Security, Networking infrastructure, Servers
Best Practices for Windows File Server Auditing
Top 8 For Starters
#1 Best Practice: Decide What Audit Policies You Need
Do you want to know when someone accesses or viewing a file? Do you want to know when someone is copying files from the server to their local computer? Do you want to know if someone is not putting their locally created files on the shared server? Do you want to know when there is unusual activity within your network or computers? These are the types of questions you need to answer to determine your audit policies.
#2 Best Practice: Before Starting, Decide Where Audit Data Will Be Stored
Audit policies will collect lots of auditing data. You need to decide where you want all the data stored. Data can be stored on the file server, another server, or even in the cloud.
#3 Best Practice: Decide Who Will Have Windows Audit File Access
There is no value in collecting audit policy data if you will do nothing with it. You need to decide who will have Windows audit file access to not only review the data but to analyze it.
#4 Best Practice: Calculate Your Audit Data Storage Requirements
Audit data will take up a lot of disk space, depending on the size of your organization and what audit policies you put into place. For example, if you want to monitor each time an employee accesses a file on the Windows file server, new audit data will be generated for every single time. So, if an employee opens 100 files daily, then you will have 100 new audit data saves.
#5 Best Practice: Test Your File Server Auditing Policies
Before a mass rollout of new file server auditing policies, you must test them in a smaller group. Knowing how the policies will affect server performance, individual computer performance, and how much space the audit data will take up is very important
#6: Best Practice: Decide What Audit Policies Are Needed for Actual Compliance
Certain types of businesses may need to create audit policies to be compliant with various requirements, such as HIPAA, ISO, SOX, etc. Your audit policies will help you meet compliance, as well as provide the necessary data if you are audited by the respective compliance agency.
#7 Best Practice: Limit Who Access Your Files and Folders on the File Server
One mistake some companies make is not creating audit policies that limit user access to files and folders on the file server. Make sure that employees only have access to the folders and files they need to do their job duties.
#8 Best Practice: Use Windows Server Audit File Access Monitoring Tools
There are Windows server audit file monitoring tools and apps that make it much easier to monitor your file server. These applications are designed to make it easy for professional services groups like Epoch Online or larger companies to generate and maintain the type of reports, analysis of audit data, automated lockup policies, etc.
If you would like to discuss security or auditing with someone who is concerned with small and large business success, please feel free to contact Eric Smith at Epoch Online. All initial conversations or consultation are FREE.