Maintaining System Security

InetD

Maintaining System Security

Users that connect to your drives and directories using the InetD services are restricted to file access based on the permission you assign.

Security for Windows 98/Me

With Windows 98/Me, you assign permissions using the InetD Admin application. InetD Admin is an administration tool designed to control access to your files and resources.

When remote users on the network try to log onto your PC via the InetD server programs, InetD Admin screens them and determines the level of access. To allow anonymous FTP access to your PC via the FTP daemon, you must set up an anonymous user account in InetD Admin.

Security for Windows NT/2000/XP/Server 2003

Windows NT/2000/XP/Server 2003 supports NTFS, FAT, and HPFS file systems. Of these, only NTFS provides access control at the file and directory level.

NTFS

Users that link NTFS drives and directories by means of the InetD services are restricted to file access according to Windows NT/2000/XP/Server 2003 permissions.

If you have enabled FTPd and/or Telnetd, also consider:

For FTP, if you create an FTPAccess group in the user administration program, the Windows NT/2000/XP/Server 2003 user must be a member to access the machine using FTP. No check is performed if the group does not exist; access is then allowed for every Windows NT/2000/XP/Server 2003 user account.

For Telnet, if you create a TelnetAccess group in the user administration program, the Windows NT/2000/XP/Server 2003 user must be a member of the group to successfully access the machine using Telnet. No check is performed if the group does not exist; access is then allowed for every Windows NT/2000/XP/Server 2003 user account.

FAT and HPFS

FAT and HPFS drives do not allow you to set user-access rights, setting the drive to write access allows all users to write to it. Granting all users write-access could leave your drive vulnerable.

If you have FAT or HPFS local disk drives, consider the following when determining whether to allow remote users to have access to your local machine using FTP or Telnet.

FTP—The FTP daemon (FTPd) lets you set read and write permissions to restrict users access to FAT and HPFS volumes. If you do not want users to have access to FAT or HPFS drives, do not include them in the -r, -w, or -rw parameters. If you do want users to have access to these drives, exercise caution when setting parameters.

Telnet—The server application, Telnetd, cannot restrict incoming users to a particular local disk drive. If you have a FAT or HPFS drive on your machine, and you enable Telnet access over the network, incoming users have unrestricted access to that drive. This means they could potentially delete all files.

There are two solutions to this problem:

  • Use only NTFS file systems on your computer.
  • If you have FAT or HPFS disk volumes, do not enable Telnet access over the network.

Related Topics

Setting File Security in an NTFS File System

Granting Anonymous FTP Access