Feature

Stamp out NAS threats

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: New rules change data retention game."

Download it now to read this article plus other related content.

Access control
While network security restricts the ability to communicate with the NAS device, authentication and authorization protect files and shares from being accessed and manipulated by unauthorized users. This is no different from protecting regular file servers and, more than in any other area, security policies play an instrumental role in regulating user access and permissions.

Authentication is the process of determining who the user is by verifying user credentials against a central repository that maintains user names, passwords, security identifiers (SIDs) or user ids (UIDs), as well as group membership information. User credentials are akin to keys that open the door to your data, and protecting these keys and reducing the risk of someone guessing passwords is critical. It goes without saying that securing the central repository of user credentials, such as Active Directory, is of utmost importance. Keeping it properly patched, making sure it has up-to-date virus and malware protection, and limiting administrative access to it are all essential practices.

Security risks around authorization are likely to occur because of improper provisioning. Without strong policies and procedures, users may have inappropriate permissions or get access to files they shouldn't see.

A few simple guidelines can prevent your losing control of the data-access provisioning process. Any access grant or change should only be performed after proper approval.

    Requires Free Membership to View

Take advantage of security groups and roles; with the exception of user directories, data is typically accessed by more than one user. Don't grant access to specific files; instead assign permissions at a folder or share level. Default permissions should always default to deny rather than permit. "We default to having no access unless explicitly granted, and we try to not default anything to open but to closed," says Bob Lockhart, security portfolio manager, EDS.

You should also periodically conduct information-access audits that require data owners to verify that the current permission grants are correct. These simple steps will not only make access to data on your NAS more secure, they'll be tremendously helpful for regulatory compliance audits like Sarbanes-Oxley.

This was first published in September 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: