 |
mgookin
Registered: Jan 2008
Posts: 1388 |
09-27-12 02:46 AM
Hello smart people:
I'd like to put a file server on my network but there's no need for it to ever connect to the internet or do anything other than be accessible to people on the internal, hard wired network. I want it as secure from outside intrusion as possible.
Should I go into Services and disable everything, or use the firewall to block all ports, or both, or something else?
Thanks in advance.
|
| |
|
Edit/Delete • Quote • Complain |
mcassman
Registered: Jul 2009
Posts: 1 |
09-27-12 03:14 AM
Your server, while on the inside network, is still vulnerable to the perils of your users.
Users have a tendency to unwittingly click on advertisements and open email attachments from anyone if it says "funny" on the subject line.
You will want to install an A/V program written to be run on file servers like Symantec Endpoint Protection - Corporate Edition. This same program should be on all of your workstations and monitored daily for a/v activity.
You will want a properly grounded UPS. Some type of removable/offline media for backups and even offsite, encrypted, backups for the mission-critical files. It should be physically secured... you don't want the cleaning-help to pull the raid drives out and walk away.
There is so much more. Can anyone else help us out here ?
Mike C.
Chicago Traders Group
|
| |
|
Edit/Delete • Quote • Complain |
WinstonTJ
Registered: Jan 2009
Posts: 1947 |
09-27-12 11:59 AM
OS?
Hardware?
Is this a NAS/SAN or is it a real file server? If this is a Windows environment (which I assume it is) are you on a Domain or Workgroup?
This is a lot of what I do for a living; giving access to only the people that you want and keeping the riff-raff out. Keeping everyone out isn't that hard, granting secure access without back-doors and loopholes can be a bit of a challenge.
|
| |
|
Edit/Delete • Quote • Complain |
mgookin
Registered: Jan 2008
Posts: 1388 |
09-29-12 05:38 PM
Quote from WinstonTJ:
OS?
Hardware?
Is this a NAS/SAN or is it a real file server? If this is a Windows environment (which I assume it is) are you on a Domain or Workgroup?
This is a lot of what I do for a living; giving access to only the people that you want and keeping the riff-raff out. Keeping everyone out isn't that hard, granting secure access without back-doors and loopholes can be a bit of a challenge.
I have not dedicated any hardware to being the file server so I can't answer the first question. Our network consists of a cable modem going into a 24 port Cisco switch. Everything hard wired; no wireless anything (not even a printer).
Looks like from the responses it's unreasonable to expect complete security so that will just determine what does and does not go on it. I'll just connect any old box, put a fresh RAID array in it (or maybe multiple arrays) and give network access to those who need access. I'll probably still go into services and the firewall and nuke everything that does not nuke the ability to access the drives from the internal network.
As always, thanks very much for the responses.
|
| |
|
Edit/Delete • Quote • Complain |
mgabriel01
Registered: Oct 2007
Posts: 975 |
09-29-12 06:26 PM
Quote from mgookin:
Hello smart people:
I'd like to put a file server on my network but there's no need for it to ever connect to the internet or do anything other than be accessible to people on the internal, hard wired network. I want it as secure from outside intrusion as possible.
Should I go into Services and disable everything, or use the firewall to block all ports, or both, or something else?
Thanks in advance.
Secure (lock door) physical space
Closet etc
keep it cool -
back it up every day
|
| |
|
Edit/Delete • Quote • Complain |
oraclewizard77
Moderator
Registered: Jan 2006
Posts: 2290 |
09-29-12 09:00 PM
I would suggest using a Novell or Unix file server. The best way to prevent infection is with a non Microsoft operating system. So if your Windows computer gets infected, it will not bring down the file server.
That said, you want to have your whole network behind a firewall, and have anti-virus running on all your Window's computers.
As previous stated, you should have RAID IV on the file server plus a tape backup system.
There is no point on running anti-virus on your file server if you don't run the Microsoft operating system. You don't want to slow down the file server. The file server should also have a 1 GB network card connected to a 1 GB port on the network switch.
You also want to have a UPS connected to the server.
|
| |
|
Edit/Delete • Quote • Complain |
| Receive
an email whenever a new post is added to this thread by subscribing
to it. |
|
|
|
|
