Monday, May 30, 2011

Making network shared folder security easy

Problem: Network Attached Storage (NAS) is great for keeping backup copies of vital data, or sharing files and folders between users. But how do you secure it, especially if (like me) you want access to your company server over the Internet, while keeping the bad guys out?

Solution: Use operating system capabilities to make your life easier. The options are pretty well hidden, but here's what worked for me:
  • Use the control panel software that comes with your NAS to secure a user's folder with a username and password combination. You can probably set a quota for how much disk space each user gets; and set up sharing groups so departments have shared storage; and more...

    NAS devices like the World Book Series II from Western Digital or similar devices from Iomega are aimed at the SoHo market, but are actually mini-servers. They probably run a version of Linux, but hopefully your supplier has hidden that complexity from you!

  • I'm using a Windows 7 Pro. computer to access the folders across my LAN. (There's a similar option within Windows Vista Pro.) Both the computer and the NAS are part of the same 'workgroup.' (We're not using the more complex Domain control.) These steps make life easy:
    • From the Windows Start menu, select Control Panel
    • Select User Accounts and Family Safety
    • Select Credential Manager
    • Under the option Windows Credentials select Add a Windows credential
    • Enter your NAS device name (e.g. \\Storage), Username and Password and OK
    • When you next re-boot, Windows will automatically authenticate you to the NAS
Outcome: This simple configuration step makes life so much easier - you just sign in to your computer with your Username and Password when it starts and, as soon as you're connected to your network, you have immediate access to all your private files and folders, without being interrupted with a request to verify who you are. Of course, the implication is that all your files and folders are immediately accessible to anyone who walks up to your un-attended PC so, if that matters to you, press the Windows key+L before you walk away!

What else?
  • Next, I use the Windows capability to synchronize offline files. This means that I can keep a copy of selected folders from the NAS on my own computer. I can work on the files, whether I'm connected to the LAN or not; and the files get synchronized together whenever the computer is back on the network. It's like having yet another copy of key information. I can work on those files from anywhere, even without a network connection, but they 'properly' belong on the LAN storage where the NAS keeps them secure.
  • The NAS has two large disk drives that automatically make a mirror copy of each other. And there is software on the computers that automatically makes a backup copy of crucial user files, over the LAN to NAS. Finally, I have a second NAS that I connect to the LAN from time to time and use the Microsoft RichCopy tool to mirror contents from the main NAS to the secondary one. Then the second NAS gets moved to off-site storage that we control in case of fire or theft at the main location. We keep similar off-site copies on encrypted Internet-accessible server storage space in the 'cloud.'
Get more like this