Microsoft Small Business Server 2003 Unleashed
There are two emphases in protecting data inside your network. The first is protecting data from outside intruders; the second is protecting data from inside intruders. Protection of data from outside intruders includes all that has been previously discussed in the chapter, as well as one more key element: ensuring that the data you need to protect is not kept on the desktop. Built into SBS 2003 is a My Documents redirection that places the data on shared folders on the server. But what about protecting data from unauthorized access inside the network? The best protection for this risk is to follow the best practice of allowing access to the data only to those persons who need access. Thus only allow that user/workstation the bare minimum permissions it needs to access the data on the network. The next concern that invariably comes up is the risk of external drive or device access. USB thumb drives have recently come under attack as a security issue, yet the risk from unauthorized retrieval of data is no different from floppy disks, MP3 players, cell phones with memory chips, emailing documents, faxing documents, or, in the case of Fawn Hall, stuffing documents down pieces of clothing and walking out of the office with them. For all these threats, the countereffort must be weighed with the loss of business agility. Block CD-ROMs and USB thumbdrives in a small office, and you may restrict a key business process that the company uses to obtain external data. Although there are solutions such as Windows Right Management Services that will allow you to restrict emails or documents to be only opened by certain parties, the reality is that you cannot prevent an "analog attack" on your digital documents. Your best prevention for that attack is written security policies and educated end users. |
Категории