Data is probably the most important asset in any organization, and so regular auditing of accesses made to files and folders stored on computers is an essential task.
When setting file server permissions, you are specifying what users are allowed to do within a folder, such as save and delete files or create a new folder, so it is essential that file server permissions are carefully applied to provide appropriate access to content and that they are monitored on a regular basis.
The regular tracking of file server permission changes is crucial to ensure the safety of critical data and to meet the increasing obligations of regulatory compliance. Unapproved changes can lead to unauthorized access and ultimately data leakage. IT security teams must, therefore, track permission changes to know who changed a permission and when.
Why Compare Permissions in File Server?
Comparing file server permissions between two dates in time can be useful for an IT or security team for several reasons:
- Security Audit: It allows the team to conduct a thorough security audit by identifying any changes in file server permissions over time. By comparing permissions between two dates, they can detect any unauthorized modifications that might have occurred, such as unauthorized access, privilege escalation, or changes made by malicious actors.
- Compliance Requirements: Many industries and organizations are subject to regulatory compliance requirements, such as HIPAA (Health Insurance Portability and Accountability Act) or GDPR (General Data Protection Regulation). Regularly comparing file server permissions helps ensure compliance by tracking and documenting any changes that might affect the security and confidentiality of sensitive data.
- Change Management: In large organizations, file server permissions are typically managed by multiple administrators or teams. Comparing permissions between two dates helps track changes made during different phases of a project or during system upgrades. It allows the team to analyze the impact of those changes, troubleshoot issues, and roll back any unauthorized or problematic modifications.
- Incident Investigation: If a security incident or data breach occurs, comparing file server permissions between two dates can be crucial for forensic analysis. It enables the team to identify if any permissions were altered or misused, aiding in understanding how the incident happened and who might be responsible. This information is valuable for remediation, strengthening security measures, and preventing future incidents.
- System Integrity: Comparing file server permissions over time helps ensure the integrity of the system and data. It allows the IT team to identify any inconsistencies or unexpected changes that might be indicators of unauthorized activities, system errors, or vulnerabilities. Regularly monitoring and comparing permissions helps maintain a stable and secure file server environment
Can You Compare Permissions in File Server Natively?
Historic permissions analysis is something that is not possible to do using native tools for File Servers, but it can be achieved using the Lepide Data Security Platform.
How to Compare File Server Permissions with Lepide
The Lepide Historic Permissions Analysis Reports allow you to list historic permissions for a specified date range and compare permissions between two dates. These reports can be generated for File Server, Active Directory and Exchange Server and here, we will look at the File Server Analysis Report.
File Server permission analysis displays the historical changes made in the permissions of File Server objects. The Lepide Solution allows you to compare the permissions for the selected objects between two date and time intervals. You can also save separate reports on Permission History and Compare Permission in PDF, MHT or CSV formats.
Here is an example of the File Server Analysis Report:
In this example, the dates are both 5/3/2023 but the times are different. They are 2.39 pm and 2.43 pm.
The report shows the permissions that have been changed between those times and who has changed them.
Permissions are color coded for clarity and are as follows:
- Green – permissions have been added
- Red – permissions have been removed
- Blue – permissions have been modified
The File Server Analysis Report is straightforward to run:
- From the Permission and Privileges screen, choose Historic Permissions Analysis, File Server Analysis
- Select a date range and click Generate
- Expand the relevant folder to see Permission History
- To see the comparison between two dates.
- Click the Compare Permission tab
- Select the First Date/Time and the Second Date/Time and click Compare
- The permissions comparison data will be displayed