aria's blog

XCACLS And Other Permissions Security Recovery Tools

You Have 50GB Of Data To Move Along With Permissions Security
—————————-
This article is about several tools that can save a Windows administrators you know what in the event of a large scale permissions security problem.

Here is a fictional scenario we can use to illustrate the use of the XCACLS tool. We need to move or copy 50GB worth of data that is comprised of several thousand directories containing hundreds of thousands of small files from one storage system to another. These systems happen to part of a Windows 2000 Domain and permissions are quite granular in definition. We start the replication of that data using a favorite replication or synchronization tool and walk away for the evening. When we return the next day, everything has copied and all looks well. That is until you try to access the data.

The Data Is Copied, But I Cannot Access It: Permissions Security Problem
————————————————–
What you did not know, until just now, is that the root directory of the drive that you copied the data to had the wrong permissions assigned to it. In addition, inheritance was configured such that any data that is placed on the drive is over written with the permissions of the root directory. In this case, it was an old account that no longer existed. Believe it or not, that can happen, and system administrators will know what I am talking about. Now you are left with trying to figure out what to do. Do I format the new drive, change the permissions and inheritance on the root directory so they are correct and start all over again? Do I make the changes on the root drive so they have the correct permissions and wait hours upon hours for the permissions to propagate? No, there is another, very fast way of resolving this issue with XCACLS or another tool called SUBINACL.
Baca lebih lanjut →

Many school classrooms primarily use computers and the �net to gather and save information. More and more colleges are offering entire learning environments via a web-based medium where no physical classroom is even necessary. Employers are also following suite and using the Internet as a mass communication tool for employers to interact electronically with one another with little cost. With this significant increase in the �net�s usefulness, there has come about stronger laws governing exactly what content is distributed.

One such very popular proxy (http://www.proxymy.com) has become notoriously popular for allowing students to access MySpace (a popular social networking website) from their school internet connection. Not only do proxies such as ProxyMy.com allow access to MySpace from school and colleges, but they are also almost necessary to use in the work environment. Employers are able to browse and track every single website their employees visits at work. An anonymous web based proxy can ensure privacy when surfing the web.

Access to otherwise filtered websites, and securing browsing privacy are two great benefits of a CGI based anonymizer proxy. Another great benefit, not to be overlooked, is also the security offered when browsing the net through a proxy. As great of an educational tool the internet has become, it is also a nefarious medium for advertisers to distribute all sorts of unwanted advertisement including: spam, pop ups, viruses, and predominantly spyware.

A CGI proxy allows anyone using it to block cookies that track browsing habits for these ads to ensure your computer�s safety, privacy, and right to browse the internet as it was meant to be seen: An uncensored medium.

– John D –

Many business owners find themselves in the position to confront employees about their Internet use. Non-work related activities including online games, Internet shopping, stock trading, Internet radio, streaming media and MP3 downloads represent the new temptations in the workplace.

When an employee connects to the Internet, your company is exposed to these four threats:

Productivity Threats: Just 20 minutes of recreational surfing a day can cost a company with 30 employees over $1000 per week (At $25/hr per employee)
Legal Threats: Employees can sue if you don’t provide a work environment free of gender and minority harassment. This means taking reasonable care to block offensive Internet content.
Network Threats: An employee can crash your network just by logging into the wrong website. Other activity like recreational surfing and downloading MP3 files can divert valuable bandwidth from critical business needs.

Security Threats: Viruses enter networks through a variety of sources, such as web-based email, Instant Messenger file transfer, email attachments or through other files directly downloaded from a website.
Companies of all sizes must effectively incorporate email, Instant Messages and web traffic logs into their overall records management strategy. Some companies must do this to comply with industry regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA.

The first step is to choose the types of Internet content that will not be allowed in the workplace. Keep in mind that not all employees will have the same privileges, so it is important the network management solution you choose provides a flexible configuration to suit your needs.

There are two basic types of Internet monitoring solutions: Gateway and desktop solutions. Gateway solutions are software or hardware that act as checkpoint for all Internet traffic on the network. Desktop solutions are installed on the local machine to enforce the Internet policies before the request leaves the machine. Desktop solutions work well on smaller networks and gateway solutions work well on both.

The next step is to create an official company policy specifically for Internet use. It should include all Internet activities and not just those you wish to manage. Keep in mind the document cannot account for every possible scenario on the Internet, so it is important to use broad terms with specific examples. For example, instead of stating �Political opinions are not to be posted on newsgroups,� you may wish to use �Messages originating from the company network or other company-owned assets may not contain political opinions.� The second clause is much stronger because it doesn�t specify a message type or delivery system. If you have liability insurance, then be sure to get their approval on all documents. In some cases they will have additional provisions that directly relate to your industry.

The most difficult step will be implementing the new policies. In most cases, some or all users will experience a reduction in Internet privileges. Prepare for a temporary increase in support requests as some users will be prevented from accessing some work-related content. Internet policy configuration is an on-going process that must be routinely maintained.

Soon the complaints from users will cease and production will return back to normal. It is important to keep your filtering software updated and to maintain a history of Internet activity. If the time comes when you must confront an employee about their Internet use, you will have proof of their Internet activity and a detailed comparison to their peers. That is a much stronger case than saying �I�ve seen you 10 times looking at �.�

– frank hughes –