Open Shares

In my post last week, Share Permissions, I promised I’d write a follow up post on “open shares.” Open shares, in a nutshell, are folders that are accessible to all…
David Gibson
1 min read
Last updated February 22, 2022

In my post last week, Share Permissions, I promised I’d write a follow up post on “open shares.” Open shares, in a nutshell, are folders that are accessible to all (or pretty much all) of the people on the network. In the Windows world, these are folders are that are shared over the network via CIFS, and accessible to what are called “global access groups,” like Everyone, Domain Users, and Authenticated Users.

In order for a folder to be accessible to a global access group, its NTFS permissions must be set to be accessible by the group, and the folder must be shared or reside within the hierarchy of a share whose permissions are also accessible to the global access group.  For example, for a folder to be accessible, or open, to the Everyone group, the Everyone group must be on its access control list (ACL) with some level of access, and the folder and/or one of its parents must be shared so that Everyone has some level of share permissions. (See Share Permissions for an explanation of how sharing permissions work).

There are many possible combinations that can provide such open access—Everyone may be on the NTFS permissions while Authenticated or Domain Users have share access, Authenticated Users may be a child of another group that has either NTFS or share access, etc. No matter what the combination, the end result is that just about everyone in the organization has access to the data that resides in the folder, and the vast majority of the time that’s bad. To put it simply:

Open Shares = Bad

Unfortunately, organizations usually have lots of open shares on their servers and NAS devices, and often quite a few contain sensitive data. Using the native tools provided with Windows these shares are very difficult to find and even harder to fix. Once remediated, it’s also difficult to make sure these folders continue to stay locked down and new, insecure folders aren’t created.

The good news is that metadata framework technology now exists to identify and remediate open shares, prioritize which ones to remediate first based on exposure, content and activity, and make sure that no one who has a legitimate need for access gets cut off. Once open shares are eliminated, a metadata framework can automatically detect a relapse as well as any newly created open shares.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

fixing-the-open-shares-problem
Fixing the Open Shares Problem
I recently spoke with an IT administrator who had started a manual open share cleanup project—finding and locking down folders and SharePoint sites open to global access groups like Everyone,...
share-permissions
Share Permissions
In one of our recent posts, What About Individual Users on ACL’s? I mentioned that some organizations have opted for using Windows share permissions instead of NTFS permissions for file...
why-do-sharepoint-permissions-cause-so-much-trouble?
Why Do SharePoint Permissions Cause So Much Trouble?
SharePoint permissions can be the stuff of nightmares.  At Varonis, we get a chance to meet with a lot of SharePoint administrators and it’s rare that they’re not exhausted trying...
best-practices-for-sharepoint-permissioning
Best Practices for SharePoint Permissioning
SharePoint is Microsoft’s enterprise-class environment for sharing content: documents, presentations, spreadsheets, notes, images, and more. While SharePoint has many advantages over a raw file system in terms of content management,...