30 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 10 Jun 2003 15:12:30 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id E17AE8F283; Tue, 10 Jun 2003 09:12:58 -0600 (MDT) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 6072 invoked by uid 0); 10 Jun 2003 04:18:31 -0000 >X-Originating-IP: [213.8.110.116] >X-Originating-Email: [EMAIL PROTECTED] >From: "Lan Guy" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, > "'Security-Basics'" <[EMAIL PROTECTED]> >References: <[EMAIL PROTECTED]> >Subject: Re: Share Permissions >Date: Tue, 10 Jun 2003 09:20:02 +0300 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook Express 6.00.3790.0 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 >Message-ID: <[EMAIL PROTECTED]> >X-OriginalArrivalTime: 10 Jun 2003 06:20:17.0820 (UTC) FILETIME= [5CBE45C0:01C32F18] > >MS could rename the EVERYONE account to ANYONE to make it more clear. >DR >----- Original Message ----- >From: "David Gillett" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>; "'Security-Basics'" ><[EMAIL PROTECTED]> >Sent: Monday, June 09, 2003 9:29 PM >Subject: RE: Share Permissions > > >> > -----Original Message----- >> > From: Benjamin Meade [mailto:[EMAIL PROTECTED] >> > >> > Just wondering in Win2K server, when I share a folder, I set the share >> > permissions to full access for everybody, and then control access using >> > the file permissions. (Basically cos it cuts down on administration, and >> > I'm lazy.) Are there any security issues running this way, or is it much >> > of a muchness? >> >> First of all, I presume that by "file" permissions, you mean "NTFS >> permissions" -- which, of course, presumes that you're *using* NTFS. >> >> If all that's true, then you're probably okay. The remaining risk is >> that you may make shares visible and even mountable (even if all other >> access is denied) to people whom you might prefer not even know they >> exist. >> >> David Gillett >> >> >> >> ----------------------------------------------------------------------- --- >- >> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! >> The Gartner Group just put Neoteris in the top of its Magic Quadrant, >> while InStat has confirmed Neoteris as the leader in marketshare. >> >> Find out why, and see how you can get plug-n-play secure remote access in >> about an hour, with no client, server changes, or ongoing maintenance. >> >> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm >> ----------------------------------------------------------------------- --- >-- >> >> > > >------------------------------------------------------------------------- -- >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! >The Gartner Group just put Neoteris in the top of its Magic Quadrant, >while InStat has confirmed Neoteris as the leader in marketshare. > >Find out why, and see how you can get plug-n-play secure remote access in >about an hour, with no client, server changes, or ongoing maintenance. > >Visit us at: http://www.neoteris.com/promos/sf-6-9.htm >------------------------------------------------------------------------- --- > > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
