Solved

shares and risks

Posted on 2013-11-11
9
193 Views
Last Modified: 2013-11-19
If you have a share on say a SQL server that is exposed to the everyone or domain users group, but doesnt contain any sensitive/important data - is there any risk? Our admin says not - I wasnt sure aside from the confidentiality angle, if theres any other risks with sharing a directory to the whole network - or what mischevious acts someone could get up to if they spotted it? data security is the biggest concern usually in this type of finding, but as theres no sensitive data on there - I cant see any real issue?
0
Comment
Question by:pma111
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39638515
Its quite normal to SHARE to all users and restrict access via NTFS permissions only - if this is being done then their are no real issues.

If all users have full SHARE and NFTS then there is nothing to stop someone deleting/or changing data.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 250 total points
ID: 39638536
Well it depends on what the everyone group and domain users are allowed to do in that folder (file security permissions).
Full:
Read/ Write:
Modify:
Read Only:

Yes, you would normally want to keep away from such folders because user aren't always aware that everyone in the company can access the share. Example lets say the HR lady saves an excel sheet with the whole companies salaries in to that share. doesn't matter who you are as long as you have the "Read" right you would be able to open that document.

It comes down to user awareness.

Doesn't matter what share you have I doubt that they would be able to access any SQL data, If that was your real concern. Unless the admin is sharing the DB folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638545
both share and NTFS access to everyone. Only read and execute permissions.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638567
Like I said everyone will be able to Open and Read any document that gets saved.

If user are aware of this and it is what they want it shouldn't be a problem.

I would recommend creating folders for the users that are requesting this and set permission according to that.

Then HR has Full access to their folder and not to the finance department folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638892
But apart from access to files they should have access to (which as per the question isnt a concern as its meaningless irrelevant data) - there are no other risks to the server in the case of an everyone share.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39638942
No - giving everyone full control on the folders and files lets them do everything with those files and folders - including create and delete - but that does not give them any other permissions - so they can't create and delete users for example.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638986
Sql servers normally dont have a lot of storage so if its large files and files that get access it a lot it could cause performance issues or it will fill up the drives with data
0
 
LVL 3

Author Comment

by:pma111
ID: 39639063
do shares not typically have restrictions? i.e. can you have 5 shares for one drive, and put a quote on how much until that share is "full", or could you potentially use 99% of the drives storage just by  filling one share - as non of them are subject to quotas, i.e. all come out of the same storage chunk.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39639280
It depends how the quotas are setup but yes you can have storage quitas setup for the shares
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question