Solved

shares and risks

Posted on 2013-11-11
9
198 Views
Last Modified: 2013-11-19
If you have a share on say a SQL server that is exposed to the everyone or domain users group, but doesnt contain any sensitive/important data - is there any risk? Our admin says not - I wasnt sure aside from the confidentiality angle, if theres any other risks with sharing a directory to the whole network - or what mischevious acts someone could get up to if they spotted it? data security is the biggest concern usually in this type of finding, but as theres no sensitive data on there - I cant see any real issue?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39638515
Its quite normal to SHARE to all users and restrict access via NTFS permissions only - if this is being done then their are no real issues.

If all users have full SHARE and NFTS then there is nothing to stop someone deleting/or changing data.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 250 total points
ID: 39638536
Well it depends on what the everyone group and domain users are allowed to do in that folder (file security permissions).
Full:
Read/ Write:
Modify:
Read Only:

Yes, you would normally want to keep away from such folders because user aren't always aware that everyone in the company can access the share. Example lets say the HR lady saves an excel sheet with the whole companies salaries in to that share. doesn't matter who you are as long as you have the "Read" right you would be able to open that document.

It comes down to user awareness.

Doesn't matter what share you have I doubt that they would be able to access any SQL data, If that was your real concern. Unless the admin is sharing the DB folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638545
both share and NTFS access to everyone. Only read and execute permissions.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638567
Like I said everyone will be able to Open and Read any document that gets saved.

If user are aware of this and it is what they want it shouldn't be a problem.

I would recommend creating folders for the users that are requesting this and set permission according to that.

Then HR has Full access to their folder and not to the finance department folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638892
But apart from access to files they should have access to (which as per the question isnt a concern as its meaningless irrelevant data) - there are no other risks to the server in the case of an everyone share.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39638942
No - giving everyone full control on the folders and files lets them do everything with those files and folders - including create and delete - but that does not give them any other permissions - so they can't create and delete users for example.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638986
Sql servers normally dont have a lot of storage so if its large files and files that get access it a lot it could cause performance issues or it will fill up the drives with data
0
 
LVL 3

Author Comment

by:pma111
ID: 39639063
do shares not typically have restrictions? i.e. can you have 5 shares for one drive, and put a quote on how much until that share is "full", or could you potentially use 99% of the drives storage just by  filling one share - as non of them are subject to quotas, i.e. all come out of the same storage chunk.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39639280
It depends how the quotas are setup but yes you can have storage quitas setup for the shares
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question