Five levels of network security:
Login security – controls access to all network resources.
NDS security – controls access to NDS objects.
File System security – controls access to files and directories.
Printing security – controls access to printing resources.
Server security – controls access to physical server and the server console.
Authentication – established at login to validate users rights to network resources.
Login restrictions – used to manage who has access to what resource on the network and what access they have to that resource.
Login restrictions include:
Password – require a password and its attributes, (length, periodic changes, minimum length, etc.)
Network address – limit users to use specific workstations.
Login time – restrict when a user can login.
Account Balance – limit the number of resources a user can use over a specified time.
Intruder detection and lockout – used to prevent hacking into a network.
Examining NFS or file system security.
Directory and file rights – rights given to a user to grant access to a file or directory.
Rights granted to directory will be inherited to its files.
Directory rights = w,r,m,f,a,c,e,s
S = supervisor, user gets all rights to this directory all sub-directories, and files.
R = read, open and read files.
W = write, open and write to files.
C = create, create sub-directories and files
E = erase, delete files, directories, and sub-directories.
M = modify, rename directories and files as well as change their attributes.
F = file scan, allows user to see the file or directory’s name.
A = access control, add and change rights to files and directories.
IRF – inherited rights filter
Rights checked in the IRF allow that right to flow through.
Rights that are unchecked cannot flow through.
All trustee assignments are remembered in the file or directory’s ACL (access control list).