Categories ArticlesSecurity

Cybersecurity 101: Close the door on open network shares

Cybersecurity is one of the major issues organizations face these days. While organizations spend precious IT dollars to ensure business services are operating normally in case of any disaster, they often fail to pay attention to the controls and mechanisms that are required to protect business assets from insider threats. Every organization has deployed highly available IT infrastructure to ensure business interruption is minimized in the case of any disasters. While you can implement highly available infrastructure to minimize interruption in the business services and make sure business services are available in case of disasters, you cannot prevent cybersecurity attacks unless you work on cybersecurity methods and mechanisms. Open network shares, for example, have become targets of attackers who under the right circumstances can load them with ransomware and encrypt files. But the real threat with open network shares is a current or past rogue employee who can find and steal important company data.

While it doesn’t take much effort to avoid risks related to cybersecurity, it’s an effort that must be made. When it comes to working on cybersecurity for your organization, your first task is to implement the necessary policies, controls, and mechanisms to detect and prevent threats. While you can take necessary steps to ensure company information is not stolen or is not taken out of the company premises, your efforts cannot ensure that all information is protected from every insider threat unless all security protocols and standards are followed. You will be required to follow a steady cybersecurity approach to ensure your organization is protected from both nontechnical and technical threats.

The damages that a threat can cause to your organization is painful, and you can lose business if not protected. We have written this article to help you understand why it is important to search for open network shares on every computer that is joined to the Active Directory. We also provide a PowerShell script that can be used to search for open network shares so you can take appropriate action.

Gaining access to open network shares

Any employee who has access to the IT environment and has a username and password to log on to the systems can gain control over the systems. For example, an employee who is a domain admin can gain access to the Active Directory environment, which, in turn, allows them access to valuable information. Similarly, any employee who works on valuable company information can copy data to a USB stick and have it distributed for monetary purposes.

If a user gets a new role in an organization and if the user is a qualified IT expert, they can easily search through the entire network or Active Directory to find systems that host company data such as servers hosting company documents and network shares to which everyone has been assigned full control permissions. For example, an attacker can run a PowerShell script that can check for network shares that are open and then try to steal or collect information from these network shares. Once an attacker obtains this information, it becomes easier to copy the data from the network shares. This PowerShell script can check how many network shares are open on a given computer.

$TestCSVFile ="C:\Temp\NetworkShares.CSV"
Remove-Item $TestCSVFile
$STR = "Computer Name, Total Shares, Final Status"
Add-Content $TestCSVFile $STR
$CompList = "C:\Temp\Computers.TXT"
$AnyGap = "No"
ForEach ($Computer in $CompList)
{
$TotalShares=Get-WmiObject -class Win32_Share -computer $Computer
$TotSCount = $TotalShares.Count
$FinStatus = "Ok"
IF ($TotSCount -ne 0)
{
$FinStatus = "This computer has $TotSCount Please check."
$AnyGap = "Yes"
}
$STR = $Computer+","+$TotSCount+","+$FinStatus
Add-Content $TestCSVFile $STR
}

IF ($AnyGap -eq "Yes")
{
$TestText = " "
$SumVal = ""
$TestStatus="High"
}
else
{

$TestText = " "
$SumVal = ""
$TestStatus="Passed"
}

Once the script has finished executing, you will have a report generated under C:\Temp\NetworkShares.CSV, which contains the computer name and the total number of network shares as shown in the screenshot below.

The above script was retrieved from DynamicPacks IT Scanner, a tool designed to perform cybersecurity assessment in production environments. The DynamicPacks IT Scanner can perform 45 cybersecurity checks and generate a report with affected objects. All you need to do is create an assessment profile and add all Cybersecurity Dynamic Packs. Once you have a report on the affected objects you can take action to prevent data loss in your company.

Featured image: Freepik / Business photo created by bedneyimages

Nirmal Sharma

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

Share
Published by
Nirmal Sharma

Recent Posts

Managing Azure VMs with System Center Virtual Machine Manager

You may not know it, but System Center Virtual Machine Manager can be used for…

15 hours ago

Best and most secure VPN services for small businesses

As we adjust to a new remote work culture due to coronavirus, a secure VPN…

18 hours ago

Exchange security: Get your SPF, DMARC, and DKIM records in place

Every Exchange admin lives with the constant fear their system will be breached. Having SPF,…

21 hours ago

GE data breach exposes thousands of employee records

A GE data breach exposed a hacker’s treasure trove of employee records, including Social Security…

2 days ago

Getting speed and consistency using Linux text editors and console

Ready to go back to the future? Here’s a look at some Linux text editors…

2 days ago

Amazon GuardDuty unveils new, lower pricing tiers

The Amazon GuardDuty threat-detection service has unveiled some lower price tiers, which will be especially…

2 days ago