File Share "Surfing"

Regularly “surfing” through file shares with an account that has the least privilege can be an eye-opening exercise for network administrators and management. As employees come and go, and your environment changes over time, permissions and access to files and folders may have changed with unexpected or unwanted results.

As 10-D Security IT auditors, we often find that users have access to much more than management would consider acceptable. We recommend establishing an internal audit process to regularly monitor and test permissions to verify that access to confidential and sensitive information is appropriate and aligned with employees' job duties.

One method to test access is to create a user account in Active Directory with the least permissions possible and use this account to attempt to open network shares, folders, and files. If this account can access a file, then it is likely that every user can access the file. At that point you can determine if that is appropriate or desired.

To efficiently surf through your file shares, it is useful to have a report of all file shares. When 10-D Security performs an IT audit, we use a tool that scans your network and lists the available file shares. If you are a client, we leave a copy of the tool with you to have and use forever. Otherwise, you can find other tools available online that provide similar reports from reputable solution providers.

Once you have the least privileged account and the file share report, spend some time digging in. This may take time and you will probably need some feedback from the managers of various business units to identify sensitive information but often it can be obvious (HR, payroll, board reports…)

Also, an added benefit to restricting access to only necessary files/folders is that it can reduce the potential impact of cyber-attacks such as ransomware, which will typically encrypt all the files that the initial victim user can access.

After identifying the issues, you will have to start your change management process to properly restrict access. Overall, regularly auditing your file shares with a least privileged account is an important process to improve your data confidentiality, integrity, and availability.

Authored by: David McCabe, MBA, ISC2 CC