Preventions
- Home
- - Preventions
- -PV008
- ID: PV008
- Created: 25th May 2024
- Updated: 27th July 2024
- Contributor: The ITM Team
Enforce File Permissions
File servers and collaboration platforms such as SharePoint, Confluence, and OneDrive should have configured permissions to restrict unauthorized access to directories or specific files.
Sections
ID | Name | Description |
---|---|---|
AF003 | Timestomping | A subject modifies the modified, accessed, created (MAC) file time attributes to hide new files or obscure changes made to existing files to hinder an investigation by removing a file or files from a timeframe scope.
nTimestomp is part of the nTimetools repository, and it provides tools for working with timestamps on files on the Windows operating system. This tool allows for a user to provide arguments for each timestamp, as well as the option to set all timestamps to the same value.
Linux has the built-in command
The argument |
PR004.001 | Network File Exploration | A subject may search for, or otherwise explore files on a Network Attached Storage (NAS) device to identify sensitive information. |
PR004.002 | Collaboration Platform Exploration | A subject may search for or otherwise explore files on a Collaboration Platform (such as SharePoint, OneDrive, Confluence, etc) to identify sensitive or valuable information. |
References
- https://sharegate.com/blog/sharepoint-permissions-best-practices-2-ways-to-manage
- https://support.microsoft.com/en-gb/office/overview-site-governance-permission-and-sharing-for-site-owners-95e83c3d-e1b0-4aae-9d08-e94dcaa4942e
- https://confluence.atlassian.com/doc/permissions-and-restrictions-139557.html