CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [128]
Microsoft strongly recommends that all network shares be established using NTFS.
Novell NetWare Storage Services Novell, like Microsoft, implemented a proprietary file structure. Novell’s is called NetWare File System. This system allows complete control of every file resource on a NetWare server. The NetWare File System was upgraded to NetWare Storage Service (NSS) in version 6. NSS provides higher performance and larger file storage capacities than the NetWare File System. NSS, like its predecessor, uses the NDS or eDirectory to provide authentication for all access.
Unix Filesystem The Unix filesystem is a completely hierarchical filesystem. Each file, filesystem, and subdirectory has complete granularity of access control. The three primary attributes in a Unix file or directory are Read, Write, and Execute. The ability to individually create these capabilities, as well as to establish inheritance to subdirectories, gives Unix the highest level of security available for commercial systems. The major difficulty with Unix is that establishing these access-control hierarchies can be time consuming when the system is initially configured. Figure 5.4 illustrates this hierarchical file structure. Most current operating systems have embraced this method of file organization.
FIGURE 5.4 Hierarchical file structure used in Unix and other operating systems
Unix Network Filesystems Network File System (NFS) is a Unix protocol that allows systems to mount filesystems from remote locations. This ability allows a client system to view the server or remote desktop storage as a part of the local client. NFS, while functional, is difficult to secure. The discussion of this protocol is beyond the scope of this book; the major issue lies in Unix’s inherent trust of authentication processes. NFS was originally implemented by Sun Microsystems, and it has become a standard protocol in Unix environments.
Don’t confuse NetWare File System with Network File System; they’re two entirely different technologies.
Apple File Sharing Apple File Sharing (AFS) was intended to provide simple networking for Apple Macintosh systems. This system used a proprietary network protocol called AppleTalk. An AppleTalk network isn’t routed through the Internet and isn’t considered secure. AFS allows the file owner to establish password and access privileges. This process is similar to the Unix filesystem. OS X, the newest version of the Macintosh operating system, has more fully implemented a filesystem that is based on the Unix model. In general, Apple networking is considered as secure as the other implementations discussed in the section. The major weakness of the operating system involves physical control of the systems.
Each of these filesystem implementations requires careful consideration when you’re implementing it in a network. You must evaluate their individual capabilities, limitations, and vulnerabilities when you’re choosing which protocols or systems to implement.
Most OS providers support multiple protocols and methods. Turn off any protocols that aren’t needed because each protocol or filesystem running on a workstation or server increases your vulnerability and exposure to attack, data loss, or DoS attacks.
If at all possible, don’t share the root directories of a disk drive. Doing so allows access to system files, passwords, and other sensitive information. Establish shares off hard drives that don’t contain system files.
Windows systems often have hidden administrative shares with names that end with a dollar sign character (C$, admin$, etc.). These are created for use in managing the computer on the network, and can only be permanently disabled through Registry edits. You can temporarily disable them with the Computer Management console, but they will return on reboot. For the purpose of this exam, simply know they exist and are needed for full network