There are two basic approaches that can be taken when it comes to network and operating system security, and they are based on two very different philosophies. Neither is “right” or “wrong” – the one that is best for a given computer or network depends on the circumstances, needs and priorities of the organization or individual user. Most importantly, the choice is dependent on which is more important in a given situation: access or control:
- Access as top priority: In this case, the choice would be an open-by-default system, in which security measures are implemented on an as-needed basis. You start with everything accessible, then determine what shouldn’t be accessed and lock down those elements.
- Control (Security) as top priority: In this case, a better choice is a closed-by-default system, based on the principle of least privilege. You start with everything locked down and then open up only that which is necessary.
The two will always be at opposite ends of the security continuum. The more control you have over the network or OS, and the more tightly you secure it from the hazards of computing in an interconnected world (including intruders, attackers, viruses and other malware), the less accessible it will be. On the other hand, the easier you make it for employees, customers, partners and others to access resources, the less controlled and secure it will be. This tradeoff is inevitable, so the first step in developing a security plan is determine which is the greater priority and where on the continuum your needs fall. The ideal system would be completely user-friendly to those who authorized and absolutely impenetrable by anyone else, but such a system doesn’t – and can’t – exist.
In the past, Microsoft’s operating systems have been based on the premise that access was the priority, and in the past, for most organizations, this was true. If users couldn’t access the resources they needed, productivity (and money) was lost. Ten years ago, the risk of intrusion or attack was outweighed by the need for easy access. But times have changed, the virtual streets have gotten meaner, and the prevalence and increased sophistication of hackers and virus writers has raised the stakes. Now, for most organizations, security is the top priority. Microsoft has responded to this in many ways, starting with their “trustworthy computing” initiative. One big change, very noticeable in Windows Server 2003, is the difference in default settings. In this two-part article, we’ll look at how the out-of-the-box server differs in its defaults from previous versions and how the new defaults make the OS more secure (while at the same time causing frustration for some admins and users who find themselves unable to gain access that was available without any reconfiguration in earlier operating systems). In Part 1, we’ll focus on how the default permissions have changed, changes to the membership of the Everyone group, and ownership of objects.
New Default Permissions Settings
MCSE candidates in the NT and 2000 tracks had it drilled into their heads, and many “OJT” (on the job trained) network admins learned it the hard way: by default, both share and NTFS permissions were wide open – the Everyone group had full control. That meant anyone could do anything to the folder or file: change it, delete it, even change the permissions on it. The first thing an experienced security-conscious admin did upon creating a share was to change that default.
Now, with Server 2003, things are a little more locked down. By default, the Everyone group has only Read and Execute permissions on the root of each drive. These permissions are not inherited by subfolders; the Everyone group has no permissions by default to a newly created folder or file.
