File Server Security Full eBook

8/8/2019 File Server Security Full eBook

1/19

The Essentials Series

Fundamentals ofEffective File ServerSecurity

by Greg Shields

sponsored by


2/19


3/19

ii

Copyright Statement

2009 Realtime Publishers. All rights reserved. This site contains materials that havebeen created, developed, or commissioned by, and published with the permission of,Realtime Publishers (the Materials) and this site and any such Materials are protectedby international copyright and trademark laws.

THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND,EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,TITLE AND NON-INFRINGEMENT. The Materials are subject to change without noticeand do not represent a commitment on the part of Realtime Publishers or its web sitesponsors. In no event shall Realtime Publishers or its web site sponsors be held liable fortechnical or editorial errors or omissions contained in the Materials, including withoutlimitation, for any direct, indirect, incidental, special, exemplary or consequentialdamages whatsoever resulting from the use of any information contained in the Materials.

The Materials (including but not limited to the text, images, audio, and/or video) may notbe copied, reproduced, republished, uploaded, posted, transmitted, or distributed in anyway, in whole or in part, except that one copy may be downloaded for your personal, non-commercial use on a single computer. In connection with such use, you may not modifyor obscure any copyright or other proprietary notice.

The Materials may contain trademarks, services marks and logos that are the property ofthird parties. You are not permitted to use these trademarks, services marks or logoswithout prior written consent of such third parties.

Realtime Publishers and the Realtime Publishers logo are registered in the US Patent &Trademark Office. All other product or service names are the property of their respectiveowners.

If you have any questions about these terms, or if you would like information aboutlicensing materials from Realtime Publishers, please contact us via e-mail [email protected] .
mailto:[email protected]:[email protected]


4/19

1

[Editor's Note: This eBook was downloaded f rom Realtime NexusThe Digital Library forIT Profes sionals. All leading technology eBook s and guides from Realtime Publishers can beound at f http://nexus.realtimepublishers.com .]

Article 1: Enforcing File and Folder Security Files and foldersfolders and filesdata everywhere! It seems like even the smallest of business networks somehow aggregate mounds of those individual buggers each and everyday. Collecting up on our file servers, it is the protection of that data that is arguably ourprimary job as IT administrators.

Yet as a fundamental part of our daily activities, managing file server security is one task we must accomplish using some of the leastcapable tools in our administrative quiver.

With little more than an Explorer shell and a few native commandline tools, were chargedwith maintaining the security and availability of our business most critical assets: Its data.

Effectively managing file server security is a threefold responsibility: We must first ensurethat rights and permissions are set correctly to give the correct people access and keep thewrong people out. Lacking specialized tools to assist, completing this task requires largeamounts of mousework as we click through to set each file and folders properties.

But setting security isnt efficient without a good visualization of the structures we have towork within. The second responsibility in effective file server security is in enumeratingfiles, folders, and their assigned permissions. Lacking tools here, were further forced intohighlymanual activities that dont scale with the growth of our data.

The third facet of this responsibility arrives as an unfortunate side effect of how dynamican IT environment really is. Once set, we must constantly and comprehensively audit that security to make sure it hasnt been changed. Ultimately, keeping the wrong people out is asmuch work as locking them out in the first place.

It is the goal of this Essentials Series to assist you with these three responsibilities. Youknow as well as the next IT professional that enforcing, enumerating, and auditing fileserver security can be a painful process without the right tools. This series will show youtools that are available right within the Windows operating system (OS). Along the way,you may discover that alternative solutions might come in handy for easing the strain of

his daily activity.t
http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/


5/19

2

Permissions in Two Flavors: Share and NTFSEffectively enforcing file server security means monitoring permissions at both the level of NTFS as well as with each individual shared folder. For data that is accessed via a sharedpath, both sets of permissions determine a users rights to work with files and folders in theshare.

There is often some confusion as to what privileges are conveyed through each of these twopermission structures. Part of this confusion is because both NTFS and shared foldersleverage similar permission sets such as Full Control and Read. By design, NTFSpermissions control the access to a particular file or folder. That access holds true nomatter how the user navigates to the file or folders location. Share permissions, however,apply only to objects that are accessed through a defined shared folder path.

Share Permissions Share permissions are often considered the gatekeepers of a shared resource. Correctlyimplemented, they limit the boundary of access that a user can have on any item within the

share. This extra security boundary enables a blanketed control over all file and folderaccess within the share, which is then tailored down further using the NTFS permissionsapplied to each individual file and folder. There are three levels of control exposed at theshare level:

The most basic access is Read . Read allows a user to be controlled by the Read &Execute, List Folder Contents, and Read NTFS permission groups.

The next level of control at the share level is Change , which exposes all theadditional NTFS permission groups except Full Control.

Full Control pThe final level, , allows access to the remaining NTFS permission grou

of the same name.It is important to remember share permissions do not grant any direct access to files orfolders. They only enable a configured user or group to traverse through the share. Theother half of permissioning is handled using NTFS permissions.

NTFS Permissions Once through a shared folder, NTFS permissions further define which users can accesswhich resources. These permissions control access to the file or folder itself as well as to itsspecific attributes. At their most basic level, NTFS permissions define whether a user orgroup can read, write, and ultimately delete a particular file or folder.

But these three rights are only the most basic of those that can be assigned. An additionalset of special permissionsover a dozen in all and different based on each objectstypecan be assigned as necessary. This granularity enables you to create complexpermissioning structures where users can traverse folder structures but not read theircontents or create files but not delete them. Exceptional care is necessary when workingwith these special permissions, as their incorrect assignment can create havoc for useraccess.


6/19

3

Complicating this situation even further, the permission structure for NTFS is cumulative. If a user is a member of several groups that have all been granted different permissions to afile or folder, the user will be granted the leastrestrictive effective permission. As such,keeping a user out of a folder means not assigning its privileges to the users user account as well as any of the groups to which the user is a member.

This cumulative behavior is also experienced with folder inheritance. With inheritance, afile or folder can receive its permissions from the folder above it in the tree. Thus, downlevel files and folders can have their permissions automatically assigned from anotherfolder that is one or many folders above in the file structure. Finding where thosepermissions are assigned can be a challenging activity using native tools alone. In complexenvironments with large folder structures, thirdparty solutions are often necessary to

.visualize and untangle what eventually becomes a spaghetti of inherited permissions

Finally, the NTFS permission structure includes a powerful (and often painful) Denypermission. Whereas access that is enabled through the standard Allow permissionsfollows the rules previously mentioned, any Deny permission automatically andimmediately overrides everything. This is useful for creating a blanket restriction forhighlysecure folders but must be used carefully. If youve ever accidentally set the Denypermission for the Everyone group on a file or folder, you know how challenging thispermission can be to wield effectively.

How to Set Permissions NTFS permissions are defined within Windows Explorer by navigating to the target file orfolder and viewing the Security tab of the objects properties (see Figure 1). The Securitytab shows a list of accounts and groups that have access to the file. When a user or group is

selected, the permission groups enabled for them are highlighted.


7/19

4

Figure 1: Viewing NTFS permissions.

Clicking Edit will allow you to modify the permission groups assigned or associate newgroups. Clicking Advanced followed by the resulting Edit button enables access to edit Advanced Security Settings (see Figure 2).

Figure 2: Editing advanced security settings.


8/19

5

This wizard allows you to associate users or groups with permissions on the targetedobject. It also allows you to control how inherited permissions affect the object and anysubobjects. Editing permissions from there ns.allows access to the special permissio

Yet these are all tools you already use today. You already use Windows Explorer toaccomplish at least the basics of permissioning through the GUI. What you need areautomation solutions that make this process easier. Lets start by looking at some commoncommandline solutions that are available right out of the box.

Automating Permissioning Windows Server 2008 ships with several commandline tools to help manage NTFS andshare permissions. These tools help alleviate some of the scalability and consistencylimitations experienced with Windows Explorer. Three in particular are useful right out of the box:

gh the neShare permissions can be managed throu t share command. NTFS permissions can be managed with icacls.exe , also known as Improved Change

ACLs.

Microsofts investment in Windows PowerShell further extends scripting support through cmdlets such as SetACL for working with NTFS permissions.

Net Share Creating shares from the command line via net share is a fairly straightforward process.To create the share, you must pass the share name and the path to the share:

Net share MyFolderShare=c:\Users\Administrator\Tools

Net share can also be used to grant permissions to users and groups when establishing theshare using the /grant switch:

Net share MyFolderShare=c:\Users\Administrator\Tools /Grant:[email protected],CHANGE /Grant:[email protected],FULL

As the previous example shows, the /Grant switch can be used more than once to addmultiple users or groups. Be aware that net share will not allow you to modifypermissions on an existing share.

Icacls.exe Icacls.exe is a commandline tool for managing both permissions and file integrity levels. It is natively available in Windows Server 2008, Windows Vista, and Windows 7, and arrivesas an evolution of the cacls.exe command first available in Windows NT 4.0. Icacls.exeoffers rich permissioning support for files and folders, enabling an administrator toautomate the application of both simple as well as special permissions.


9/19

6

Its challenge is in its syntax. Although it is powerful in what it can do, applying permissionsusing icacls.exe involves a complex aggregation of switches and inheritance operators. Forexample, lets assume you need to remove the existing inherited permissions from theC:\Shared folder. At the same time, you want to directly apply the Read permission to theDomain Users group and the Full Control permission for File Administrators. To

accomplish this, you would use the following icacls.exe syntax:

Icacls C:\Shared /inheritance:r /grant:r Domain Users:(OI)(CI)R /grant:r File Administrators:(OI)(CI)F

Once through its learning curve, icacls.exes true power arrives by stringing together longseries of these commands to automate permissioning at multiple levels. Once scripted, youcan rerun the script over and over again to reapply permissions to your file structure.

Note

A thorough explanation of scripting with ica cls.exe can be found at

http://technet.microsoft.com/enus/magazine/2009.07.geekofalltrades.aspx .

Power Shell The final and arguably most powerful native tool is PowerShell, Microsofts new commandline automation framework. PowerShell provides a cmdlet called SetACL that can be usedalone or incorporated within a larger script for managing NTFS permissions. SetACL isbest used when modifying an existing permission set, whether that permission set is fromthe object you want to modify or another object. The SetACL solution is also the most verbose of the commandline options:

$AclToModify = Get ACL Path c:\Users\Administrator\Tools $NewPermission = New Object System.Security.AccessControl.FileSystemAccessRule(MyLocalDomain\Steve,Modify,Allow) $ AclToModify.AddAccessRule($NewPermission) Set ACL Path c:\Users\Administrator\Tools ACLObject $AclToModify

Going Beyond Native Toolsets As you can see, the native toolsets available in Microsoft Windows create a framework forthe enforcement of permissions. Yet each of these tools arrives with their own challenges,requiring either heavy mousework or a deep knowledge of scripting to be truly useful.

As the primary job of every IT administrator, managing data on file servers requires a lot of time and effort. As such, other nonnative solutions may be necessary as the size of yourdata scales. These tools enable the graphical visualization of permissions structuresthrough builtin discovery, reporting, and analysis engines. With the right views in place,administrators can leverage builtin automation that defines and maintains widespreadpermissions based on best practices. If the management of your file servers is a strain,consider looking to external solutions for enforcing your file and folder security.
http://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspxhttp://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspx


10/19

7

Article 2: Enumerating File and Folder Security

Assigning permissions to files and folders is an important task. But you wont get farwithout first having a useful enumeration of your folder structures themselves. WindowsServer 2008 provides numerous tools to visualize the access permissions set on your filesand folders. Primary tools for this are the Windows Explorer GUI as well as commandlinetools such as showacls.exe, icacls.exe, or PowerShells GetACL. Unfortunately, these toolsare limited in flexibility for environment sizes that go much beyond the very small.Effectively using them requires you to aggregate results from other solutions or turn tothirdparty solutions for a comprehensive analysis of file and folder security. With this inmind, lets take a look through the tools that are natively available, with an eye towards thefeatures and capabilities that one might want in an external solution.

Viewing Permissions Viewing NTFS and Share permissions from Windows Explorer requires the individualexamination of each file or folder. Share permissions can be determined only by openingthe properties dialog box from of the root of the share (see Figure 1).

Figure 1: Viewing NTFS and Share permissions from Windows Explorer.

A similar process can be used to examine the NTFS permissions for a specific object viaWindows Explorer from the properties dialog box. Administrators can dig deeper into theapplication of these permissions by going to the Advanced view, as shown in Figure 2.


11/19

8

Figure 2: Digging deeper into permissions application. These wizard screens are excellent for the singleinstance application of permissions. Theiruse works well when you need to apply only a few permissions to a few folders. Yet they dont scale. The process to set each new permission can require a minimum of seven mouseclicks, with special permissions requiring an even greater number. More permissionsequals more mouse clicks, which reduces your effectiveness and increases the effort required to do your job.

To combat this, Microsoft provides commandline tools for working with NTFS and Sharepermissions that include options for reporting. These commandline reporting options

enable the creation of text output that can be redirected to a file for later viewing.Using the net share command with no options will provide a listing of all shared folders ona system, including the share name, path, and any assigned remarks. Specifying a sharename with net share will display share details, which adds information about the maximumlimit of users, caching settings, and assigned permissions. As an example, to report thisinformation about the MyFolderShare to a file called filepermissions.txt, use the followingsyntax:

subinacl.exe /share MyFolderShare /display /outputlog=c:\securitylog\filepermissions.txt

As subinacl.exe also can manage file system permission, shown below is a similar syntaxwhich reports on NTFS permissions for files:

subinacl.exe /subdirectories c:\Users\Administrator\Tools /display /outputlog=c:\securitylog\filepermissions.txt


12/19

9

This command structure enables icacls.exe to report on a files NTFS permissions. However,more useful is the ability to save that structure to a file for later reapplication. Consider thesituation where youve created a rich set of permissions for a large file structure. Using the/save switch, as shown below, icacls.exe will create a text file that contains the folder andpermissions structure in Microsofts Security Descriptor Definition Language (SDDL)

format:

icacls c:\Users\Administrator\Tools\* /save ACLFile /T

Replacing the /save switch with /restore in the previous code snippet will restore the text files saved permissions to your file structure. The net result is the ability to quickly restorean entire structures permissions as necessary to fix a mistaken permission or simplyensure that your permissions are set to your established standards.

Showacls.exe is another commandline tool, found in the Windows 2003 Resource Kit,which can be used for retrieving and viewing NTFS permissions. The differentiator withshowacls.exe is in its ability to report on the specific permissions assigned to a user orgroup, similar to the Effective Permissions option found within Windows Explorer:

showacls /s c:\Users\Administrator\Tools\* > ACLFile.txt

showacls /s /u:MyDomain\administrator c:\Users\Administrator\Tools\* > ACLFile.txt

When possible, showacls.exe will use the simple permissions Read, Change, or Full Control.If the permission structure is more complex, it provides an access mask, which attemptsto sum up the access rights. More information about configuring access masks can be foundin the tools help file.

Windows PowerShells GetACL cmdlet accomplishes many of the same textualvisualizations seen in the previously mentioned tools but with the added power of PowerShells rich scripting architecture. GetACL returns aSystem.Security.AccessControl.DirectorySecurity object for each file and directory it is runagainst, which can be later repurposed for other uses within a larger PowerShell script infrastructure. The Access property of this object contains the file or folder permissions:

Get ACL c:\Users\Administrator\Tools\*

As a full scripting language, PowerShell provides several display options over and abovehe alternatives, including exporting to XML, comma separated value (CSV) files, or HTML.t


13/19

10

Native File and Folder Enumeration Remains Painful Each of these examples provides you with yet another view of your files and folders. But asyou can obviously see, their results are almost entirely textbased. Although native toolsindeed enable you to enumerate and visualize your permissions structures, you can arguethat their textbased nature isnt much better than Windows Explorer alone.

Environments that need greater visibility into file server security must look to externalsolutions. These solutions enable the discovery of file and folder structures as well as theirassigned permissions. Their aggregation of permissions information across multiple fileservers into a central and consistent format enables the reporting on permissions across anentire infrastructure at once. Storing permissions centrally also enables administrators tosee how and where permissions structures have evolved over time, whether by server,user, group, or combination therein. Leveraging this file server metadata with a wellformed API for accomplishing needed tasks ensures that the job is done right. Lacking asubstantial scripting investment, this capability is simply not possible using native toolsetsand homegrown solutions.

The needs of security are but one facet of file server management. A thirdparty solutionbecomes more valuable when the reporting is needed to meet regulatory compliance.Regulations such as the SarbanesOxley Act (SOX), Health Insurance Portability andAccountability Act (HIPAA), GrammLeachBliley Act (GLBA), Federal Desktop CoreConfiguration (FDCC), and Payment Card Industry (PCI) require IT departments topositively show that proper access controls are in place on critical data. As youll find out inthe third article of this series, thirdparty solutions provide needed templates or reports

osed by those regulations.that are designed to meet the auditing requirements imp


14/19

11

Article 3: Auditing File and Folder Access

The third rail of effective file server security is all about assurance . Assuring that the right users have access to data preserves availability . Assuring that everyone else stays out preserves security . Assuring that permissions on files and folders are always correctly set preserves compliance .

Auditing access to Windows Server 2008 file servers is the primary mechanism throughwhich this assurance is achieved. Auditing enables administrators to verify that securitycontrols put in place are working properly, all the while logging access and modifications tocontrolled files. Auditing can be enabled via the Windows Explorer GUI, command prompt tools, and Group Policy. Like reporting on access controls, the auditing process is per serverand the logging of controlled events is done to the local event log.

A correctlydeveloped auditing system provides a number of benefits to the organization. It

assists in securing the enterprise by determining inappropriate access to files or folders. It provides for the maintenance of a modification history across data, applications, andoperating system (OS) configurations. And it creates the necessary documentation formeeting regulatory standards.

Auditing Considerations The first step in deciding to audit file server access is determining what type of events toaudit. For many IT organizations, the selection of auditing categories is often defined byinternal security organizations in cooperation with applicable rules of regulatorycompliance. Although each compliance regulation is uniquely different in its guidance, allgenerally require that user and administrator actions are tracked into an auditabledatabase. For some, that database can be your Windows servers Event Logs.

The first step in this process is to designate a purpose to each audit rule. Auditing ruleshave several typical purposes. They can assist in securing the enterprise by determininginappropriate access to files or folders. Auditing also allows the maintenance of amodification history outside of any applicationspecific modification tracking.

This linkage between auditing rules and business goals is critically important, as there canbe unintended effects when purposes are not designated to an audit rule. The first of theserelates to collected events that do not further the organizations goals. Collecting these

events consumes resources, leads to log maintenance issues, and makes event filteringdramatically more difficult. Therefore, discretion is required when developing an audit policy so that only the appropriate types of access tracking are monitored.

The second unintended effect stems from possible legal exposure. Your organizations legalcounsel should review your auditing strategy. Their legallyfocused review helps to ensurehat the auditing purpose covers potential exposure and that the policy is defensible.t


15/19

12

Note

In short, your audit policy should collect the minimum amount of auditinginformation that is necessary to accomplish your business goals.

Windows Server 2008 provides for auditing on folders as well as individual files. File and

folder auditing can monitor access to both simple as well as special permissions asdiscussed in the first article of this series. For each object, assigned auditing rules canmonitor for success and/or failure in exercising the users permissions.

As with permissions, it is important to remember that auditing configurations are alsoinheritable. Thus, if extensive auditing is set up and allowed to pass down the settings to alarge number of files, a great number of audit entries could be generated.

Configuring Auditing Auditing must first be globally enabled before setting auditing rules on individual files and

folders. Doing this across multiple machines in an environment is most commonlyaccomplished via Group Policy. Navigate to Computer Configuration | Policies | WindowsSettings | Security Settings | Local Policies | Audit Policy, as shown in Figure 1. Here, edit the Audit Object Access policy to allow the tracking of Success and/or Failure events.

Figure 1: Enabling auditing via Group Policy.

Once the global audit policy is enabled, configuring auditing on individual files and folderscan be performed using Group Policy, Windows Explorer, or commandline tools. As withthe global policy, leveraging Group Policy for individual file and folder configuration

ensures a comprehensive approach. Rightclick Computer Configuration | Policies |Windows Settings | Security Settings | File System, and select Add File to add a file or folderto the policy (see Figure 2).


16/19

13

Figure 2: Configuring auditing of NTFS access.

After entering the file path, click Edit Security to bring forward the same Security wizardyoure used to seeing when managing permissions directly in the file system. Click Advanced, and select the Auditing tab of the Advanced Security Settings window toconfigure audit settings using the GUI.

Command Line Auditing Audit configuration from the command line is possible using the same WindowsPowerShell GetACL cmdlet discussed earlier in this series. GetACL is used to retrieve theexisting audit policy using PowerShell by supplying the audit commandline switch:

Get ACL c:\Users\Administrator\Tools\ audit | Select Object ExpandProperty Audit

To use PowerShell to create an audit rule, the SetACL cmdlet is required:

$AclToModify = Get ACL Path c:\Users\Administrator\Tools Audit

$NewAudit = New Object System.Security.AccessControl.FileSystemAuditRule(MyLocalDomain\gshields,ReadData,Success)

$ AclToModify.AddAuditRule($NewAudit)

Set ACL Path c:\Users\Administrator\Tools ACLObject $AclToModify

PowerShell provides a rich mechanism for scripting the creation of audit rules; however,effectively using it requires familiarity with the .NET Framework classes that manageaccess to the file system rules.


17/19

14

Mining the Security Event Log After auditing has been configured, success or failure events will be stored in the Securityevent log. Event log entries are stored per server, so be conscious of each serversmaximum log size and how the event log is configured to react when the log size is reached.Depending on the size of the log file and the number of events, there is a danger of losingaudit entries due to log size maximums being reached.

Note

Windows Server 2008 includes a feature called Event Log Forwarding, whichallows file servers to centralize event log data onto a single server. Thisserver can be configured to pull the event logs from the other servers orthose servers can pass selected events to the central server. Moreinformation on Event Log Forwarding can be found at http://technet.microsoft.com/enus/library/cc748890.aspx .

Gathering log information is only the first step. Effectively mining event log data formeaningful events requires extra effort. With the release of Windows Server 2008, Event Viewer provides several filtering options that limit the data being presented In Figure 3,you can see how a few specific settings can greatly enhance the quality of informationviewed from the Security log:

Logged. For ime .a generalpurpose file system auditing log, this can be set at Any t Event Level. All security audit entries will be Informational, so this filter is of

relatively little use.

Event Logs. All the entries dealing with auditing are contained in the Security event log.

Event Sources. should be selected here.Microsoft Windows security auditing Task Category. Here, select the File System option. Keywords. The Keywords option is of little use, as all security audit entries contain

the keywords Audit Success or Audit Failure.


18/19

15

Figure 3: Event Viewers filtering options.

Once filtered, reporting from the Event Viewer is quite limited. A selection of events can besaved to XML, text, or commaseparated value files, but there is no facility for richreporting. Additionally, reporting efforts can be hampered by the limitations of event logstorage. In the most gracious scenario where all old event logs cannot be maintained in the

current view, the events are archived and those archives would need to be searchedindividually in order to obtain information from them.

Centralized Auditing and Reporting via Third Party Tools Auditing is all about assurance, but assuring effective auditing with native tools alone is achallenge. As you can see, configuring auditing via Windows Explorer or WindowsPowerShell requires a number of steps and careful coordination to be effective. Each andevery file share must be managed as an individual item, which increases the chance forerrors or omissions in auditing. Although Group Policy assists this process, the naturaldynamics of an IT environment mean that Group Policies must be regularly verified to

ensure their policies remain correct over time.


19/19

16

IT environments with large numbers of file shares, large amounts of file storage, or highsecurity requirements may find that native solutions are insufficient for their needs. Tomeet regulatory compliance and provide timely security information, you may find theneed to turn to thirdparty toolsets. Their extended capabilities enable the centralconfiguration of an audit plan, central storage of audit data, customizable reporting,

alerting in the case of unauthorized access, and enhanced search features that are oftenecessary as environments scale.n

Download Additional eBooks from Realtime Nexus! Realtime NexusThe Digital Library provides worldclass expert resources that ITprofessionals depend on to learn about the newest technologies. If you found this eBook tobe informative, we encourage you to download more of our industryleading technologyeBooks and video guides at Realtime Nexus. Please visit

ttp://nexus.realtimepublishers.comh .
http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/http://nexus.realtimepublishers.com/

Documents

File Server Security Full eBook