Folder Redirection to NTFS share Permissions
If you want to redirect domain user folders to NTFS or Storage share, you need to set the permissions like in the list bellow:
Creator Owner => Full Control on “Subfolders and Files Only”
Security group of users needing to put data on share => List Folder/Read Data, Create Folders/Append Data on “This Folder Only”
System => Full Control, on “This Folder, Subfolders and Files”
In addition you can add Domain Admins security group to have permissions on user folders:
- Open Group Policy Management
- Navigate to Computer Configuration>Administrative Templates>System>User Profiles
- Set “Add the Administrator security group to the roaming user profile share” to enabled
Vista Low Level Security Features
Windows Vista includes a vast array of low-level security features. One of the most dramatic
is service hardening. Because of the modular architecture of Windows Vista, the
system has been created in such a way that the components that make up the system are
as isolated from and independent of each other as possible.
Furthermore, Microsoft has gone over each of these components to ensure that they are
running under the lowest possible security privileges. This protection extends to the
system services that run silently in the background.
There’s also a new feature called Address Space Layout Randomization (ASLR) that randomly
loads key system files in memory, making them harder to attack remotely. This is
a security technique that’s been employed by UNIX-based systems for some time.
While none of these features are particularly configurable, it’s fair to say that Windows
Vista is the most secure Windows version ever made, thanks to the sum of these and many
other security enhancements.
Social Engineering
Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an
outsider, based upon the building of inappropriate trust relationships with insiders. Attackers use this
approach to attempt to gain confidential information, such as organizational charts, phone numbers,
operational procedures, or passwords in order to evaluate the organization’s vulnerability to social
engineering attacks.
Social Engineering is the term for cracking techniques that rely on weaknesses inwetware rather
than software; the aim is to trick people into revealing passwords or other information that compromises
a targetsystem’s security. Classic scams include phoning up an employee with the required
information and posing as a field service technician or a fellow employee with an urgent access
problem. Acting as a salesperson or manager is also frequently utilized.
Social engineering can be defined as misrepresentation of oneself in a verbal manner to another person
in order to obtain knowledge that is otherwise unattainable.
Social engineering, from a narrow point of view, is basically phone scams which pit your
knowledge and wits against another human. This technique is used for a lot of things, such as gaining
passwords, keycards, and basic information on a system or organization.
Generally this is done in conjunction with other reviews, and is designed to ensure that an
organization’s employees have an adequate awareness of security and the related issues.
Use the following methods to check the awareness levels within your organization:
- Phone
- Internet
- Live visits
There is only one effective means of reducing social engineering vulnerabilities—awareness
training. Social engineering testing can be an effective means of measuring compliance to and the
effectiveness of this training.
Def Con Video
Up to one billion RFID access cards could be affected by hack
On the heels of two independent research teams demonstrating hacks of the Mifare Classic RFID chip algorithm, the Dutch government has issued a public warning about the security of access keys based on it. The minister of interior affairs, in a letter to parliament, wrote that there are plans for government institutions to take “additional security measures to safeguard security.”
It is no laughing matter, as the technology is used by transit operators in London, Boston, and the Netherlands. It is also used in access cards in numerous other organizations around the world.
Excerpt from PC World:
NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.
- German researchers Karsten Nohl and Henryk Plötz have published a paper on how to crack the chip’s encryption (pdf)
- Bart Jacobs, an information security professor, have released the video which I have embedded above.
The video demonstrates how cryptography could be retrieved from readers attached to access control infrastructure or even sniffed simply by walking pass a Mifare RFID card holder. Duplicate cards are then cloned to gain unauthorized entry. What is really scary is the ease with which the attacks are successfully executed.
The interesting thing here is that manufacturer, NXP Semiconductors, has quickly announced that there is a new version of the Mifare chip called the Mifare Plus with enhanced security – 128-bit encryption over the original 48-bit, to be exact.
The pertinent question here is why wasn’t the Mifare Plus introduced earlier? Now, it is not known how much this enhanced card will eventually cost, but reports say that the original Mifare Classic sold for less than a single dollar. Hence, the low cost of the Mifare Classic might have been a factor here.
Goolag Scan – New security scan tool developed by Cult of the Dead Cow
The tool is based on “Google Hacking” technique that Cult of the Dead Cow used, the practice of exposing vulnerabilities via Google,
There is no need to be be a genius to scan for vulnerabilities over the Internet and afterwards exploit them for his own benefit.
Download via http://www.goolag.org/
Related Blogs
Bluecoat Firefox authentication Pop-Up’s
To solve the problem do the following:
Type in Firefox Browser – about:config
Find value “network.automatic-ntlm-auth.trusted-uris” and add bluecoat host name
For https authentication is recommended to create Virtual URL and add a different port (not 443 ) https://bluecoatHostName:444
Also check DNS resolution of bluecoat applience ( probably you will need to add it manualy to your DNS serve