File servers fulfill a very important function within organizations. Aside from today's dependence on e-mail services, the file server is the repository of our most critical asset: data. The storage of information can be performed on many different classes of machines and certainly can be handled on many platforms within the organization. However, if we are to utilize the full capability ofWindows Server 2003 for protecting our data and make it universally available to appropriate users, we must act to secure the file server to provide that service. To provide that security, we begin with the basic settings detailed earlier in this section and follow up with more security-related checks and configuration changes to better provide for the security of this role. A number of additional tasks can and should be performed on these servers. Consider the following tasks as being necessary to provide a more complete security solution:
■ Create an access policy that provides for the principle of least privilege. Grant access based on individual user need rather than general, vague groupings that have been used in the past. Use NTFS permissions to lock down the access allowed on files and folders.
■ Utilize Encrypting File System to further protect critical information. Encrypt folders prior to moving documents, rather than encrypting a folder that contains documents. This provides an added benefit of encrypting temporary files that are created during work in an application along with the originals.
■ Create a reasonable audit policy for monitoring access to file and folder objects on the server. Make sure that the created log files are adequately reviewed for access violations that might have occurred.
■ Analyze the types of data being stored on the server to determine if it is appropriate to further protect the data and the transmission of data on the network to or from the file server with the creation of IPSec policies or other encryption methods to protect the data on the wire. For instance, if confidential proprietary information, financial records, employee records, or other sensitive information are stored on this equipment, your analysis and consultation with management team members could dictate a particular course of protection be designed.
■ Assure that virus protection programs are adequate and updated regularly to provide protection from attack or compromise of the system.
Was this article helpful?