Open Shares

In my post last week, Share Permissions, I promised I’d write a follow up post on “open shares.” Open shares, in a nutshell, are folders that are accessible to all…
David Gibson
1 min read
Last updated February 22, 2022

In my post last week, Share Permissions, I promised I’d write a follow up post on “open shares.” Open shares, in a nutshell, are folders that are accessible to all (or pretty much all) of the people on the network. In the Windows world, these are folders are that are shared over the network via CIFS, and accessible to what are called “global access groups,” like Everyone, Domain Users, and Authenticated Users.

In order for a folder to be accessible to a global access group, its NTFS permissions must be set to be accessible by the group, and the folder must be shared or reside within the hierarchy of a share whose permissions are also accessible to the global access group.  For example, for a folder to be accessible, or open, to the Everyone group, the Everyone group must be on its access control list (ACL) with some level of access, and the folder and/or one of its parents must be shared so that Everyone has some level of share permissions. (See Share Permissions for an explanation of how sharing permissions work).

There are many possible combinations that can provide such open access—Everyone may be on the NTFS permissions while Authenticated or Domain Users have share access, Authenticated Users may be a child of another group that has either NTFS or share access, etc. No matter what the combination, the end result is that just about everyone in the organization has access to the data that resides in the folder, and the vast majority of the time that’s bad. To put it simply:

Open Shares = Bad

Unfortunately, organizations usually have lots of open shares on their servers and NAS devices, and often quite a few contain sensitive data. Using the native tools provided with Windows these shares are very difficult to find and even harder to fix. Once remediated, it’s also difficult to make sure these folders continue to stay locked down and new, insecure folders aren’t created.

The good news is that metadata framework technology now exists to identify and remediate open shares, prioritize which ones to remediate first based on exposure, content and activity, and make sure that no one who has a legitimate need for access gets cut off. Once open shares are eliminated, a metadata framework can automatically detect a relapse as well as any newly created open shares.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

fixing-the-open-shares-problem
Fixing the Open Shares Problem
I recently spoke with an IT administrator who had started a manual open share cleanup project—finding and locking down folders and SharePoint sites open to global access groups like Everyone,...
speed-data:-fusing-empathy-and-enterprise-with-illena-armstrong
Speed Data: Fusing Empathy and Enterprise With Illena Armstrong
Illena Armstrong shares her advice for future executives, discusses the importance of teamwork, and explains why empathy is powerful for leaders.
speed-data:-why-your-team-is-your-greatest-cybersecurity-tool-with-terry-inns
Speed Data: Why Your Team is Your Greatest Cybersecurity Tool With Terry Inns
The Group Director of Operations Support for Jacobs shares his insights based on years of experience in the field.
speed-data:-the-importance-of-asking-for-help-with-michelle-griffey
Speed Data: The Importance of Asking for Help With Michelle Griffey
Michelle Griffey, Chief Risk Officer for Communisis, shares the importance of asking for help and how the widespread adoption of AI is a good and bad thing.