HP NetStorage 6000 White Paper - File Sharing Security

HP NetStorage 6000 Manual

Get HP NetStorage 6000 PDF manuals and user guides View all HP NetStorage 6000 manuals
Add to My Manuals
Save this manual to your list of manuals

HP NetStorage 6000 manual content summary:

  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 1
    File Sharing Security on the hp surestore netstorage 6000 White Paper Copyright © 2000 Hewlett-Packard Company All Rights Reserved Page 1 of 28
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 2
    and Encryption 13 3.3.4 Security Descriptors 14 3.4 Considerations for the HP NetStorage 6000 16 3.4.1 Share Level Security 16 3.4.2 User Level Security 16 3.4.3 DOS attributes 17 4 Security on Mixed (UNIX/Windows) Networks 17 4.1 General Overview 17 5 File Sharing Configuration 18 5.1 File
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 3
    and Windows Account 24 7.2 UNIX File Accessed by Windows Clients 25 7.3 Windows File Accessed by UNIX Clients 26 8 File Format Details 27 8.1 HP NetStorage 6000 Files - passwd, group, users.map, group.map_________ 27 8.2 UNIX Files - passwd.nis and group.nis 28 9 Acronyms 28 Copyright © 2000
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 4
    the most important aspects of serving data to clients over a network is the security mechanisms employed by the server to protect the data from accidental or malicious tampering. The HP NetStorage 6000 is a (NAS) Network Attached Storage Device with capabilities to serve files to Windows clients and
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 5
    Network Information Services (NIS). The NIS service automatically distributes centrally maintained system files to all of the host systems on the network assigned to several different users, which could be problematic in network file storage. One of the weaknesses of this security system is that
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 6
    network infrastructure (complete with NIS centralized administration), and computers that exist outside of the sphere of administrator control, a mechanism is needed to protect servers servers. 2.4 Considerations for the HP NetStorage 6000 The HP NetStorage 6000 HP NetStorage 6000 does not support
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 7
    is not used for NT access, or if the storage for NT users and the storage for UNIX users are kept separate, then there is no need to maintain these files. 2.4.3 The /etc/approve File Since the HP NetStorage 6000 does not support the /etc/exports file, support has been added for a file named /etc
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 8
    , and must be authenticated on that account before gaining access to resources on a computer. This security mode is most appropriate in client-server based networks. User Level Security is the default security mode of Windows NT and Windows 2000. Copyright © 2000 Hewlett-Packard Company All Rights
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 9
    , when a user enters a password to access a share, the client system creates a session with the server that may extend beyond the expected interval. For example, if a user accesses a share via Network Neighborhood (and providing the correct password), closes the Explorer window, and then returns to
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 10
    that session. This not only applies to users accessing machines directly (interactive logon), but also to users accessing resources on remote servers (remote, or network logon). Interactive logon is a very common experience for most users. Every time a Windows NT computer boots, a user must logon to
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 11
    arrows between the domains represent the trust relationship between the domains. The domain that trusts another domain has an arrow pointed at the domain it trusts. A Account Domain Trust Relationships X Y Z Resource Domains Figure 1. Master Domain Model Another common architecture is to have
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 12
    server dedicated to managing the accounts and authenticating users. Windows supports both mechanisms, but authentication using locally stored accounts is very limiting on a network local account, then the request is passed onto the NetLogon service, which in turn passes it along to the domain
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 13
    of maintaining both versions of a password is to ensure compatibility with all clients on the network. In no instance is the password of any user account stored as plaintext - it is used to obtain authentication on a server. Copyright © 2000 Hewlett-Packard Company All Rights Reserved Page 13 of 28
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 14
    When a client attempts to logon to a server on a network (known as remote logon or network logon), the client is given a 16-byte challenge ( NT, in conjunction with the NT File System (NTFS), is designed to support restricted access to any object (i.e. files or directories) on the File System.
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 15
    right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right. The right to change the owner in the object's security descriptor. The right to modify the DACL in the object's security
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 16
    Security The HP HP NetStorage 6000 fully supports the service as NetLogon does not exist, the HP NetStorage 6000 must emulate the features of NetLogon where necessary. q The HP NetStorage 6000 HP NetStorage 6000 simply forwards these requests to an NT domain controller for authentication. The server
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 17
    name. This allows the server to connect to any available domain controller within a domain. q The HP NetStorage 6000 can obtain and store on Mixed (UNIX/Windows) Networks 4.1 General Overview The HP NetStorage 6000 works in a heterogeneous environment and supports file sharing between Windows and
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 18
    GID values whether they are part of a NIS administered server or not. As described in the previous sections, the HP NetStorage 6000. Each of these topic areas will be covered in the discussion below. 5 File Sharing Configuration File sharing considerations begin with the file allocation storage
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 19
    - no association between UNIX and NT accounts. A unique UNIX UID will be assigned to all Windows users. If the Windows client has previously accessed the HP NetStorage 6000 the UID value that they were previously assigned will be saved in the passwd file. If no entry for this client is found in the
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 20
    further activities on the server will have this unique UID associated with the file or directory metadata. The HP NetStorage 6000 assigns UID values beginning UNIX administrator is not using a NIS server to manage their UNIX accounts, they will need to manually edit and manage the mapping files that
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 21
    clients. File Name passwd group passwd.nis File Information NT domain, user logon, UID, GID and comments. If the user resides only in the local HP NetStorage 6000 domain, the default NT domain that is assigned is the local hostname. NT domain, user logon, GID. If the user resides only in the local
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 22
    passwd file is scanned to see if the NT client has previously accessed the server and been assigned a local UNIX UID and GID value. If no mapping 60001. The users credentials are checked each time the user logs into the HP NetStorage 6000. The user must have the same NT domain and user name to be
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 23
    comment field which is frequently used for the users full name. If the HP NetStorage 6000 is able to find a match in the passwd.nis file then the no match is found so a UID and GID will be assigned by the HP NetStorage 6000 beginning with 60001 for the UID and GID. The appropriate entry will be made
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 24
    in a UNIX only environment that it was not necessary to supply NIS server information since the HP NetStorage 6000 did not perform user authentication or account name resolution. When a UNIX client attaches to the HP NetStorage 6000 they have a UID and GID that have been previously assigned to them
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 25
    like Windows Explorer to map a network drive and store the file on the HP NetStorage 6000. When the Windows client examines the HP NetStorage 6000 configuration assumptions: • Administrator has established file volume permissions so that both UNIX and Windows clients can access the file. • NIS server
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 26
    domain: Empire Primary group: marketing UNIX - no account marketing HP NetStorage 6000 Configuration assumptions: • Administrator has established file volume permission so that both UNIX and Windows clients can access the file. • NIS server administration is used and enabled so that the passwd.nis
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 27
    to access this file according to the permissions that have been granted by the creator or owner of the file. 8 File Format Details 8.1 HP NetStorage 6000 Files - passwd, group, users.map, group.map Passwd Group Users.map Group.map :*::::
  • HP NetStorage 6000 | White Paper - File Sharing Security - Page 28
    Attached Storage Network Basic Input/Output System Network File System Network Information Services New Technology Primary Domain Controller Relative Identifier Security Account Manager Security Descriptor Security Identifier Server Message Block User IDentifierReferences Copyright © 2000 Hewlett
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
Copyright © 2000 Hewlett-Packard Company
Page 1 of 28
All Rights Reserved
File Sharing Security
on the
hp surestore
netstorage 6000
White Paper