Security On Windows Networks; General Overview - HP NetStorage 6000 Manual

host pattern This field has the name of a host or group of hosts that have access rights. Host names must be
resolvable through the local /etc/hosts file, the NIS hosts file, or through DNS. Groups of
hosts are specified in the /etc/hostgrps file. If the host pattern is the name of a group, then it
must be preceded by the @ symbol. The wildcard character ( * ) may be used to specify all
hosts.
rights This field specifies the access limits to apply. The entry in this field can be one of the following:
access=rw
access=ro
access=none
Following is a list of example entries in the /etc/approve file:
#class specifier
files /acct/usr
files /acct/etc
files /acct/etc
files /
files /acct/usr/theList.txt
The first entry allows read/write access to all client systems defined in the 'executive' group (listed in the
/etc/hostgrps file) to all files and directories under the /acct/usr directory. The second and third entry allows
read/write access to the machines 'it1' and 'it2' to all files and directories in the /acct/etc directory. The fourth
entry denies all access on all file systems to any machine in the 'untrusted' group. The last entry grants specific
read only access to a single file for any user on the 'guest' machine.
Note that the file is searched sequentially for a match. Once an entry is found that matches the host and the
resource to restrict, then all other entries are ignored.

3 Security on Windows Networks

3.1 General Overview

Two distinct mechanisms are used on Windows networks to provide security for resources. They are known as
"Share Level Security" and "User Level Security".
The simplest and least secure mechanism is known as Share Level Security. This security mode allows each
network share to be protected with a password. Although the mechanism is very limited, it is useful on small
networks that utilize peer-to-peer networking. Share Level Security is the default security mode of Windows for
Workgroups, Windows 95 and Windows 98.
User Level Security is more complex to implement, but is easier for the end user, and more flexible in terms of
what can be protected and how. In this mode, each user is provided a logon account, and must be
authenticated on that account before gaining access to resources on a computer. This security mode is most
appropriate in client-server based networks. User Level Security is the default security mode of Windows NT and
Windows 2000.
Copyright © 2000 Hewlett-Packard Company
All Rights Reserved
Allow read and write access to the resources
Allow read only access to the resources
Deny all access to the resource
host pattern
@executive
it1
it2
@untrusted
guest
rights
access=rw
access=rw
access=rw
access=none
access=ro
Page 8 of 28