1. Windows NTFS ACL(MAC) Permission 2. How the System Uses ACLs 3. 服务器不安全ACL配置带来的攻击向量 4. NTFS ACL安全配置风险 5. ACL安全配置最佳实践、检测方案

1. Windows NTFS ACL(MAC) Permission 

windows ACL是一个主体-客体的交叉概念

1. 主体 1) windows账户 1.1) administrator 1.2) Guest 1.3) IUSR_xxx 1.4) IWAM_xxx 1,5) SUPPORT_xxx 1.6) SYSTEM: 系统最高权限 .. 2) windows组 2.1) administrators 2.2) Backup Operators 2.3) Distributed COM Users 2.4) Guests 2.5) Network Configuration Operators 2.6) Performance Log Users 2.7) Performance Monitor Users 2.8) Power Users 2.9) Print Operators 2.10) Remote Desktop Users 2.11) Replicator 2.12) Users 2.13) HelpServicesGroup 2.14) IIS_WPG 2.15) TelnetClients 3) 安全主体 3.1) Anonymous Logon 3.2) Authenticated Users 3.3) BATCH 3.4) DIALUP 3.5) Everyone 3.6) Network 3.7) Interactive 3.8) Terminal server user 2. 客体 1) 目录 2) 文件 3) 注册表 4) 活动目录 ..

0x1: Understanding Windows NTFS Permissions

When Microsoft released Windows 2000, they released a new version of NTFS, which was versioned 5. The new NTFS permissions were essentially the same logical control as the older version that was available in Windows NT, however, there were some radical and essential changes that occurred to control how the permissions were inherited and configured for each file and folder.

1. Since NTFS permissions are available on every file 2. folder, 3. Registry key 4. printer 5. Active Directory object

it is important to understand the new methods and features that are available once you have Windows 2000, Windows XP, or Windows 2003 Server installed to control resources

0x2: Standard Permissions

1. 文件

1. Full Control The most popular and infamous standard permission is Full Control. This is what everyone wants, but in reality very few should get. Full Control allows the user that is granted this suite of permissions to do virtually anything to the object the permissions are associated with. 2. Modify 3. Read & Execute 4. Read 5. Write

2. 目录

Folders have the same standard permissions as files, except there is one additional standard permission "List Folder Contents"