File server is the central location in any network containing all kinds of information which is saved and shared by users within the organization. There is no restriction on the type of information used and shared. Since it is one of the most common reach out place for the users in the organization, file server has become one of the critical systems in the organization. Protecting file servers is very important, as it can be accessed by many users simultaneously and sometimes by organizations worldwide as well. Accessibility and performance of the file servers can affect the productivity of the users. Microsoft has introduced some new features to protect Windows file server from any kind of security breach.
Given below are the ten simple ways to prevent security breaches in Windows file server.
1. Implement Distributed File System (DFS)
DFS implementation helps to share the load and provide increased availability of the file server. DFS secures files and folders through NTFS and share permissions. It allows access only to those files or folders, for which a user has an appropriate NTFS or shared folder permissions.
2. Assign Permission to Group and Avoid Full Control Permission
Always assign permissions to group and avoid giving permissions to individual users. This allows the administrator to provide more control over the permission model. Provide least permission whenever and wherever possible and do not provide full control on NTFS permission, unless necessary.
3. Enable Firewall with Logging
Configure and enable Windows Firewall with logging using an advanced security node. Enabling firewall protects connection from unauthorised sources through different ports and logging details on dropped packets or successful connections and can also help monitor and troubleshoot in case of a security breach.
4. Dynamic Access Control
This is a new useful feature which allows the administrator to centrally apply access control and permissions based on the defined rules. You need to identify and tag the data considered sensitive and once this is done, you can allow or deny access to specific resources. Dynamic Access Control also provides control over the permission and security of the data on a more granular level.
5. Physical Security and Branch Cache
It is important that file servers are physically secure. It is recommended not to keep an individual file server in a small branch office which can be easily exposed to robbery. We can also make use of the Branch Cache feature to cache only specific data: the content is encrypted by default, and data is protected from any kind of threat.
6. Antivirus Protection
Since the file server can be accessed by many users, it is an easy target for malware attacks. This can impact the accessibility and performance of the file server and also affects other network client machines. Updating the server with the latest antivirus version can protect it from most kinds of malware threats.
7. Update with the Latest Rollups and Service Packs
Microsoft releases security rollups and service packs quite frequently. These patches are based on the latest vulnerabilities and threats, so it is recommended to review these rollups and service packs regularly to keep the environment secure.
8. Enable Bit Locker
Bit Locker is a native tool for data encryption and protection. Data is stored on the disk subsystem of the file server and the disk system can fail for various reasons. Replacing a failed disk allows user to continue accessing the file contents. But we don’t know if data can be recovered from a failed hard as well, and it can be very expensive for the organization. This kind of threats can be protected with Bit Locker: no data can be extracted from the disk or even from a failed disk, once it has been detached from the server.
9. No Internet Access
Protect file servers from Internet access and thus prevent potential damage to the server. It also stops file servers from installing any unauthorised third party application, which can impact performance and accessibility of the server.
10. Enable File Server Auditing Policy
Since file server contains a lot of sensitive information, you should audit WHO has accessed WHAT and WHEN. This will help administrators analyse the environment for any kind of vulnerabilities and threats.
The most important part of the file server protection is providing right permissions to the right people and help them access the right resources. Avoid sharing your file server with any other applications and make sure to disable unnecessary services and protocols to improve performance and availability of your server.
Hopefully, these steps will help you protect file servers from all kinds of vulnerabilities and threats.
Don’t hesitate to find out about the ways to avoid security breaches in Active Directory and Exchange 2010.
