The most valuable and needed data in your organization is probably being held in the Active Directory (AD for short), databases, and on file servers. When securing the AD, we often pay a lot of attention to it, however, file servers should also be properly secured. Hence, in this article, you will be able to read about the tips from keeping your file servers secured and protected. Let’s take a look at the tips:
1. Physical security
Do not let anyone walk out the front door with your file server. However, the file server threat is not the only security risk. Once a hacker gets physical access to the server, the security controls that you put in place can be more easily bypassed.
2. Upgrade to Windows Server 2019
Windows Server 2019 has the newest and best security protections built-in, with features like Device and Credentials Guard that can use VBS (Virtualization-Based Security) to be more efficient against common attacks.
3. Microsoft security baseline
You should apply Microsoft’s baseline security setting for Windows Server 2019. There are literally thousands of setting that can be configured, hence allow Microsoft to do the hard work of deciding which features should be enabled, and which ones should be disabled. Microsoft has already suggested disabling the Server Message Block (SMB) v1 protocol that is vulnerable to attacks.
4. Enable BitLocker
You should encrypt all server disk volumes. Even if the file servers are physically secured, BitLocker encryption will add more protection if the physical security protocol fails or if the hard drivers are not properly disposed of.
5. Randomize and store local admin passwords
According to the experts from DeVeera, you should make sure that your local administrator password on the file server is unique, changed often, and stored properly. You can use Microsoft’s Local Administrator Password Solution (LAPS for short) to automatically randomize the passwords on the servers and store them properly in AD. Also, keep in mind that you should not forget about other security strategies, such as restricting the use of domain administrator accounts to DCs or using least privilege.
6. Block Internet access at the perimeter firewall
Generally, file servers do not need access to the Internet. You should restrict access to required websites, such as Microsoft’s update servers if you do not have WSUS (Windows Server Update Service) available on your business Internet.
7. Keep permissions simple
You should plan how you will grant permissions to share files. Keep in mind that you should keep it as simple as possible, and plan access based on the roles of the users in your company. Ass ACLs to folders and keep file share permission always set to Authenticated Users which is like Everyone, but without the built-in security accounts like service, local service, and network service.
8. Have a tested backup
Lastly, it is absolutely necessary to have a secured and tested backup plan. If the security controls fail to protect your important data, you will want to be able to recover your assets and data without any problems or difficulties.
As you were able to read, these 8 tips will definitely make your Windows file servers safe and protected. Hence, do not waste any more time and start implementing some of these tips (if not all) within your organization.