Page 58 - DCAP516_COMPUTER_SECURITY
P. 58
Computer Security
Notes Microsoft’s Virtual Private Networking technology uses the industry-supported Point-to-Point
Tunneling Protocol (PPTP) to extend the use of RAS to the Internet. Instead of dialing directly
into the RAS server using a telephone line, the remote RAS client dials a local Internet service
provider and establishes an Internet link to the provider’s PPTP RAS server. This virtual private
network allows a remote user to securely access a central network over the non-secure Internet.
Basic Protocol Security
Not all networks are prone to attack and Windows NT does not impose performance penalties
by applying cryptographic techniques to all network traffic. Instead, its philosophy is to support
specific applications that must cryptographically protect data in transit across a network.
However, it does use some common-sense and basic cryptographic techniques in its standard,
underlying protocols.
5.4 Abbreviations used in Access Control Lists
Some systems abbreviate basis for access control lists in a UNIX sytem is the user. The UNIX
system divides the users into three categories:
1. Owner of the file
2. Group owner of the file
3. All other users
Each user has different types of rights.
Example: Unix system provide read(r ), write(w) and execute(x) right. When a user Tom
creates a file it assumes that it is the group executives. Initially Tom request the system that he
may be granted permissions to read( r ) and write (w) the file and the group to only read (r ) the
file, and that no one else could even access the file. Then the permissions would be like rw for the
owner (i.e. tom), r for the group members and none for others.
Notes Unix permissions are represented as triplets. The first is the owners right, the
second is the group rights and the third is the others rights. Within each triplet the first
position is r if read access is allowed or if it is not, the second position is w if write access
is allowed or if it is not and similarly the third position is x if execute access is allowed.
Therefore the permission for the Tom’s file would be represented as rw-r——.
Abbreviations of ACL, such as those supported by the Unix OS suffer from the loss of granularity.
For example: If a Unix system has five users and administrator wants to grant different set o
permissions to different users then it would be difficult to do with triplets as there would be five
different set of desired rights.
Windows NT ACLs
Different Sets of Rights
1. Basic: read, write, execute, delete, change permission, take ownership
2. Generic: no access, read (read/execute), change (read/write/execute/delete), full control
(all), special access (assign any of the basics)
52 LOVELY PROFESSIONAL UNIVERSITY