Announcement

Collapse
No announcement yet.

How to Secure File Server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to Secure File Server

    We have a small LAN with 10 workstations(XP). We also have one server (windows 2003),
    which act as DC,DNS,File server, NAT (internet connection sharing)
    Our users Save their files on server and browse internet websites.

    In Each Computer we have enabled Windows default Firewall and Uptodate Anti Virus
    and Fully patched with Microsft Patches.

    Now my Main Issue is our Files security. I don't like any Outside introder
    access our files.

    what should I do for this purpose?
    what are ourhardware requirements?
    I hope you could provide me with detailed Comments.

    thanks

  • #2
    Re: How to Secure File Server

    Originally posted by Simson View Post
    We have a small LAN with 10 workstations(XP). We also have one server (windows 2003),
    which act as DC,DNS,File server, NAT (internet connection sharing)
    Our users Save their files on server and browse internet websites.

    In Each Computer we have enabled Windows default Firewall and Uptodate Anti Virus
    and Fully patched with Microsft Patches.

    Now my Main Issue is our Files security. I don't like any Outside introder
    access our files.

    what should I do for this purpose?
    what are ourhardware requirements?
    I hope you could provide me with detailed Comments.

    thanks

    u have to create users on server 2003, and go to folder which u want to secure.
    right click on folder- select shareing and security- select permission
    select users whom want to use particular folder.

    Comment


    • #3
      Re: How to Secure File Server

      Is you internet connection protected by a firewall?

      If not then I would unplug the WAN connection from the back of the server as it's extremely dangerous to have an internet connection connected straight to your DC etc.

      We need more info on your set up before we can advise.

      Thanks

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: How to Secure File Server

        Simson,
        From my point of view even if you have a good firewall and good configuration it is not a good idea to have a file server directly connected to the Internet.

        You can do one of the following:
        1. Purchase a low cost (starting with 100$) wireless router with built in firewall and use it for Internet connection and keep the server for and file sharing.
        2. Configure one of your Windows XP as a file server. Up to 10 concurrent connections are accepted. Keep the server for the Internet sharing, DHCP and DNS role.
        3. Make sure that you disabled the File and Print sharing for Microsoft Networks on the external network card of your server.
        Attached Files
        Regards,
        Csaba Papp
        MCSA+messaging, MCSE, CCNA
        ...............................
        Remember to give credit where credit is due and leave reputation points where appropriate
        .................................

        Comment


        • #5
          Re: How to Secure File Server

          Is you internet connection protected by a firewall?
          we are connecting to internet throught DSL modem which has 2 modes, Reuter and Bridge.
          Currenlty we are using bridge mode. So that we want to Control over Internet traffic.

          even if you have a good firewall and good configuration it is not a good idea to have a file server directly connected to the Internet.
          ntext,
          I have a question about your statement. Since the server do NAT for internet access, I want to know which one of below does the introuder ables to see from outside of my netword.
          1) My server 2)my workstations 3)Both my server and all workstations.

          Comment


          • #6
            Re: How to Secure File Server

            Errrr in bridging mode, no firewall is enabled.
            Which firewall are you using instead?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: How to Secure File Server

              Originally posted by Simson View Post

              In Each Computer we have enabled Windows default Firewall and Uptodate Anti Virus and Fully patched with Microsft Patches.
              thanks
              Only Windows 2003 Default Firewall

              Comment


              • #8
                Re: How to Secure File Server

                Never rely on a software firewall as the only means of protecting your network. Windows firewall will do nothing to protect your switches, routers, waps, etc.

                Comment


                • #9
                  Re: How to Secure File Server

                  The software firewall is in my opinion a myth because ISA, Check Point en even a ASA will only work with the proper software installed, however a Windows Firewall is not good enough to protect a network. Outbound traffic is not limited to any ports, inbound traffic doesn't work as it should etc.

                  I would recommend to unplug the internet connection as soon as possible and redesign the network asap with a proper firewall.
                  If you have any questions, please ask.
                  If you have questions about a desent firewall let me know what the budget is.
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: How to Secure File Server

                    My Server donot require to serve any request from External Networks.
                    I Think about Buy A new server and makes it as ISA Server, while All request for internet access go throw ISA server.
                    How do you think of it?

                    regards,

                    Comment


                    • #11
                      Re: How to Secure File Server

                      I think you have to sit down and design your network infrastructure from the ground up.

                      You must not allow any servers to connect to the internet directly. Unless they sepcifically need to then you would put them in a dmz.

                      My 2 cents on the matter.

                      Buy a modem/router. Don't have any security on these unless you really need to have to. (Again this is my opinion.)

                      Buy a dedicated firewall from someone like Cisco, Sonicwall, etc, etc, etc. Sit this behind your router.

                      Have all of your clients, switches, servers, in fact everything behind your firewall.

                      If you have any issues with the initial design hire a design architect and let them do all the design for you.

                      Comment


                      • #12
                        Re: How to Secure File Server

                        Originally posted by wullieb1 View Post

                        Don't have any security on these unless you really need to have to. (Again this is my opinion.)
                        .
                        What do you mean?

                        Could You please Lok at
                        http://www.petri.com/adsl_home_network_config.htm

                        An tell me which methid is suitable for me?

                        regards,
                        Last edited by Simson; 18th October 2007, 21:58.

                        Comment


                        • #13
                          Re: How to Secure File Server

                          errrrr is this a home or a business enviroment?
                          If bussiness i would go for something like this:

                          Internet -- route -- firewall -- switch --- clients/servers
                          A free and a nice firewall is smoothwall.
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: How to Secure File Server

                            Now the plot thickens

                            Comment


                            • #15
                              Re: How to Secure File Server

                              This Is Schema of my configuration.
                              Hope It helps you to reply me with your valuable coments.
                              Q: Is It important that I have not Configured the 2nd NIC on my ISA server with Custom Configuration.

                              Internet
                              |
                              Splitter
                              |
                              10.10.1.5 (Private IP from ISP)
                              |
                              modem (Bridge Mode)
                              |
                              192.168.2.10
                              |
                              Obtain IP address Automatically
                              |
                              ISA Server
                              |
                              192.168.0.5
                              |
                              |
                              |
                              |
                              |
                              --------Switch--------------------------- File Server
                              / 192.168.0.1
                              /
                              /
                              |
                              |
                              |
                              |
                              PC1
                              192.168.0.70
                              Last edited by Simson; 19th October 2007, 09:16.

                              Comment

                              Working...
                              X