Shulou(Shulou.com)06/01 Report--

Now many units have file servers, and they often share files for local area network users to access. So, how can we protect the security of shared folders in the local area network?

Now many units have file servers, and they often share files for local area network users to access. However, for most network administrators, server sharing file management has always been a thorny problem. On the one hand, we must set up server file sharing to facilitate resource sharing and collaborative work; on the other hand, we also need to protect the security of server shared files, after all, many shared files are intangible assets and trade secrets of enterprises. Once leaked, it will bring serious losses to the enterprise, and even threaten the sound operation of the enterprise.

So, how can we protect the security of shared folders in the local area network? this needs to be achieved by the following means:

Method 1: record the shared file access log and see who is accessing my shared file in real time.

Sometimes, I share a file on Windows XP's computer. Maybe, for some reason, we need to know who is accessing this file now. For example, sometimes, when we turn off the computer, the system will indicate how many users are connected to this shared folder. We need to know which users they are, and how can this be achieved? In fact, this is relatively simple, we can use the built-in features of the operating system to achieve.

You can follow these steps.

Step 1: open Control Panel, Administrative tools, computer Management (Local), system tools, and then select shared folder. Double-click to open this option, and in the window on the right, it will show which computers are accessing your computer. However, in this window, you can only see which computers are connected to your computer, and you don't know which shared files they are accessing.

Step 2: select system tools, share folders, and open files. At this point, some shared resources on this computer and which computers are being accessed will be displayed in the window. At the same time, some useful information is displayed in this window, such as which shared file it opened, when the access started, and how much time it has been idle. That is, as long as it opens a shared folder, it will be displayed here, even if it does not open the shared file.

In addition, we may sometimes do so for some purpose, such as the employee may think that this person cannot access this file. At this point, we can right-click the session and select close session from the shortcut menu. We can prevent this user from accessing the shared file without affecting the normal access of other users.

This function is sometimes very useful. As we all know, there is a maximum number of XP system access connections. Sometimes employees will reflect, why can't I ask you about your shared files? When we look at it, it turns out that the number of connections has reached the upper limit. At this point, we can find out how many users are connected to my computer in this way, and then we can disconnect some users who do not need access and connect those who need access.

Method 2. When setting access permissions for shared folders, important shared files are set to read-only.

Most of the time, users only need to view or copy the shared file, and often do not make direct changes on the shared folder. However, for the sake of convenience, some employees directly share certain folders and files in a read-write way. This is very dangerous.

On the one hand, these unrestricted shared files and shared files have become the carriers of virus transmission. In my work, the author found that some users have no permission restrictions when sharing files. After a while, look at the shared file and find that there are viruses or traces of viruses or * * in some shared files or folders. It turns out that because this shared folder has write permission, how do other users open this file, if there happens to be a virus or * * on this computer, it will infect the shared folder. As a result, other computers that access this shared folder will also be hit. It can be seen that the unprotected shared folder and the shared files inside have become a good carrier for the spread of the virus.

Although the relevant log information can be used to find out who has accessed the shared file and whether the action has been changed. However, with this information alone, it is not possible to know what changes the user has made to the shared folder. Sometimes, when we open a shared file, we accidentally press a space bar or a character key, accidentally overwrite a word, and so on. Therefore, when the shared file is made writable, it is difficult to prevent employees from making changes intentionally or unintentionally.

Third, the consistency of data may not be guaranteed if files are shared in a writable way. For example, the personnel department shares an attendance document in a readable and writable way. At this point, if the finance department modifies the document, and the personnel department does not know. Because the financial staff may have forgotten to tell the personnel department, at this time, it will lead to data inconsistency between the two departments, which may cause some unnecessary trouble. Moreover, in the absence of relevant evidence, it is not clear who is right and who is wrong.

To solve these problems, I suggest that when sharing a folder, it is best to set the permissions of the folder to read-only. If this shared folder sometimes requires other users to save files in this folder, it cannot be set to read-only. Then we can also set the files in the shared folder to read-only. In this way, because the folders are read-only, viruses and * * will not be able to infect these folders so as to avoid becoming a source of pollution for spreading viruses, and it can also prevent unauthorized changes by users. resulting in data disunity, and so on.

In addition, if the enterprise's shared files are managed by various user terminals, there is a problem that users have different familiarity with sharing operations or different security concepts, so, it is difficult to deploy a unified file sharing security policy. For example, for shared files scattered on the user host, employees generally do not back up them regularly to prevent timely recovery due to accidental damage, and generally do not set specific access rights, such as allowing only some specific employees to access, and so on. Because of these operations, on the one hand, it may require some professional knowledge, on the other hand, it is more cumbersome to set up enterprises. Therefore, even if we have a relevant system, it is generally difficult for employees to comply with it.

Therefore, it is recommended that in some conditional enterprises, deploy a file sharing server to uniformly manage shared files. If this strategy is adopted, it has the following advantages.

First, the shared files can be backed up regularly, so as to reduce the loss caused by accidental modification or deletion. If we can put all the shared folders on the file server, we can back up the files on the file server regularly. In this case, even if the files are accidentally modified or deleted because of unreasonable permission settings, sometimes employees themselves will inadvertently delete files that should not be deleted, and when we encounter this situation, we can restore jobs through files and restore the original files, so as to reduce these unnecessary losses.

On the shared file server, we can pre-set some folders and set specific permissions in the file service according to the needs of each employee. In this way, the files placed in the shared file server automatically inherit the access rights of the file server folder, thus achieving the purpose of unified management of file access rights. For example, for some administrative notification files that can be accessed by the whole company, we can set up a notification folder, which only administrators have read and write access, while other employees only have read-only access. Therefore, the unified management of shared folders can save users the trouble of setting permissions each time, so as to improve the security of shared files.

Although the above measures can play a certain function of shared file security management, but through the operating system to set shared file access rights is relatively extensive, can not achieve accurate control. For example, even if you set the shared file "read-only", after the user opens the shared file, you can still copy the contents and paste them to the local disk, so that you can easily save the shared file privately; at the same time, if you give the user access to modify the shared file, the user can accidentally or deliberately delete the shared file, which brings great risk to the security of the shared file. In addition, after opening the shared file, the user can also save it as a local disk, thus also achieving the purpose of leaking and stealing the shared file. In this case, it needs to be realized with the help of some LAN sharing setting software.

For example, there is a "general trend to LAN shared file management system", after installation on the server, you can automatically scan all shared folders, as well as all accounts on the server, and then select a folder, select the appropriate account, check the appropriate access permissions, to achieve the shared file access settings, the operation is extremely simple. Through this system, only reading shared files and forbidding copying shared files, only modifying shared files and forbidding deleting shared files, only opening shared files and forbidding saving as local disk can be realized. At the same time, dragging shared files, printing shared files and deleting shared files can be prevented.

At the same time, through the general trend to the shared file permission setting software can also record the log of LAN users accessing shared files in detail, which is convenient for administrators to check and audit afterwards.

In a word, the sharing file management of enterprise local area network and the setting of file sharing authority of server is an important work of enterprise network management. Properly managed, it will greatly facilitate local area network file storage and collaborative office, to facilitate better work; and once the management side is improper, it will bring greater risks to the enterprise and affect the sound operation of the enterprise.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.