[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How do I secure sensitive files on the file server / File Server best practice

Posted on 2009-05-08
2
Medium Priority
?
194 Views
Last Modified: 2012-05-06
Hi Experts,

I have recently built a file server on a Dell PowerEdge 2950. The OS is Windows 2003 R2. I have set up folders and mapped them on the individual PCs. In future we plan to install WSS 3.0 for collaboration, but not now. I have set the permissions on folders on the server using the standard file security in the OS. Now the Head of Departments are very sceptical - rightly so, of putting there files on the file server. An example is the HR Manager putting files such as Salary Scales, etc. Not all Administrators should be able to see these files or be able to take ownership of the folder and give themselves rights. What are the best practices for file-server access?
0
Comment
Question by:cimani1000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 24334549
If you can't be trusted, you should be fired.  The administrators have to have some level of access... but if the files are that sensitive, they can be encrypted using the Encrypting File System or they can put a password on the file.  In general, files are always accessible to the admins unless there is encryption of some kind.  It should be possible to determine IF someone (with admin rights) has taken ownership with auditing enabled - and you should assign SEPARATE admin accounts for each administrator, disabling the default administrator account - so each admin can potentially be tracked.  But let me ask you this - are their workstations physically secured so no one can access them?  They may perceive they are secure right now, but - and I say this without ever seeing your environment, but KNOWING how most environments are - I could probably walk in and access those files RIGHT NOW within 5 minutes - without even using a domain account.  And anyone with any signficant windows troubleshooting can do the same.  BUT, if the files are put on a server that is PHYSICALLY secured - in LOCKED room - then the odds of me accessing them within 5 minutes are GREATLY reduced.

Focusing on your admins and not fully addressing security from ALL aspects (password quality, PHYSICAL security, locking workstations when users aren't in front of them, etc) is like putting 12 locks on your front door and then opening the window next to it so anyone can crawl through.
0
 

Author Comment

by:cimani1000
ID: 24337679
Hey Lee, thanks for being candid. Well as the main administrator, I should be the only one to biew these files so no need to get fired :). it's the other admins I'm worried about. I agree security at all the 7 layers of the OSI model is paramount. I was looking more for layer 7 security as of now. I think we can have a cross between encryption and passwords on the files. I guess it's only the Head of Department, Myself and maybe the CEO who should have access to the encryption key/or password.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question