Mikael Grondahl

File Server Security (Part 1) – Securing your Windows File Servers

Do you remember the days when you stored everything on a file server? I’m not talking about a fancy cluster, blade server, or a virtual machine, just that one boxy piece of metal collecting dust in the corner of the cold and noisy server room?  

Well, that server might still be around you know! You may not recognize it since it’s been through a few facelifts, tune-up’s, personality changes and lost a few pounds, but it’s still there though, probably with the same name and ip-address too…

Problem is that through all these external and internal changes, one important thing was forgotten – Self-defense skills! Chuck Norris was too busy.

But it should be OK right? Nothing has happened in the last 15 years, we’ll deal with it when we’re less busy…

A lot of companies are transitioning from file server-based storage to SAN’s, cloud-based storage, or hybrid solutions, depending on what best fit the business needs.

But reality is that many businesses still use dedicated file servers to store and share data.

Some of these file servers have been in use for a long period of time, although the hardware and software has been migrated, upgraded and updated several times to accommodate new technologies.

The problem with older file servers, that continuously have been upgraded, is that they were (obviously) not secured by today’s standards and guidelines.

Security was not as big of a concern 10 years ago as it is today. Many older file servers are being overlooked, assumed to be secure – we’re all human right?

File servers are a convenient way for small to midsized businesses to store and share data, using centralized, shared folders for the various departments, home folders for user’s data and so on.

But the stored information is usually sensitive, containing personal information, HR & finance information, classified company information, archived emails, etc.

This makes file servers attractive targets for attackers, both external and internal; and if an attacker gains access to the server, that person could potentially hit a home run, and if you’re the guy in charge of security, chances are you’re going to have a few long and very bad days.

So, I provided a list of ways to tighten up security for your file servers, new and old, making them less vulnerable to attacks. And even if you secured your file servers already, you can use it as a checklist and reference.

# Physically Secure and Protect your File Server
If an intruder has physical access to a server, it provides that person with direct access to the server’s internal hard drives and the ability to reboot the server, or even walk out with the server and internal hard drives.

Servers are protected with software-level security and based on the security settings you have configured; the operating system software protects the filesystem.

Unfortunately, software-based security can easily be bypassed if you have physical access to the server, an intruder could reboot the server, install a new copy of the operating system and establish new access rules, granting themselves access to the filesystem.

When they have gained access to the filesystem they can extract the password file, containing user names and encrypted passwords, and with the right set of tools they can decrypt every single user password on the system.

Protect the BIOS and boot loader with strong passwords and configure your systems to only be bootable from internal hard drives to prevent intruders from starting your systems from removable media.

Protect control access to your servers by placing them in a physically secured datacenter.

# Disk Encryption  
Using a system such as Microsoft BitLocker or Symantec Endpoint Protection to encrypt your drives will protect the system and ensure that your files remain secure in the event of theft, or if replaced drives are discarded insecurely and someone tries to access the data.

Most encryption systems use the Trusted Platform Module (TPM), a microchip built into the server to store cryptographic information, such as encryption keys, and keep it secure from external software attacks and physical theft.

TPM ensures that the boot process starts from a trusted combination of hardware and software and continues until the operating system has fully booted and applications are running, protecting the keys used to encrypt the server’s storage devices and provide integrity authentication for a trusted boot pathway that includes firmware and boot sector.

Users can authenticate to the disk only on that specific server, locking the disk to the server hardware. Data cannot be extracted from the disk once it has been detached from the server, and that serves as a deterrent for attackers.

This was the first blog in the 3 part “File Server Security” blog series, I hope you found it informative and helpful.

Stay tuned for blog #2.