Role-based access control and audit logging — essential layers of network and data security.
Permissions are absolutely essential for the security of any network. In server-based networks, permissions come in many flavors:
The beauty of server-based networks lies in streamlined organizational tasks and centralized control over user permissions. It is very convenient to assign necessary access levels based on each worker's role. An accountant gets full access to financial data but restricted access to graphic files or IT documentation. A graphics designer shouldn't have access to sensitive legal documents or payroll information.
Typically, administrators define Groups of employees and assign specific rights to those Groups based on their organizational role. This one-time setup makes adding and removing personnel convenient without per-user customization.
In a law firm, a paralegal might need to read all correspondence of a lawyer and send mail on their behalf. Within an Exchange server, this is accomplished with a few clicks in Outlook options. The paralegal can handle a variety of tasks from their desk without asking the lawyer to forward emails or running around for printed copies.
For an Extranet or company website, managers might need permissions to publish announcements and manage calendar events, while regular employees only need reading permissions. Everyone must be able to upload files to a document library without accidentally deleting others' files. SharePoint and open-source solutions like eGroupware or Joomla provide this functionality.
What happens when someone tries to perform an unauthorized action? Beyond simply denying the action, it's often critical to monitor such activity. Auditing helps organizations avert security breaches — internal or external.
For example, an employee trying to access a restricted data folder would be logged when auditing is enabled. Website administrators routinely find hackers probing for vulnerable web scripts and security holes. Log files are the “surveillance cameras” of IT security.
Once an administrator discovers a threat, corresponding action can be taken: introducing a new firewall rule, disciplining policy violators, or tightening permissions around vulnerable resources.
Manual log analysis is extremely difficult due to both the technical complexity and sheer volume of data. Log-analysis software solutions such as Sawmill can process millions of log-file lines and create reports that highlight potential security threats, saving administrators enormous amounts of time.
Let our experts set up proper permissions and auditing for your server network.