[thelist] Intranet and permissions

Martin Burns martin at easyweb.co.uk
Mon Mar 24 11:42:23 CDT 2008


On 24 Mar 2008, at 14:47, Eduardo Kienetz wrote:
> On Mon, Mar 24, 2008 at 9:07 AM,  <ftarzwell at fayec.com> wrote:
>> I am now puzzled by this since I always thought that since this was  
>> an
>> internal server not accessible to the "outer world" that it would be
>> impossible to be breached even if all folders were set at 777.
>> Can anybody give me a better explanation on the security issues of  
>> having
>> 777 permissions on folders in an intranet?
>
> Some employee could hack the internal system and get access to
> confidential information?

Most security breaches are from employees, not the outside world. The  
worst case is not the obvious, easily traced one, but the subtle one  
that gets overlooked for months/years. Or the 'ooh, I wonder what  
*this* does' one - no malice, but doesn't mean it wouldn't hurt.

For SOX compliance and - let's face it - simple good practise, you do  
*not* give anyone more access than they need to do the things they  
need to do.

Cheers
Martin

--
 > Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter
 > http://dspam.nuclearelephant.com/








More information about the thelist mailing list