IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [file-access]

143 questions
4
votes
1 answer

One-Way Data Transfer Cable

Is there a cable that physically only supports data flow in one direction (out)? The idea here is to put this on a system that can only export data so that there is very minimal risk of the transmitting system 'getting' attacked (assuming there are…
Matthew Peters
  • 3,592
  • 4
  • 21
  • 39
4
votes
3 answers

Are file permissions set in Unix/Linux effective in Windows or Any other OS?

Consider some files and folder in Unix/Linux OS which are configured for only read access by root, if the hard drive stolen, and used in Windows Environment, are these permissions are still effective? Same scenario: setting file and folder…
Akam
  • 1,327
  • 3
  • 14
  • 23
4
votes
1 answer

Hacked Wordpress /index.php and /wp-content/themes/Avada/footer.php

I woke up today to see the top and bottom pages of my website displaying a link with text "Cheap Jerseys Free Shipping". I quickly went in and saw that /index.php and /wp-content/themes/Avada/footer.php were changed, I removed the links and saved…
Waqas Tariq
  • 141
  • 1
  • 4
4
votes
3 answers

Why should the user ID and group ID of every file match an existing user?

I've been reading in most hardening guides for Linux, that you should check for files and directories without valid user or valid group. What I can't find, is how this could be used for an attack, or how this could be a weakness, besides it being…
user857990
  • 903
  • 1
  • 9
  • 21
4
votes
3 answers

Where are NTFS security ACLs stored on Windows systems?

Are per-file and directory access permissions for an user or a group stored as part of the NTFS structures on-disk? Or are they recorded in the registry database for an installed Windows OS, or elsewhere yet? In practice, assuming several NT-class…
NimbUs
  • 101
  • 1
  • 5
4
votes
2 answers

Possible arbitrary file download vulnerability

I am auditing a possible vulnerable piece of ASP code on a Windows environment. The code is as follows: If InStr(strPath, "\Only\Download\From\Here\", CompareMethod.Text) = 0 Then Basicly it is supposed to only let the download script fetch files…
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
3
votes
1 answer

Which Domain Administrator created file X on a Windows 2008 R2-based server?

Someone created a file (web.config) in a location that basically caused IIS to not work. Is there any way I can determine who created this file? The creator/owner says "Domain Administrators". This is a Windows 2008 R2 server.
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
3
votes
3 answers

Can an attacker spoof an IP address to access my .htaccess protected file?

Let's say I lock down my site through .htaccess and say DENY FROM ALL ALLOW FROM myip how involved is it for a hacker to to simply spoof their IP address to match whatever mine is and gain access? For that matter, is the .htaccess secure enough to…
user61995
  • 41
  • 3
3
votes
2 answers

How risky is having sensitive files on webroot?

I understand that having anything sensitive under webroot is not smart; someone may be able to access it via url. However, I do not have a choice with my web host (iPage) as they limit my server space to just the web root. So my question is: how…
ink
  • 33
  • 4
3
votes
2 answers

How can I ensure that Dropbox is using only its folder?

I'm using several cloude storage services, like Dropbox. Each have windows app for its synchronization, and this app actually can read anything from my disc, not just files from its 'synchronized' folder. I want to make sure that this apps never…
setec
  • 133
  • 3
3
votes
2 answers

Access control of Linux and Bell LaPadula Model

I know that access control is a very important think when we want to protect our files and in security in general. Does anyone know what access control system is used by linux? In addition I just found the Bell-LaPadula model, which I find very…
John Smith
  • 143
  • 4
3
votes
1 answer

Limit BitTorrent Sync connections to a specific network

Is it possible to limit BitTorrent Sync connections to a a specific network using the client software? Right now the closest I can come up with would be IP limitations imposed on each client using a firewall. This seems like it would work fine,…
Squeak
  • 271
  • 1
  • 5
3
votes
1 answer

Preventing access to file for process running as root

I have a client with a legacy application running on RH 3 (=the latest version supported by app). There is a process that has to run as root (and not in a chroot environment). I need to prevent this process from accessing some sensitive data…
Zek
  • 133
  • 2
3
votes
2 answers

Local Network Data Sync and Access Log

We have some confidential data for our research. Currently, we use an encrypted hard drive for storing the data and any researcher using the data takes it off the drive. However, we do not have any way of knowing where the data copies exist at a…
Saad Farooq
  • 131
  • 4
3
votes
0 answers

Storing user's private files on S3 and securing access using signed URLs - good idea?

I will be storing private user's files on S3. The files will be PDFs, possibly containing private financial information. I'm considering letting users directly access the files on S3, without proxying all the traffic through my app server. How…
ssobczak
  • 131
  • 1
1 2
3
9 10