Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

114 lines
10 KiB

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<title>Microsoft Index Server Guide: Security</title>
<meta name="FORMATTER" content="Microsoft FrontPage 1.1">
<meta name="FORMATTER" content="Microsoft FrontPage 1.1">
<meta name="GENERATOR" content="Microsoft FrontPage 1.1">
</head>
<body bgcolor="#FFFFFF">
<!--Headerbegin--><p align=center><a name="TOP"><img src="onepix.gif" alt="Space" align=middle width=1 height=1></a> <a href="default.htm#Top"><img src="toc.gif" alt=" Contents" align=middle border=0 width=89 height=31></a> <a href="adminhlp.htm"><img src="previous.gif" alt="Previous" align=middle border=0 width=32 height=31></a> <a href="cathlp.htm"><img src="next.gif" alt="Next" align=middle border=0 width=32 height=31></a> </p>
<hr>
<!--Headerend--><p><a name="Security"><font size=6><strong>Security</strong></font></a></p>
<p align=left><!--Chaptoc--></p>
<blockquote>
<p><a href="sechelp.htm#CatalogPerm">Catalog Directory Access Control</a> <br>
<a href="sechelp.htm#AccessControl">Access Control for Web Pages</a> <br>
<a href="sechelp.htm#Authentication">Authentication</a> <br>
<a href="sechelp.htm#RemoteVirtualRoots">Remote Virtual Roots</a> <br>
<a href="sechelp.htm#AdminSecurity">Administration Over the Web</a> <br>
<a href="sechelp.htm#Configuration">Configuration Note</a> <br>
</p>
</blockquote>
<hr>
<!--ChaptocEnd--><p>This section discusses the security administration of Microsoft Index Server. In order to maintain a secure site without
disclosing information to unauthorized persons, it is necessary to be aware of authentication and access control issues. Even on
sites that contain only widely available public information, being aware of security issues helps to prevent compromising the
server.</p>
<hr>
<h1><a href="#TOP"><img src="up.gif" alt="To Top" align=middle border=0 width=14 height=11></a><a name="CatalogPerm">Catalog Directory Access Control</a></h1>
<p>When Index Server is first installed, the <a href="cathlp.htm">catalog</a> is set up with an <a href="glossary.htm#ACL">Access Control List (ACL)</a> that allows only system
administrators and system services to access it. In part, this assures that if the catalog directory is contained within a virtual
root, unauthorized users will not see the files in the catalog as part of their query. The protection on the catalog directory is also
important to prevent unauthorized users (who might have access to the server by use of file-server shares) from seeing the
contents of the catalog. Although the information in the catalog is in a form that would be difficult for someone without
knowledge of the file formats to decipher, it is possible to read the content of files on the server by examining the catalog. </p>
<p>If an additional catalog directory is created manually, care should be taken to ensure that it and the files created in it have
appropriate access controls. A catalog directory should allow access for administrators and for the System account. Index
Server runs as a service, so System access is required.</p>
<hr>
<h1><a href="#TOP"><img src="up.gif" alt="To Top" align=middle border=0 width=14 height=11></a><a name="AccessControl">Access Control for Web Pages</a></h1>
<p>When documents are filtered, any access controls on a document are kept in the catalog and checked against client
permissions when a query is processed. If a client does not have access to a document, the document will not be included in
any of the client&#146;s query results; there will be no indication that the document exists. In order to avoid the appearance of
missing hits, a user should be properly <a href="#Authentication">authenticated</a> before processing a query. </p>
<p>If a document has an ACL that triggers auditing of access attempts, an audit will be generated when the document is filtered
(according to the ACL, if System access is to generate an audit record). An audit record will not usually be generated when a
document is examined for possible inclusion in a query result. If a document matches a query, and the client subsequently
examines the document, an audit record will be generated according to the ACL.</p>
<hr>
<h1><a href="#TOP"><img src="up.gif" alt="To Top" align=middle border=0 width=14 height=11></a><a name="Authentication">Authentication</a></h1>
<p>In order for access control to be enforced properly, it is necessary that any client be properly authenticated prior to doing a
query. The easiest way to ensure that a client is authenticated is to place some appropriate access control on the form that
issues a query. An access control list could also be placed on the .idq or .htx file used in a query. </p>
<p>Depending upon the configuration of Internet Information Server, one or more authentication mechanisms can be used. These
are:</p>
<ul>
<li>Anonymous logon </li>
<li>Basic authentication </li>
<li>Windows NT Challenge/Response authentication </li>
</ul>
<p>If anonymous logon is allowed, it will be used by default as long as all files accessed by the client are permitted to be accessed
by the anonymous logon account. Whenever an attempt is made to gain access to a document for which access is denied to
the anonymous user, an authentication dialog will be presented (if some other authentication mechanism is available). The client
can then provide authentication and thereby gain the rights to access files that would otherwise be denied. </p>
<p>Authentication of all clients accessing the server can be forced by disabling the anonymous account.</p>
<p>For an intranet consisting entirely of computers running Windows NT Workstation and Windows NT Server, Windows&#160;NT
Challenge/Response authentication is the preferred authentication mechanism. With Windows&#160;NT Challenge/Response, the
client&#146;s password is not transmitted in clear text over the network. A user does not need to log on to access the query forms,
because a single logon is maintained. Index Server uses the same credentials that Windows NT uses.</p>
<hr>
<h1><a href="#TOP"><img src="up.gif" alt="To Top" align=middle border=0 width=14 height=11></a><a name="RemoteVirtualRoots">Remote Virtual Roots</a></h1>
<p>In Internet Information Server and Peer Web Services, if the server is configured to access and index a remote virtual root,
access to that virtual root and the documents contained on it is determined by the account configured to access the remote
share. Any accessible document will be indexed, and will be available to any client that connects to the server. The access
checks for query results described earlier in this chapter are explicitly disabled in this case. </p>
<p>Be aware that if you index remote virtual roots, the documents on that root may be unintentionally disclosed to unauthorized
clients, because the user name and password supplied by the Web administrator (in the <strong>Directories</strong> property sheet of Internet
Service Manager) is used for all access to that remote share.</p>
<hr>
<h1><a href="#TOP"><img src="up.gif" alt="To Top" align=middle border=0 width=14 height=11></a><a name="AdminSecurity">Administration Over the Web</a></h1>
<p>When administering Microsoft Index Server over the Web, you should make sure to tightly control administrative access. All
administrative operations Index Server are controlled by the access control list (ACL) on the following registry key:</p>
<blockquote>
<p><a href="reghelp.htm"><font size=3><code>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ContentIndex</code></font></a></p>
</blockquote>
<p>If you need to put additional controls on administrative operations, you can put ACLs on the .ida, .idq, and .htx files through
which you administer your site. If you administer your site only locally rather than from a remote computer, you can put the
administration forms on a local disk, which can be accessed through the following address:</p>
<blockquote>
<pre>file: <em>URL references</em></pre>
</blockquote>
<p>To administer your site locally, you must make the scripts available in an executable virtual root on your Web server.</p>
<p>For information about security in the Scripts directory, see <a href="idqhelp.htm#qrysection">&#147;Query Section&#148;</a> in &#147;Internet Data Query Files.&#148;</p>
<hr>
<h1><a href="#TOP"><img src="up.gif" alt="To Top" align=middle border=0 width=14 height=11></a><a name="Configuration">Configuration Note</a></h1>
<p>If you want to configure different virtual roots to point to the same remote Uniform Naming Convention (UNC) path with
different user IDs with varying privileges, the results returned by Microsoft Index Server are not predictable. </p>
<p>For example, consider the following configuration. It is highly recommended that you <em>avoid</em> setting up a configuration as
follows:</p>
<table border=1 cellpadding=5 cellspacing=0 width=100%>
<tr><th align=left valign=bottom width=33%><font size=2><strong>Virtual Root</strong></font></th><th align=left valign=bottom width=33%><font size=2><strong>Physical Path</strong></font></th><th align=left valign=bottom width=33%><font size=2><strong>User ID</strong></font></th></tr>
<tr><td valign=top width=33%><font size=2>/vroot1</font></td><td valign=top width=33%><font size=2>\\computer1\share1\dir1</font></td><td valign=top width=33%><font color="#000000"><font size=2>&lt;domain&gt; userid1</font></font></td></tr>
<tr><td valign=top width=33%><font size=2>/vroot2</font></td><td valign=top width=33%><font size=2>\\computer1\share1\dir1</font></td><td valign=top width=33%><font color="#000000"><font size=2>&lt;domain&gt; userid2</font></font></td></tr>
</table>
<!--Footerbegin--><hr>
<p align=center><a href="default.htm#Top"><img src="toc.gif" alt=" Contents" align=middle border=0 width=89 height=31></a> <a href="adminhlp.htm"><img src="previous.gif" alt="Previous" align=middle border=0 width=32 height=31></a> <a href="#TOP"><img src="up_end.gif" alt="To Top" align=middle border=0 width=32 height=31></a> <a href="cathlp.htm"><img src="next.gif" alt="Next" align=middle border=0 width=32 height=31></a></p>
<hr>
<p align=center><em>&#169; 1996 by Microsoft Corporation. All rights reserved.</em> <!--Footerend--></p>
</body>
</html>