Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.3  Application Hardening

Previous Topic/Section  NNTP Servers
Previous Page
Pages in Current Topic/Section
Next Page  DHCP Servers
Next Topic/Section  File/Print Servers

In most cases, the file and print server software you’re running was supplied as part of the OS, so there’s usually no need to update it separately from the OS. Generally, if there’s a security (or other) issue with file and/or print services, the patch will appear as an OS update.

In the UNIX world, common network file server applications are NFS, the traditional UNIX Network File System originally from Sun, and Samba, a Windows File Sharing-compatible application. The BSD “lpd” subsystem is often used for printing. RPC (the underlying technology used by NFS) and lpd both appear in the SANS/FBI Top 20 list of UNIX vulnerabilities.

In the Microsoft world, the overwhelming choice for file and print services are the Windows File and Printer Sharing features supplied with the OS. You can also run NFS client and server software, and Novell-Netware-compatible software (plus numerous other less-well-known packages). The technologies underlying various Windows File Sharing features appear on the SANS/FBI Top 20 list of Windows vulnerabilities.

The most important point here, in addition to watching for vulnerabilities and patches, is to pay attention to configuration details. Make sure you haven’t made any directories or devices available to the world that you didn’t want to be available to the world.

How “Share” Permissions are Applied

When determining what access a client has to files in a shared directory, the operating system starts with the permissions that client would have if accessing the file locally on that machine. It then overlays the permissions on the share, and the “most restricted” level of permission wins. For example, if the OS would allow the user to read and write the file, but the directory is shared read-only, the user could only write to it. If the OS allowed the user to only read the file, and the directory is shared read/write, the user could still only read the file.

Some file systems allow for the server to validate specific client user credentials, so that each user accessing a file could potentially have different permissions to access information on that remote system. Others map all remote accesses to a single user with minimal privileges, similar to the way that anonymous FTP works.


If you run Samba on a UNIX machine, for ease of sharing files with Windows machines check out the section on Samba security-related configuration in Real World Linux Security.


377. Toxen, Bob, Real World Linux Security, Prentice-Hall, November, 2000,

Previous Topic/Section  NNTP Servers
Previous Page
Pages in Current Topic/Section
Next Page  DHCP Servers
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.