[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 195
  • Last Modified:

How do I secure sensitive files on the file server / File Server best practice

Hi Experts,

I have recently built a file server on a Dell PowerEdge 2950. The OS is Windows 2003 R2. I have set up folders and mapped them on the individual PCs. In future we plan to install WSS 3.0 for collaboration, but not now. I have set the permissions on folders on the server using the standard file security in the OS. Now the Head of Departments are very sceptical - rightly so, of putting there files on the file server. An example is the HR Manager putting files such as Salary Scales, etc. Not all Administrators should be able to see these files or be able to take ownership of the folder and give themselves rights. What are the best practices for file-server access?
0
cimani1000
Asked:
cimani1000
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you can't be trusted, you should be fired.  The administrators have to have some level of access... but if the files are that sensitive, they can be encrypted using the Encrypting File System or they can put a password on the file.  In general, files are always accessible to the admins unless there is encryption of some kind.  It should be possible to determine IF someone (with admin rights) has taken ownership with auditing enabled - and you should assign SEPARATE admin accounts for each administrator, disabling the default administrator account - so each admin can potentially be tracked.  But let me ask you this - are their workstations physically secured so no one can access them?  They may perceive they are secure right now, but - and I say this without ever seeing your environment, but KNOWING how most environments are - I could probably walk in and access those files RIGHT NOW within 5 minutes - without even using a domain account.  And anyone with any signficant windows troubleshooting can do the same.  BUT, if the files are put on a server that is PHYSICALLY secured - in LOCKED room - then the odds of me accessing them within 5 minutes are GREATLY reduced.

Focusing on your admins and not fully addressing security from ALL aspects (password quality, PHYSICAL security, locking workstations when users aren't in front of them, etc) is like putting 12 locks on your front door and then opening the window next to it so anyone can crawl through.
0
 
cimani1000Author Commented:
Hey Lee, thanks for being candid. Well as the main administrator, I should be the only one to biew these files so no need to get fired :). it's the other admins I'm worried about. I agree security at all the 7 layers of the OSI model is paramount. I was looking more for layer 7 security as of now. I think we can have a cross between encryption and passwords on the files. I guess it's only the Head of Department, Myself and maybe the CEO who should have access to the encryption key/or password.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now