Solved

shares and risks

Posted on 2013-11-11
9
191 Views
Last Modified: 2013-11-19
If you have a share on say a SQL server that is exposed to the everyone or domain users group, but doesnt contain any sensitive/important data - is there any risk? Our admin says not - I wasnt sure aside from the confidentiality angle, if theres any other risks with sharing a directory to the whole network - or what mischevious acts someone could get up to if they spotted it? data security is the biggest concern usually in this type of finding, but as theres no sensitive data on there - I cant see any real issue?
0
Comment
Question by:pma111
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39638515
Its quite normal to SHARE to all users and restrict access via NTFS permissions only - if this is being done then their are no real issues.

If all users have full SHARE and NFTS then there is nothing to stop someone deleting/or changing data.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 250 total points
ID: 39638536
Well it depends on what the everyone group and domain users are allowed to do in that folder (file security permissions).
Full:
Read/ Write:
Modify:
Read Only:

Yes, you would normally want to keep away from such folders because user aren't always aware that everyone in the company can access the share. Example lets say the HR lady saves an excel sheet with the whole companies salaries in to that share. doesn't matter who you are as long as you have the "Read" right you would be able to open that document.

It comes down to user awareness.

Doesn't matter what share you have I doubt that they would be able to access any SQL data, If that was your real concern. Unless the admin is sharing the DB folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638545
both share and NTFS access to everyone. Only read and execute permissions.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638567
Like I said everyone will be able to Open and Read any document that gets saved.

If user are aware of this and it is what they want it shouldn't be a problem.

I would recommend creating folders for the users that are requesting this and set permission according to that.

Then HR has Full access to their folder and not to the finance department folder.
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 3

Author Comment

by:pma111
ID: 39638892
But apart from access to files they should have access to (which as per the question isnt a concern as its meaningless irrelevant data) - there are no other risks to the server in the case of an everyone share.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39638942
No - giving everyone full control on the folders and files lets them do everything with those files and folders - including create and delete - but that does not give them any other permissions - so they can't create and delete users for example.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638986
Sql servers normally dont have a lot of storage so if its large files and files that get access it a lot it could cause performance issues or it will fill up the drives with data
0
 
LVL 3

Author Comment

by:pma111
ID: 39639063
do shares not typically have restrictions? i.e. can you have 5 shares for one drive, and put a quote on how much until that share is "full", or could you potentially use 99% of the drives storage just by  filling one share - as non of them are subject to quotas, i.e. all come out of the same storage chunk.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39639280
It depends how the quotas are setup but yes you can have storage quitas setup for the shares
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now