Windows File Server Security Audit – Top 6 Challenges when reporting access control on Shares, Folders and Files

Abstract

When you audit your servers and workstations across your network to find out who has access to what and what actions they can perform on these folders and files, the most important challenge that you face is the sheer volume of data in the form of ACLs or Access Control Lists. Permissions are granted to Accounts, such as users and groups, whose Access Control Entries (ACE) run in to several hundreds of thousands of entries across folders and files. The volume of entries will discourage any manual analysis of NTFS permissions on folders and files.

Challenge #1: Who has access to what in your Files, Folders and Shares?

While this may seem like a simple question for the management, this is a tough one to handle for administrators or managers. This requires you to first identify all your important folders and files and then estimate the number of ACE entries that are likely to be there. You then need to figure out who should and should not have permissions to these. The most important security question to answer is – who is having unauthorized access where? This is like finding a needle in a hay stack. Most of the entries are too monotonous and strenuous to manually look at with the same granular permission entries showing up everywhere in your report.

Challenge #2: What type of access has been granted?

All unauthorized accesses need to be analyzed along with the type of unauthorized access – can the unauthorized user or group Read or Modify or Delete confidential Files and Folders? To find exceptions you need a solution that will allow you to setup roles and templates for effectively reviewing permissions.

Challenge #3: What happened to accesses that were granted to people who are currently not in the organization?

This is often referred to as permissions clutter or permissions bloat. The permissions given to users and groups accumulate over a period of time if the administrators do not perform regular cleanups of ACLs. This is easier said than done because of the missing links and updates from HR systems to Systems management tools. Do deleted or unknown users have access to files and folders? Unless there is an automated solution, cleanups never happen and as a result ACLs accumulate over a period of time, compromising security.

Challenge #4: Who have been given special/explicit permissions on folders?

There are always exceptions in any organization where confidential folders and files get special treatment in the form of blocked inheritance and explicit permissions are granted for privileged access. This is one area that needs careful monitoring and needs to be documented properly. In which folders and files the normal rules such as “inheritance of permissions by folders from parent” apply and where have they been blocked or subverted?

Challenge #5: Indirect access to folders and files – unauthorized access to confidential files and folders indirectly because of users and groups getting privileged group access due to some form of nested group membership.

This is very dangerous and likely to happen when there are too many privileged accesses to shared folders. This needs to be resolved by analyzing indirect permissions on shares, folders and files.

Challenge #6: Security threat or administrative headache posed by unwanted and unauthorized setting up of shares on workstations that users hardly pay any attention too. This is an administrative nightmare when people temporarily start sharing folders and files for specific projects or group work assignments and then leave them around forever. How are people sharing folders from their workstations? Do these Shares in workstations need further security scrutiny?

Vyapin’s NTFS Security auditing solution addresses all the above challenges by providing a single comprehensive solution for NTFS permissions reporting across your enterprise.

About Vyapin

Vyapin develops Management, Migration, Reporting, Auditing, Configuration, Administration & Reporting solutions for Microsoft products. Our solutions help reduce man-hours spent on time-consuming and resource-heavy activities that burden IT administrators and managers.

Our products are designed and built to:

• deliver substantial savings in the time and cost incurred on various projects
• improve IT infrastructure and systems utilization in companies big or small;
• provide better value for money and a substantial return on investment.

Copyright © Vyapin Software Systems (P) Ltd. All rights reserved.

The information in this document is provided in connection with Vyapin’s products. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Vyapin Software Systems (P) Limited.

Disclaimer

Vyapin makes no representations or warranties with respect to the accuracy or completeness of the entire content of this document. Vyapin reserves the right to make changes to the specifications and product descriptions at any time without notice. Vyapin does not make any commitment to update the information contained in this document.

Vyapin assumes no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the implied warranty of merchantability, fitness for a particular purpose, or non-infringement. Under no circumstances shall Vyapin be liable for any direct, indirect, consequential, punitive, special or incidental damages (including, without limitation, damages for loss of profits, business interruption or loss of information) arising out of the use or inability to use this document, even if Vyapin has been advised of the possibility of such damages.

Published in February 2015

Please click the following link to know more about Vyapin’s NTFS Security auditing:-
https://www.vyapin.com/products/ntfs-security-auditor/ntfs-permissions-reporting