asked on

file server review scope

I was hoping to scope out some useful tests to include as part of an audit / health check of some traditional file servers, which act as team repositories for shared documents/files, and another acts as a home drive server where each employee has a home drive area locked down just to them. I was thinking of basics such as:

access control lists (ACL) - ensure permissions on directories are appropriately restricted and restrict access based upon need to known principles
teams consuming masses of space (poor internal practices)
documents with no recent last access attribute - compare to data retention requirements etc
non-administrators who have full control over shares/directories (should not be the case)
general OS security (e.g patches, local administrators, backups)
general monitoring (e.g. capacity/free space)

can you think of any more areas that would be of benefit in such a review?

ASKER CERTIFIED SOLUTION

Shaun Vermaak

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Raja Jegan R

I've seen one of my client using the below tool to audit their File Server..
Try using the trial version to see the key parameters that it is measuring and ensure that you have all those metrics or checklist available in place or not..
If you like the tool, then you can buy it or else just go through their website to see the list of metrics they capture for Cybersecurity..
https://www.lepide.com/lepideauditor/file-share-auditing.html

Pau Lo

ASKER

I wasn't necessarily talking about auditing in the sense of what has changed to files etc.