Security Basics mailing list archives
Re: Protecting sensitive files on a Windows file server
From: "paul.johnson8 () gmail com" <paul.johnson8 () gmail com>
Date: Thu, 22 Jun 2006 14:02:44 +1000
I agree with you here regarding layers of security. At the moment the shared folders are secured using security groups in our Active Directory. This is standard security for all shared folders in the organization. Since this information will contain salary and bank info, it needs to be secured even more which is why we are looking into another layer of security. Encrypting the files looks like the way to go, since this should protect the information if the employee for some reason takes the files out of the active directory environment (ie. copies to a usb drive, cdrom etc..). The question here is what extra layer of security should we use to protect the files (containing salary/bank/private info). Our users are spread out in different countries but will all be accessing the shared folder on 1 specific server. The users are not considered technical, they are bean counters (finance dept) after all.... On 21/06/06, Gaddis, Jeremy L. <jeremy () linuxwiz net> wrote:
paul.johnson8 () gmail com wrote: > We are looking for a secure way to store very sensitive files on our > Windows servers. The data is shared. We will turn on full auditing, > create hidden shares and a security group. Don't stick with "just one" method. Just like you have layers of firewalls, IDS, etc., do the same thing here, depending on *how* sensitive these files are. Assuming a standard Windows domain-based environment, obviously I'd suggest the use of EFS (properly secured, of course). This can be a pain in the ass for sharing of files, however, depending on how "technical" your users are or whether you can teach them they have to explicitly allow users access on an individual basis. If EFS isn't sufficient to your needs, put another layer on top of it. TrueCrypt, PGP, etc. come to mind here. > Our concern with the Windows/Office encryption types is that it could > be cracked - ie. someone could get hold of the file and run some kind > of password recovery on the file and access the data. Indeed it can. I didn't realize just how easy it was until a few weeks ago. It took all of five minutes to download an applet, enter credit card details, and download the "plain text" file. This was a document created with Microsoft Office Word 2003, by the way, and "secured" by standard password protection. -j -- Jeremy L. Gaddis, GCWN, MCP http://www.linuxwiz.net/
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 20)
- Message not available
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- Message not available
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 22)
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 22)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 23)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 22)
- <Possible follow-ups>
- Re: Protecting sensitive files on a Windows file server simonis (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- Re: Protecting sensitive files on a Windows file server RandyW (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server David Gillett (Jun 23)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)